Privacy Notice

Version 2.2 · Effective 13 April 2026 · Last reviewed 11 May 2026

This Privacy Notice explains what personal data Akwa collects, why it is collected, which providers help operate the service, and what choices you have. The current version is always available at akwa.design/privacy.

Akwa B.V. is committed to cultural integrity in every design, support for the tailors and makers who turn designs into garments, and rigorous protection of customer data, creative work, and consent, in line with Dutch and EU law.

1. Who controls your data

Akwa is operated by Akwa B.V., a Dutch besloten vennootschap incorporated in Rotterdam and registered with the Kamer van Koophandel under KvK number 42056851. Akwa B.V. acts as the controller for the personal data described in this notice.

Contact: support@akwa.design

2. Personal data we collect

Akwa collects account data (email, authentication identifiers), design content you create (briefs, prompts, tailor instructions), payment metadata via our payment providers, optional Akwa Mirror photo uploads (only with consent), and operational telemetry needed to run a reliable service. For each category, Akwa records the legal basis (contract, consent, legitimate interest, legal obligation) for processing.

When you generate a design, the prompts you write, the silhouette / fabric / origin choices you make, and any reference images you upload are sent to Anthropic (Claude language models), Google Vertex (Imagen 4 image generation), and fal.ai (Nano Banana Pro and IDM-VTON virtual try-on) so those providers can return the design output. Each operates under its own privacy notice and contractual safeguards described in section 3. Akwa does not use your inputs to train external AI models.

3. Providers and recipients

Akwa relies on specialist providers for authentication, hosting, payments, email, analytics, error monitoring, LLM processing, and image generation. We only share data that is necessary for those services to work.

Key processors include Supabase (auth, database, storage), Vercel (hosting, web analytics), Sentry (error monitoring), Resend (transactional email), Stripe (one-off purchases including books and Postcards Passport), Paystack (Nigerian Naira payments), PayPal (EUR / USD payments), RevenueCat (iOS subscriptions), Apple App Store and Google Play (mobile billing), Anthropic / Google Vertex (LLM and Gemini Vision processing including photo-safety checks) / fal.ai (image generation and Try It On Me virtual try-on). Each operates under its own privacy notice and contractual safeguards.

If you buy through the App Store or Google Play, Apple or Google also process payment details under their own terms and privacy notices. Akwa generally receives transaction status, product identifiers, and fulfilment metadata rather than full payment card details.

4. International transfers

Akwa's primary database, authentication, storage, and edge functions are hosted on Supabase in the European Union (West EU / Ireland region), so most user data stays within the EEA at rest. Vercel hosts the web frontend and serverless API routes globally. Anthropic, Google Vertex, and fal.ai are US-based providers; Resend, Sentry, and PayPal operate internationally; Paystack operates primarily in West Africa.

Where personal data is transferred outside the EEA or UK, including the routing of design prompts and reference images to AI providers based in the United States, Akwa relies on Standard Contractual Clauses and the provider commitments and appropriate contractual or legal safeguards made available by those providers. You can request more detail on a specific transfer by contacting support@akwa.design.

5. Retention

Akwa retains account data for the lifetime of your account. Designs are retained while the account is active. Payment metadata is retained per the relevant provider's required period. Akwa Mirror uploads (legacy; surface currently paused) are deleted immediately after successful processing (24-hour fallback for failed jobs). Try It On Me v2 photos are never written to any Akwa-controlled bucket: they are transmitted ephemerally to fal.ai and auto-purged on fal.ai's side after the job completes. Akwa Capture inspiration uploads live in a private user-scoped bucket and are auto-deleted within 24 hours if not promoted into a design. Operational logs are retained per provider defaults (typically 30–90 days).

6. Your rights and choices

Akwa applies GDPR-level privacy protections as its baseline. Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent where we rely on consent.

7. Cookies, sessions, and analytics

Akwa does not currently use advertising pixels or behavioural advertising cookies. We do use authentication and session technology needed to keep you signed in and secure the service.

On the web, Akwa also uses Vercel Analytics and Sentry in production to understand performance, reliability, and product usage. Vercel describes its web analytics product as privacy-focused and cookieless. Sentry may collect crash and performance telemetry and limited session replay when errors or sampled sessions occur, so we can diagnose failures and protect the service.

8. Akwa Mirror

Akwa Mirror is optional. If you choose to use it, your photo is processed only after you grant consent. The upload is stored temporarily, sent to fal.ai for try-on generation, and deleted immediately after successful processing, with fallback deletion within 24 hours if the job fails. Mirror uploads are not used to train Akwa's models.

For feature-specific detail, see the Akwa Mirror notice at https://akwa.design/privacy/mirror.

9. Security

Akwa uses HTTPS in transit, authentication controls through Supabase, row-level access policies in the database, service-role secrets only in server-side functions, and monitoring through Sentry and platform logs. No internet-connected system can be guaranteed perfectly secure, but Akwa aims to use proportionate technical and organisational measures for the size and risk profile of the service.

10. Children

Akwa is intended for users aged 16 and over (the GDPR baseline). At signup, users self-declare that they meet this minimum age. Akwa does not knowingly collect personal data from children under 16. If you believe a child has provided personal data to Akwa without appropriate authority, contact us and we will review and delete the data where required. Akwa does not use automated decision-making or profiling (GDPR Article 22) and does not market specifically to children.

11. Changes to this notice

Akwa may update this notice to reflect changes in the service, providers, legal structure, or applicable law. The version and review date at the top of this page will be updated whenever the notice changes.