Privacy Policy for Nifty IP
Effective Date: March 30, 2026
Nifty IP (a project of NiftyBooks FlexCo, "we," "us," or "our") is committed to protecting the intellectual property and personal data of artists and creators. This Privacy Policy describes how we collect, use, and share your information when you use our platform to detect AI training usage and manage your digital assets.
1. Data Controller
The entity responsible for your data under the General Data Protection Regulation (GDPR) is:
NiftyBooks FlexCo (in formation) Esslinggasse 13/18, 1010 Vienna, Austria Email: info@niftybooks.com
2. Information We Collect
A. Information You Provide
- Account Data: Name, email address, password, and language preference.
- Payment Data: We use Stripe for subscriptions. We do not store your full credit card details on our servers; we only store tokenized metadata (e.g., card brand, last 4 digits) provided by Stripe.
- Content Data (Image Uploads): Images you upload to check against AI datasets.
B. Technical & Automated Data
- Metadata: We extract basic image metadata (dimensions, colorspace) to facilitate the search. Currently, we do not automatically strip EXIF/GPS data from uploads.
- Nifty Analytics: We use LocalStorage to store a unique
nifty_visitor_idand your UI preferences. - Log Data: IP addresses and browser fingerprints are processed by our servers to prevent bot abuse and ensure system security.
3. Image Processing & AI Transparency
Pursuant to the EU AI Act (2026), we disclose that Nifty IP utilizes artificial intelligence to provide its services:
- Detection Logic: We use the OpenAI CLIP model and Google Cloud Vision to generate "embeddings" (mathematical representations) of your images.
- Similarity Search: These embeddings are searched against our Qdrant vector database to find matches in known AI training sets.
- Storage Policy:
- Guest Users: Images are cached in RAM for 1 hour for processing and then deleted.
- Authenticated Users: To provide you with your "Monitoring Report" and historical match data, images are stored in a private, secure AWS S3 bucket and referenced in our database until you delete the report or your account.
4. Legal Basis for Processing (GDPR)
- Performance of a Contract: To perform the image "check" you requested.
- Legitimate Interests: To secure our platform against fraud and improve our detection algorithms.
- Consent: For marketing communications (where you have explicitly opted in) and non-essential cookies.
5. Third-Party Sub-processors
To provide our service, we share limited data with the following providers:
- Infrastructure: AWS (Region: eu-central-1), MongoDB Atlas.
- AI & Search: Google Cloud (Vision API), SerpAPI, Qdrant.
- Payments: Stripe.
- Authentication: Google OAuth (if used).
We do not sell your artwork or personal data to third parties. We do not currently share your personal data with our partner Thalia or parent entity NiftyBooks unless required for cross-platform support you have explicitly requested.
6. Data Sovereignty & Transfers
Our infrastructure is primarily hosted in the European Economic Area (EEA), specifically in Frankfurt, Germany (AWS eu-central-1). Where data is transferred outside the EEA (e.g., to Google or Stripe in the US), we ensure Standard Contractual Clauses (SCCs) are in place to protect your rights.
7. Your Rights
Under the GDPR and CCPA/CPRA, you have the right to:
- Access & Portability: Request a copy of your data.
- Rectification: Correct inaccurate data.
- Erasure ("Right to be Forgotten"): Request that we delete your account and all associated images.
- Object to AI Processing: You may request that your images not be used to further "tune" our proprietary detection logic.
Note: To exercise these rights, please email info@niftybooks.com.
8. Security
We implement "Privacy by Design." Your images are stored using Private ACLs on AWS S3, meaning they are not accessible to the public or other users.
9. Updates to this Policy
We may update this policy to reflect changes in our technology or legal requirements. We will notify you of any material changes via email or a prominent notice on our site.