Privacy Notice

Version 2.2 · Effective 13 April 2026 · Last reviewed 11 May 2026

This Privacy Notice explains what personal data Akwa collects, why it is collected, which providers help operate the service, and what choices you have. The current version is always available at akwa.design/privacy.

Akwa B.V. is committed to cultural integrity in every design, support for the tailors and makers who turn designs into garments, and rigorous protection of customer data, creative work, and consent, in line with Dutch and EU law.

1. Who controls your data

Akwa is operated by Akwa B.V., a Dutch besloten vennootschap incorporated in Rotterdam and registered with the Kamer van Koophandel under KvK number 42056851. Akwa B.V. acts as the controller for the personal data described in this notice.

Contact: hello@akwa.design

2. Personal data we collect

Akwa collects account data (email, authentication identifiers), design content you create (briefs, prompts, tailor instructions), payment metadata via our payment providers, optional Akwa Capture inspiration uploads (only with consent, ephemerally stored), and operational telemetry needed to run a reliable service. For each category, Akwa records the legal basis (contract, consent, legitimate interest, legal obligation) for processing.

Akwa also uses your registration email to send occasional product update communications to account holders (new features, material changes, account-relevant news), processed under Art. 6(1)(f) GDPR (legitimate interest). You can opt out via the unsubscribe link in any such email at any time. Service-critical messages (password resets, billing, security) continue to be sent under contract regardless of marketing opt-out status.

When you generate a design, the prompts you write, the silhouette / fabric / origin choices you make, and any reference images you upload are sent to specialist large language model, image generation, and (when used) virtual try-on providers so those providers can return the design output. Each provider operates under its own privacy notice and contractual safeguards described in section 3. Akwa does not use your inputs to train external AI models, and Akwa's contracts with these providers require them to not use Akwa API inputs for model training by default.

3. Categories of providers and recipients

Akwa relies on specialist third-party providers across the categories below. We only share data that is necessary for those services to work. Each provider operates under its own privacy notice and contractual safeguards.

Categories include: account, authentication, and database hosting; web hosting, edge delivery, and request handling; large language model (LLM) processing for design and brief generation; image generation and editing; video generation (for the View in Motion preview); vision-based content safety and image-input parsing; PDF rendering (Tech Pack + Cultural Design Breakdown); transactional and product-update email delivery; card payment processing (with region-specific providers for local rails including NGN); mobile in-app purchase orchestration for iOS and Android; foreign exchange rate lookup (no personal data); web analytics; advertising attribution and audiences (loaded only after you accept marketing cookies); email marketing automation (loaded only after you accept marketing cookies); session replay and heatmaps (when explicitly enabled, and loaded only after you accept analytics cookies); and crash, performance, and limited session-replay monitoring.

A current list of the specific subprocessors Akwa uses in each category, including company names and the underlying region of processing, is available on request from legal@akwa.design. We update this list as services change.

If you buy through the App Store or Google Play, those stores also process payment details under their own terms and privacy notices. Akwa generally receives transaction status, product identifiers, and fulfilment metadata rather than full payment card details.

4. International transfers

Akwa's primary database, authentication, storage, and edge functions are hosted in the European Union (Ireland), so most user data stays within the EEA at rest. The web frontend and serverless API routes are served globally (frontmost edge nearest to the user, with primary compute regions including the EU and the United States). Specialist AI providers used for language model processing, image generation, video generation, and vision-based parsing operate primarily from the United States; transactional email and monitoring providers operate internationally; regional card payment processors operate from their respective markets including the EU and West Africa.

Where personal data is transferred outside the EEA or UK, including the routing of design prompts and reference images to AI providers based in the United States, Akwa relies on Standard Contractual Clauses and the provider commitments and appropriate contractual or legal safeguards made available by those providers. You can request more detail on a specific transfer by contacting hello@akwa.design.

5. Retention

Akwa retains account data for the lifetime of your account. Designs are retained while the account is active. Payment metadata is retained per the relevant provider's required period. Akwa Capture inspiration uploads live in a private user-scoped bucket and are auto-deleted within 24 hours if not promoted into a design. View in Motion videos are stored in your private designs bucket alongside the still image they were generated from and follow the same retention as the parent design (up to 2 years, or sooner if you delete the design or your account). Akwa's previous virtual try-on features (Akwa Mirror, paused; Try It On Me, decommissioned) processed photos ephemerally with auto-purging at the specialist try-on provider and never wrote them to any Akwa-controlled bucket. Operational logs are retained per provider defaults (typically 30 to 90 days).

6. Your rights and choices

Akwa applies GDPR-level privacy protections as its baseline. Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent where we rely on consent.

7. Cookies, sessions, and analytics

Akwa uses three categories of cookies on the web: essential cookies (always on, required to keep you signed in and secure the service), analytics cookies (load only after you accept), and marketing and advertising cookies (also opt-in via the consent banner). The authoritative list of every cookie set on Akwa, by which provider, for what purpose, and for how long, lives at the Cookie Policy at https://www.akwa.design/cookies. Akwa never sends raw design prompts, design briefs, uploaded reference images, payment details, or other personal data to analytics or advertising platforms; event payloads carry only high-level metadata such as garment category, plan type, source, currency and value.

8. Discontinued virtual try-on features

Akwa previously offered two optional virtual try-on features. Akwa Mirror is paused and not accepting new uploads. Try It On Me has been decommissioned and is no longer offered. While these features were active, photos you chose to upload were processed only after you granted consent, transmitted to a specialist virtual try-on provider with auto-purging storage, and deleted immediately after successful processing (with fallback deletion within 24 hours if a job failed). Uploads were never used to train Akwa's models.

For historical detail on the Mirror feature, see the Akwa Mirror notice at https://www.akwa.design/privacy/mirror.

9. Security

Akwa uses HTTPS in transit, authentication controls through Supabase, row-level access policies in the database, service-role secrets only in server-side functions, and monitoring through Sentry and platform logs. No internet-connected system can be guaranteed perfectly secure, but Akwa aims to use proportionate technical and organisational measures for the size and risk profile of the service.

10. Children

Akwa is intended for users aged 16 and over (the GDPR baseline). At signup, users self-declare that they meet this minimum age. Akwa does not knowingly collect personal data from children under 16. If you believe a child has provided personal data to Akwa without appropriate authority, contact us and we will review and delete the data where required. Akwa does not use automated decision-making or profiling (GDPR Article 22) and does not market specifically to children.

11. Changes to this notice

Akwa may update this notice to reflect changes in the service, providers, legal structure, or applicable law. The version and review date at the top of this page will be updated whenever the notice changes.