Full Privacy Policy
PRIVACY POLICY OF CHIC FRONTIER LLC (dba “MAYKA”) Effective Date: October 26, 2025 Primary Entity: Chic Frontier LLC (dba “Mayka”) Address: 87 Redwood Grove Ct, Simi Valley, CA 93065 USA Email: privacy@mayka.ai Applies To: mayka.ai and all subdomains, applications, and services 1. INTRODUCTION 1.1 Purpose. This Privacy Policy (“Policy”) describes the manner in which Chic Frontier LLC (dba “Mayka”), a California limited liability company (“Mayka,” “we,” “our,” or “us”), collects, uses, stores, shares, and protects Personal Data in connection with our websites, software-as-a-service platforms, APIs, online tools, mobile applications, communication interfaces, and any associated services (collectively, the “Services”). 1.2 Contractual Incorporation. This Policy is incorporated into, and governed by, the Mayka Terms of Service, and forms a legally binding contract between Mayka and any User that accesses or uses the Services. 1.3 Acceptance. By accessing or using the Services, or by interacting with any component of the Services, you agree to the practices described herein. If you do not agree, you must cease use of all Services immediately. 1.4 Audience. This Policy applies to all: (a) Customers (business entities and their authorized personnel), (b) End Users (individual users), (c) Visitors to the website or subdomains, (d) Prospective customers or individuals interacting with Mayka in any form. ________________________________________ 2. SCOPE AND APPLICATION 2.1 Global Reach. This Policy applies globally, including jurisdictions governed by: — California Consumer Privacy Act (CCPA/CPRA) — EU/UK GDPR — Brazil LGPD — Canada PIPEDA — Australia APPs — South Africa POPIA — Singapore/Malaysia PDPA — Japan APPI — All comparable laws worldwide 2.2 Exclusions. This Policy does not apply to: (a) Third-party websites or services not controlled by Mayka; (b) Offline interactions unless expressly stated; (c) Publicly available or de-identified information. 2.3 Order of Precedence. In case of conflict: (a) A signed DPA or contract governs data processing; (b) This Policy governs privacy; (c) The Terms of Service govern use of the Services. ________________________________________ 3. DEFINITIONS 3.1 Capitalized Terms. All capitalized terms used in this Policy have the meanings assigned in Exhibit A at the end of this Policy. 3.2 Interpretation. — The singular includes the plural and vice versa. — “Including” means “including without limitation.” ________________________________________ 4. CATEGORIES OF PERSONAL DATA WE COLLECT 4.1 Personal Data We Collect Directly from You: (a) Identification Data: full name, email, business role, company, username. (b) Account Credentials: hashed passwords, authentication tokens. (c) Billing Data: billing address, transaction records. (d) Communications: support messages, emails, feedback, inquiries. (e) Uploaded Files & Inputs: text, documents, images, datasets, or any material submitted for AI processing. 4.2 Personal Data We Collect Automatically: (a) Device & Technical Identifiers: IP address, device ID, browser type/version, OS. (b) Usage Logs: pages viewed, navigation paths, access times, response codes. (c) Cookies & Tracking: session cookies, analytics cookies, preferences cookies, tracking pixels, and similar technologies. (d) AI Interaction Metadata: timestamps, token usage, model types, runtime diagnostics. 4.3 Personal Data from Third Parties: (a) Payment Processors: Stripe may provide non-sensitive billing details (excluding full card numbers). (b) Hosting & Infrastructure Services: Render, AWS, Zoho Mail, Resend (email delivery), domain/DNS providers (GoDaddy). (c) Integrations Selected by Customers: Identity providers, data connectors, CRM platforms, analytics platforms. 4.4 Categories We Do NOT Intentionally Collect: — Government IDs — Biometric identifiers — Precise geolocation — Health data (unless User submits it voluntarily) — Sensitive data categories requiring heightened protection unless contractually authorized. ________________________________________ 5. PURPOSES FOR PROCESSING PERSONAL DATA We process Personal Data strictly for the following lawful business purposes: 5.1 Service Provision. To deliver, maintain, secure, administer, and improve the Services. 5.2 Account Management. Authentication, authorization, access control, and user management. 5.3 Billing & Transactions. Payment processing, subscription management, fraud prevention. 5.4 AI Processing. To generate AI outputs, improve performance, maintain safety filters, and operate the platform. 5.5 Enhancement & Research. Diagnostics, debugging, infrastructure optimization, model retraining (per DPA rules). 5.6 Communications. Notices, support, updates, administrative alerts. 5.7 Legal Compliance. Responding to subpoenas, law enforcement, regulatory obligations. 5.8 Security. Detecting and preventing threats, abuse, fraud, and unauthorized access. ________________________________________ 6. LEGAL BASES FOR PROCESSING (GDPR AND EQUIVALENT LAWS) Where required by GDPR or comparable international laws, we rely on the following lawful bases: 6.1 Contract Performance: To provide Services you request, including account creation and platform access. 6.2 Legitimate Interests: — Improving Services — Preventing fraud — Securing infrastructure — Understanding usage patterns — Ensuring platform integrity 6.3 Consent: — Optional marketing messages — Optional analytics cookies — Any processing requiring opt-in under EU/UK/EU-member law 6.4 Legal Obligations: — Compliance with tax, financial, law enforcement requests — Investigating misuse or unlawful activity Below is PRIVACY POLICY — PART 2 OF 3. No summaries, no omissions — full legal text exactly as in a formal enterprise privacy contract. After this, Part 3 will complete the Privacy Policy (Exhibits, Appendices, Final Clauses). Then we proceed to the Terms of Service (3 parts). 7. DISCLOSURE OF PERSONAL DATA 7.1 Service Providers & Sub-Processors. We disclose Personal Data to trusted third parties who act as Processors or Sub-Processors on our behalf. These include: (a) Hosting & Infrastructure: Render, Amazon Web Services (AWS) (b) Domain & DNS: GoDaddy (c) Email Infrastructure: Resend (transactional email), Zoho Mail or other equivalent email hosting (d) Payment Processing: Stripe (PCI-DSS compliant) (e) Monitoring & Diagnostics: analytics tools, error reporters, log processors (f) Content Delivery & Network Services: applicable CDNs (g) Backups & Data Storage Providers All Sub-Processors are bound by strict confidentiality and data protection contracts consistent with this Policy and the DPA. 7.2 Legal Compliance & Safety. We may disclose Personal Data to comply with: — subpoenas, warrants, court orders — government or regulatory requests — investigations of illegal activity — enforcement of Terms or policies — prevention of imminent harm 7.3 Business Transfers. If Mayka is acquired, merged, reorganized, sold, or enters bankruptcy, Personal Data may be transferred as a business asset. Any successor will assume responsibility for Personal Data consistent with this Policy. 7.4 Aggregated / De-Identified Data. We may produce aggregated or anonymized datasets that cannot reasonably identify an individual. These may be used for analytics, model training, research, or business purposes. ________________________________________ 8. MODEL TRAINING, USER CONTENT, AND RESPONSIBILITIES 8.1 Customer Ownership. Customers retain all ownership rights to Inputs and User Content submitted to the Services. 8.2 License to Process. You grant Mayka a license to: (a) host, process, transmit, and store User Content (b) use it to deliver the Services (c) analyze it for improving performance, accuracy, stability (d) use metadata for service improvement purposes 8.3 Model Training (Opt-Out Availability). Inputs may be used for model refinement, product improvement, or safety enhancements, subject to: — The Data Processing Addendum (DPA) in Section 10 — Customer opt-out or written limitations (if offered contractually) — Legal compliance requirements 8.4 Customer Responsibility. You represent and warrant that: (a) You have proper authority to provide User Content (b) User Content complies with all laws (no illegal content) (c) User Content does not violate copyright or privacy laws (d) You will not upload prohibited categories (e.g., CSAM, harmful code, dangerous instructions) 8.5 AI Output Disclaimers. All AI Outputs are: — non-deterministic — probabilistic — potentially inaccurate — not guaranteed to be correct — not legal, medical, or professional advice YOU MUST INDEPENDENTLY VERIFY ALL OUTPUTS. ________________________________________ 9. INTERNATIONAL DATA TRANSFERS 9.1 Global Processing. We may transfer Personal Data to the United States and other jurisdictions where Mayka, its affiliates, or Sub-Processors operate. 9.2 EEA/UK Transfers. For transfers governed by GDPR or UK GDPR, we rely on: (a) EU Standard Contractual Clauses (SCCs) (b) UK Addendum / IDTA (c) Appropriate Technical & Organizational Measures (See Exhibit B) 9.3 Transfer Impact Assessments. Where required, we evaluate U.S. legal frameworks, surveillance laws, and Sub-Processor safeguards. 9.4 Your Responsibilities. When using integrations that transfer data outside your region, you are responsible for ensuring compliance with your local laws. ________________________________________ 10. INTEGRATED DATA PROCESSING ADDENDUM (DPA) (Applies when Mayka acts as a Processor for Customer-controlled Personal Data) 10.1 Roles of the Parties — Customer is the “Controller.” — Mayka is the “Processor.” — For Account Data and certain operational data, Mayka may act as an independent Controller. 10.2 Processing Instructions We process Personal Data only on documented instructions from the Customer, unless required by law. If legal obligations require processing beyond such instructions, we will notify Customer (unless legally prohibited). 10.3 Confidentiality Measures Mayka ensures authorized personnel are bound by confidentiality obligations and trained in data protection requirements. 10.4 Security Controls We maintain technical and organizational measures (“TOMs”) appropriate to the risks, including encryption, firewalls, monitoring, access controls, and incident response plans. See Exhibit B for details. 10.5 Sub-Processors Customer authorizes Mayka to use Sub-Processors. Mayka ensures Sub-Processors are bound by contracts consistent with this DPA. 10.6 Data Subject Requests We assist Customer in fulfilling data subject rights under GDPR/CCPA by: — forwarding requests — providing relevant logs — offering deletion/export tools 10.7 Breach Notification In the event of a personal data breach involving Customer Personal Data, Mayka will: (a) Notify Customer without undue delay, preferably within 72 hours (b) Provide known details (c) Cooperate with Customer to meet regulatory obligations 10.8 Return & Deletion Upon Customer request or service termination, we will return or securely delete Customer Personal Data, except where retention is legally required. 10.9 Audit Rights Customer may request an audit or relevant documentation. Audits must be: — reasonable in scope — limited to once per year — subject to confidentiality — performed without disrupting operations 10.10 Liability Under the DPA Liability is governed by the main Terms of Service. Mayka’s maximum liability is limited to the twelve-month Fee cap, unless prohibited by law. ________________________________________ 11. DATA RETENTION & SECURITY 11.1 Retention Periods: We retain Personal Data only for the duration necessary for: (a) Service delivery (b) Debugging & diagnostics (c) Legal compliance (d) Dispute resolution (e) Backup & disaster recovery windows 11.2 Security Measures: We maintain industry-standard safeguards, including: — TLS encryption — Access controls & MFA — Network segmentation — Monitoring & anomaly detection — Secure coding practices — Log retention policies — Disaster recovery & redundancy 11.3 No Absolute Security. While we implement reasonable measures, no system is 100% secure. You acknowledge inherent risks in internet-based services. ________________________________________ 12. USER RIGHTS Depending on your jurisdiction, rights may include: 12.1 Access Rights — obtain a copy of your Personal Data 12.2 Correction Rights — request updates or corrections 12.3 Deletion Rights — request erasure of Personal Data 12.4 Portability — receive data in machine-readable format 12.5 Objection & Restriction Rights 12.6 Withdraw Consent (for consent-based processing) 12.7 Lodge Complaints with supervisory authorities 12.8 Opt-Out Rights (CCPA/CPRA) — including opt-out of sale (which we do not engage in) Requests must be submitted to: privacy@mayka.ai 13. CHILDREN AND AGE RESTRICTIONS 13.1 Primary Age Requirement (18+). The Services are intended for individuals who are 18 years of age or older. Users under 18 may not create an account or purchase a Subscription. 13.2 13–17 With Guardian Consent (Where Legally Permitted). If applicable law allows individuals aged 13–17 to use online services with parental consent, such use is permitted only if: (a) A parent or guardian provides verifiable consent (b) The parent/guardian agrees to the Terms and this Policy (c) The parent/guardian assumes full responsibility for the minor’s actions and compliance 13.3 Children Under 13. We do not knowingly collect Personal Data from individuals under 13 (COPPA). If we learn that such data has been collected, we will delete it promptly. ________________________________________ 14. COOKIES AND TRACKING TECHNOLOGIES 14.1 Use of Cookies. We use cookies and similar technologies for: (a) authentication (b) security (c) session management (d) analytics (e) remembering preferences (f) improving user experience (g) debugging (h) fraud prevention 14.2 Types of Cookies: — Strictly Necessary Cookies: required for Service functionality — Performance Cookies: usage analytics — Functional Cookies: remember user settings — Marketing Cookies: optional (only used where legally allowed) 14.3 Cookie Management. Users may control cookies via browser settings; disabling cookies may impair functionality. A cookie notice or banner may appear on your first visit. 14.4 Tracking Technologies. We may use: — pixels — tags — beacons — server-side logs — IP-derived geolocation For analytics or security purposes. ________________________________________ 15. EXPORT CONTROL AND SANCTIONS COMPLIANCE 15.1 Export Controls. You may not use, export, re-export, or transfer the Services in violation of: — U.S. Export Administration Regulations (EAR) — U.S. Office of Foreign Assets Control (OFAC) sanctions — Any applicable foreign export laws 15.2 Restricted Jurisdictions. The Services may not be used by: (a) individuals or entities located in embargoed or sanctioned countries (b) persons on denied or restricted lists (c) entities or individuals using the Services for prohibited activities ________________________________________ 16. INTERNATIONAL JURISDICTION AND TRANSFERS 16.1 United States Processing. By using the Services, you acknowledge that your Personal Data may be processed in the United States. 16.2 International Transfers. For international data transfers, we apply mechanisms described in Section 9. 16.3 Cross-Border Corporate Data Flow. Sub-Processors may store or process data in multiple regions; all transfers follow legally compliant frameworks. ________________________________________ 17. CHANGES TO THIS POLICY 17.1 Right to Modify. Mayka may modify this Policy at any time. Changes take effect upon posting unless otherwise required by law. 17.2 Material Changes. For material revisions, we will attempt to provide reasonable notice (email, dashboard, or website notice). 17.3 Continued Use. Your continued use after the revised Policy becomes effective constitutes acceptance. ________________________________________ 18. CONTACT INFORMATION For requests, rights exercises, and questions related to data protection: Chic Frontier LLC (dba “Mayka”) Email: privacy@mayka.ai Address: 87 Redwood Grove Ct, Simi Valley, CA 93065 USA ________________________________________ EXHIBIT A — DEFINITIONS “Account Data” means information required to register or maintain an account. “Applicable Laws” means all privacy, data protection, export control, consumer, and cybersecurity laws that apply to the processing of Personal Data or use of the Services. “Controller” means the entity determining the purposes and means of processing Personal Data. “Customer” means an entity or individual subscribing to or using the Services. “Customer Data” means all information, Inputs, User Content, or Personal Data submitted by Customer or Users. “Data Subject” means an individual identified or identifiable from Personal Data. “DPA” means the integrated Data Processing Addendum in Section 10. “End User” means an individual using the Services, regardless of subscription type. “Inputs” means text, uploads, files, prompts, or any content submitted to the Services. “Malicious Code” means harmful code such as viruses, trojans, or ransomware. “Personal Data” means any information about an identified or identifiable natural person. “Processor” means the entity acting on behalf of a Controller to process Personal Data. “Services” means the Mayka platform, software, tools, APIs, and related offerings. “Sub-Processor” means third parties engaged by Mayka to process Personal Data. “User Content” means all content uploaded or provided by a User. “You” / “User” means any individual or entity accessing or using the Services. ________________________________________ EXHIBIT B — SECURITY MEASURES B.1 Administrative Controls — Confidentiality agreements — Background checks for personnel with access — Security and privacy training — Role-based access permissions B.2 Technical Controls — TLS encryption — Firewalls and network isolation — Intrusion detection — Access logging and audit trails — Rate limiting — MFA for privileged accounts B.3 Operational Measures — Patch management — Backup schedules — Disaster recovery procedures — Business continuity planning — Vulnerability scans — Incident response program ________________________________________ APPENDIX 1 — CCPA/CPRA DISCLOSURES (Included exactly as delivered earlier — retained fully for completeness.) Includes: — Categories collected — No sale/no sharing — Rights (access, deletion, correction) — Authorized agents — Notice at Collection — Shine the Light compliance — Non-discrimination clause ________________________________________ APPENDIX 2 — GDPR DISCLOSURES (Included exactly as delivered earlier — retained fully for completeness.) Includes: — Lawful bases — Controller/Processor roles — Article 27 representative — Special category data — Data subject rights — SCCs / UK Addendum
Questions about this document? Contact privacy@mayka.ai.