Hemline Privacy Policy

Stylegraph Private Limited, operating under the trade name Hemline ("Hemline," "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes our practices regarding the information we collect, use, and share in connection with the Hemline platform and services (the "Service").

1. About This Policy

Please review this Privacy Policy before using the Service or submitting any information to us. Your continued use of the Service constitutes your acknowledgement of and agreement to this Privacy Policy, including your consent to the data practices described herein. Under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and analogous data protection frameworks, Hemline acts as the "Data Fiduciary" with respect to personal data it processes for its own defined purposes as described in this Policy. This Policy does not govern Hemline's processing of photos, designs, or other content uploaded by enterprise customers to the Platform in the course of receiving our services. Such data is processed solely on behalf of, and under the instructions of, our customers pursuant to applicable commercial agreements and data processing addenda. In such instances, Hemline acts as a "Data Processor."

2. Types of Information We Collect

Information You Provide Us: We collect your personal data when you register for the Service, use platform features, update account information, purchase a subscription, contact our support team, or otherwise communicate with us. This includes: Contact Data (first and last name, email address, billing and mailing addresses, professional title, company name, and phone number); Profile Data (username and password, stated interests and preferences, survey participation details); Transactional Data (order identifiers and transaction history); Communications Data (records of exchanges through the Service, social media, or other channels); Marketing Data (communications preferences and engagement with marketing materials); and Payment Data (information required to complete purchases, processed on our behalf by payment processors).

Other Information: We may also collect, generate, and/or receive the following information from the Service: Services Metadata (contextual data generated when you interact with the Service); Log Data (automatically-collected access records including Internet Protocol (IP) address, referring URL, browser type and configuration, access timestamps, plugin details, language preferences, and cookie identifiers); Device Information (device type, operating system, application identifiers, device settings, unique device identifiers, and crash data); Location Information (approximate location derived from IP address or other device signals); and Cookie Information (we use cookies and similar technologies to operate the Service, analyse usage, and improve your experience).

3. Use of Your Information

We process information about you to operate our business, deliver the Service, personalise your experience, and improve our offerings. Specifically, we use your information to: Provide, operate, and maintain the Service; Improve, analyse, and develop the Service; Communicate with you; Comply with applicable laws and cooperate with law enforcement and regulatory investigations; Protect our legal rights and interests; and Act in any other manner we have communicated to you and to which you have consented.

AI Model Training and Improvement: We may use your information to improve our products and the performance of our Services, including through the training, fine-tuning, and optimisation of our AI capabilities. For Pay-As-You-Go ("PAYG") plans: Anonymised data generated through your use of the Service may be used to train and improve Hemline's platform-wide AI models, which are deployed across the Service for all users. For Paid subscription plans: Anonymised data generated through your use of the Service may be used exclusively to train AI models that serve only your account. Such models are not shared with, or used to serve, other customers. In all cases, data used for model training is anonymised prior to use so that it cannot reasonably be attributed to or used to identify you.

4. Disclosure of Your Information

We may share your information with third-party service providers that support our technical infrastructure, conduct quality assurance testing, analyse Service usage, prevent and detect unauthorised activity, or provide customer and technical support. The Platform is hosted and made available through certain sub-processors. Payment instrument information used to make purchases on the Service is collected and processed directly by our payment processors, including DodoPayments. Hemline retains only a tokenised reference to your payment instrument and does not store your complete payment details.

Hemline may disclose your information where it believes in good faith that such disclosure is necessary: (a) in connection with any legal investigation; (b) to comply with applicable law or respond to subpoenas, warrants, or other legal process; (c) to protect or defend the rights or property of Hemline or users of the Service; or (d) to investigate or assist in preventing any violation of law, this Privacy Policy, or our Terms of Use. We may disclose personal information in the context of actual or prospective business transactions such as investments, financing, mergers, acquisitions, or the sale, transfer, or restructuring of all or part of our business or assets.

5. Data Location and International Transfer

We and our authorised sub-processors maintain, store, and process personal data primarily in India, using AWS (ap-south-1, Mumbai) and GCP (asia-south1, Mumbai) infrastructure. Where necessary for service delivery or as required by law, personal data may be processed in other jurisdictions. By using the Service and providing us with information, you understand that your data may be processed in the country where it was collected and in other countries, including countries whose data protection laws may differ from those in your jurisdiction. For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we rely on Standard Contractual Clauses ("SCCs") and other lawful transfer mechanisms as applicable.

6. Your Choices Regarding Information

We may periodically send you newsletters or promotional emails about the Service. You may opt out of marketing communications by following the unsubscribe instructions in any such email. Notwithstanding your preferences, we may send you transactional or service-related communications. You may configure your browser to decline cookies or to prompt you before accepting them. Declining cookies may limit your ability to use certain features of the Service.

7. Data Access and Control

You may view, access, edit, or delete certain information through your account Settings page. If you are located in the European Economic Area ("EEA"), United Kingdom ("UK"), or Switzerland, you have certain rights under applicable law, including the right to: (i) request access to and a copy of your personal information; (ii) request rectification or erasure; (iii) object to or restrict processing; and (iv) request portability of your personal information. If we process your personal information on the basis of consent, you have the right to withdraw that consent at any time.

If you are a Data Principal whose personal data is processed by Hemline under India's Digital Personal Data Protection Act, 2023, you have the following rights: Right to access (to obtain confirmation of, and a summary of, personal data we hold about you and the processing activities undertaken); Right to correction and erasure (to have inaccurate or incomplete personal data corrected and to have personal data erased where it is no longer necessary); Right to grievance redressal (to have your privacy-related grievance addressed by our Grievance Officer); and Right to nominate (to nominate an individual who may exercise your rights under the DPDP Act in the event of your death or incapacity). To exercise these rights, please contact us at support@hemline.ai or through our Grievance Officer.

8. Data Retention

We may continue to retain your information after you request deletion if such retention is reasonably necessary to comply with legal obligations, resolve disputes, prevent fraud and abuse, enforce our Terms of Use or other agreements, or protect our rights and interests. In determining the appropriate retention period, we consider the volume, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure; the purposes for which we process your personal data; and applicable legal requirements. You may request deletion of your personal data, including images uploaded to the Services, by emailing support@hemline.ai.

9. Security

We employ physical, administrative, and technical safeguards designed to preserve the integrity and security of information collected through the Service. However, no security system is impenetrable and we cannot guarantee the security of our systems. In the event of a security incident resulting in a compromise of information under our custody, we will investigate and remediate the situation and, in accordance with applicable laws, notify affected individuals where required.

10. Minors

We do not intentionally collect personal data from individuals under the age of 18. Our Terms of Use require all users to be at least 18 years old. Under India's DPDP Act 2023, a "child" means any person below the age of 18, and processing their personal data requires verifiable parental consent. As Hemline's Service is directed at business professionals, we require all users to be 18 or older. If we learn that a user under 18 has submitted personal data to us, we will take prompt steps to delete that information.

11. Legal Bases for Processing

For users in the EEA, UK, and Switzerland: When you access or use the Service, we collect, use, and process your personal data for the purposes described in this Policy. We rely on the following legal bases: Consent (for example, to send you marketing communications); Contract (to fulfil our obligations and provide you with the Service); Legitimate interests (for example, to improve and analyse the Service and personalise your experience); and Legal obligation (to comply with applicable law).

For Data Principals whose personal data is processed under India's DPDP Act 2023, we process your personal data on the basis of your free, specific, informed, unconditional, and unambiguous consent as provided under Section 6 of the DPDP Act, and on the basis of legitimate uses specified under Section 7 of the DPDP Act where applicable.

12. Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, Hemline has designated a Grievance Officer to address privacy-related concerns and data-related complaints. Name: Aishik Pyne, Designation: Founder, Email: support@hemline.ai, Address: Stylegraph Private Limited, Udayan, Flat B/1/3, 6/A, Sir Debo Prasad Row, Kolkata 700014, India. We will endeavour to acknowledge receipt of your grievance within 48 hours and resolve it within 30 days of receipt. If you are not satisfied with the resolution, you may approach the Data Protection Board of India once it is constituted under the DPDP Act.

13. Other Sites and Services

The Service may contain links to third-party websites, mobile applications, and online services. Our content may also be integrated into third-party platforms not operated by us. Such links and integrations are not endorsements of, nor do they represent any affiliation with, those third parties. We do not control third-party platforms and are not responsible for their practices. We encourage you to review the privacy policies of any third-party services you use.

14. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. We will notify you of material changes by posting the updated Policy on our website. The effective date at the top of this Policy reflects when it was last revised. Your continued use of the Service following notice of any changes constitutes your acknowledgement of the updated Policy.

15. Disclaimer

Upon deletion of your account, your personal data will be removed from our systems or rendered unattributable to you. Please be aware that images uploaded while using the Service may contain supplementary personal information. If you wish to have such data separately deleted, please notify us at support@hemline.ai. Hemline shall not assume responsibility for any failure to request the removal of such data.

16. Questions; Contacting Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data collection or processing practices, or to report any security vulnerability, please contact us at: Email: support@hemline.ai, Address: Stylegraph Private Limited, Udayan, Flat B/1/3, 6/A, Sir Debo Prasad Row, Kolkata 700014, India