Privacy Policy

Effective: December 2, 2025

I. Preamble and Scope

This Privacy Policy explains how Aminoka Studio ("we", "us"), based in Paris, France, collects, processes, and protects personal data on the Aminoka platform (the "Service"). We act as data controller under the GDPR (Regulation EU 2016/679). By using Aminoka you consent to the practices described here.

II. Personal Data We Collect

A. Information you provide

Account credentials supplied via federated identity providers (Google OAuth, Apple Sign-In) — your name and email address. Profile details you choose to add — bio, avatar, link in bio. User content — posts, comments, messages, images. Community membership and participation metadata.

B. Information collected automatically

Technical telemetry necessary to operate the Service: device type, OS version, app version, IP-derived country (we never store raw IPs in plaintext — they're salted+hashed at the auth boundary), and minimal in-app analytics (page views, action counts).

III. Legal Basis for Processing

Performance of contract — providing the Service you signed up for.
Legitimate interest — securing the platform, preventing abuse, anti-spam.
Consent — optional personalization and email notifications you can revoke at any time.
Legal obligation — responding to lawful requests from authorities.

IV. How We Use Your Data

To create and operate your account.
To deliver the core platform: feed ranking, notifications, search.
To detect and prevent abuse, harassment, and fraud.
To respond to support and legal requests.
To improve the Service via aggregated, non-identifying analytics.

V. Disclosure and Third Parties

We do not sell personal data. We share strictly limited data with infrastructure providers under data-processing agreements (Cloudflare for hosting and storage; Resend / Mailgun for transactional email; Apple, Google for OAuth identity verification). When legally compelled we may disclose data to authorities — we will notify affected users unless prohibited by law.

VI. Your Rights

Under the GDPR you may exercise the following rights at any time from your account settings or by emailing privacy@aminoka.app:

Right of access — request a copy of your personal data.
Right to rectification — fix inaccurate or incomplete data.
Right to erasure (right to be forgotten) — delete your account and personal data.
Right to restriction — pause processing of your data.
Right to portability — export your data in a machine-readable format.
Right to object — opt out of certain processing activities.
Right to withdraw consent — for any consent-based processing.

VII. Security

Data is encrypted in transit (TLS 1.3) and at rest. Session tokens are JWE-sealed with HKDF-derived keys. Access to production systems is restricted, audited, and tied to individual SSO accounts. We follow the principle of least privilege.

VIII. Account Deletion

A. Data that will be deleted

Your profile (name, avatar, bio, links).
All posts, comments, and uploaded media you created.
Your private messages.
Your community memberships and notification preferences.

B. Data that may be retained

For legal and abuse-prevention reasons we may retain a minimal, anonymized footprint of your account (hashed email + ban/report history) for up to 12 months after deletion. After that window all residual records are permanently purged from production storage.

IX. International Data Transfers

Aminoka operates from the EU. Some processors run globally — when data leaves the EEA it does so under standard contractual clauses (SCCs) approved by the European Commission, with supplementary safeguards.

X. Child Safety

A. Age requirements

Aminoka is intended for users aged 13 and older. We do not knowingly collect data from children under 13. Accounts found to be underage are removed.

B. Prohibited content

CSAM, grooming, sexual content involving minors, and any related material are zero-tolerance. Detection combines automated content classifiers with human review. Confirmed violations result in immediate account termination and referral to law enforcement.

XI. Cookies and Local Storage

We use a single first-party HttpOnly session cookie for authentication and a small number of localStorage keys for UI preferences (theme). We do not run third-party advertising trackers.

XII. Changes to This Policy

We may update this policy as the Service evolves. Material changes will be highlighted in-app and on this page. Continued use of Aminoka after an update constitutes acceptance.

XIII. Contact

Questions, requests, or complaints? Reach our Data Protection contact at:

Aminoka Studio — Privacy Paris, France
Email: privacy@aminoka.app

You also have the right to lodge a complaint with the French data protection authority (CNIL).