Privacy Policy

Privacy Policy – Eicon Vision Pvt Ltd (“Eicon”)

Version Date: 20th May 2026

1. Introduction

Eicon Vision Pvt Ltd (“we”, “us”, “our”, or “Eicon”) is committed to respecting and protecting your privacy when you use our mobile application (the “App”) and related services (together, the “Services”).

This Privacy Policy explains in clear terms what personal data we collect, how and why we use it, with whom we share it, how long we keep it, and what rights you have under applicable data protection laws, including the Indian Digital Personal Data Protection Act, 2023 and its rules (“Indian DPDP Law”), the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”), and applicable United States state consumer privacy laws (for example, the California Consumer Privacy Act as amended by the CPRA and similar state laws where they apply).

By using the Services, you acknowledge that you have read this Privacy Policy. Where we rely on your consent, we will ask for it in an unbundled, specific and informed way at the appropriate time.

2. Who We Are and How to Contact Us

Eicon Vision Pvt Ltd (Company Registration No: U63119TN2024PTC174687) is incorporated in India and acts as the “data controller” or “data fiduciary” for personal data processed in connection with the Services.

Our registered office address is:

No. 4, Dr. Radhakrishnan Salai, 2nd Street, Mylapore, Chennai – 600004, Tamil Nadu, India.

If you have any questions about this Privacy Policy or our data handling practices, or if you wish to exercise your rights, you can contact us at:

Email: info@eiconvision.com

If and when we appoint a Data Protection Officer or local representative in the UK, EU or any other jurisdiction where this is required, we will update this Privacy Policy to include their contact details.

3. What Personal Data We Collect and Why

In this section we describe, as plainly as possible, the categories of personal data we collect, the purposes for which we use it, and the legal basis on which we do so where UK GDPR, EU GDPR or Indian DPDP Law apply.

3.1 Account Data

If you create an account or sign in, we collect and store:

• Identification and contact details, such as your name, username, email address and, where relevant, password or authentication tokens.

• Profile settings and preferences.

• Activity data linked to your account, such as recognition history, favourites and related interaction metadata.

Purpose:

• To register and authenticate you as a user.

• To manage your account and provide the Services you request.

• To personalise your experience (for example, maintaining your recognition history and “My Favourites”).

Legal basis:

• Performance of a contract with you (to provide and administer the Services you request).

• Legitimate interests (to secure our Services, prevent abuse, and personalise content where this does not override your rights).

• Consent, where required under local law for specific optional features.

3.2 Image Data and Artwork Recognition

When you use the App to take a photo of artwork:

• For guest users, recognition images are processed locally on your device. They are not uploaded to our servers unless you choose to contribute them or take another action that clearly requires server processing.

• For logged-in users, recognition images and automatically derived metadata (for example, technical checks such as blur/exposure, extracted features and recognition results) are sent to our backend and may be stored.

Purpose:

• To identify artworks and provide match results.

• To improve and retrain our recognition models and related Services.

Legal basis:

• Performance of a contract (to provide the recognition functionality you request).

• Legitimate interests (to maintain and improve our models and Services), balanced against your privacy rights, including by offering guest mode and limiting uploads where possible.

• Consent, where required for specific uses such as contributions or certain analytics.

3.3 Feedback and Interaction Data

You may choose to submit feedback about recognition results (for example, thumbs-up or thumbs-down), save artworks as favourites, share content, or otherwise interact within the App.

We collect information about these interactions, including which artworks you have rated, saved, or shared, and related timestamps and technical details.

Purpose:

• To operate features such as “My Favourites”.

• To understand how the App is used and to improve accuracy and relevance of recognition and recommendations.

• To train and retrain our models and to maintain service quality.

Legal basis:

• Performance of a contract (to provide the Services and features you choose to use).

• Legitimate interests (analytics and service improvement), with appropriate controls and opt-outs where required by law.

3.4 Contribution Data

If you choose to contribute content to Eicon, we collect:

• Images you submit (for example, QR codes, label images, gallery shots, artwork photographs).

• Optional metadata you provide, such as title, artist, year, medium, dimensions and location.

• The license or visibility setting you select (for example, public, venue-only, or private).

Purpose:

• To enrich our artwork database and improve recognition performance.

• To support a community-driven dataset and, where you select a public or venue-only license, to display contributed content as permitted.

• Legal basis:

  • Consent, given at the point of contribution and license selection.

  • Performance of a contract (to host and display your contributions in accordance with your selected license).

  You can withdraw consent to certain uses of your contribution data at any time, subject to technical and contractual limitations and to the license terms you selected.

  3.5 Technical and Usage Data

  We collect certain technical and usage information when you use the App or our website, which may include:

  • Device information, such as device type, operating system, language and settings.

  • Network and log information, such as IP address, timestamps, app version, crash logs and diagnostic data.

  • Usage information, such as the screens you view, features you use, and recognition latency statistics.

  For guest users, some technical and usage logs may remain only on your device and will not be transmitted to our servers unless you create an account, perform a server-based recognition request or take another action that requires communication with our backend.

  Purpose:

  • To operate, maintain and secure the App.

  • To monitor performance (for example, recognition latency) and troubleshoot issues.

  • To perform analytics in order to improve functionality and user experience.

  Legal basis:

  • Legitimate interests (service provision, security and improvement), taking into account your rights and expectations.

  • Consent, where required for certain analytics or tracking technologies, typically managed via device- or platform-level settings.

  3.6 Notifications

  If you enable push notifications, we collect device tokens or similar identifiers generated by your device or operating system.

  Purpose:

  • To send you notifications that are relevant to you, for example, about weekly re-checks of unmatched recognition results, updates relating to your contributions, or significant changes to our Services.

  Legal basis:

  • Consent, which you can withdraw at any time through your device or in-App settings.

  3.7 Location Data (Where Applicable)

  If you choose to enable location-based features, we may collect precise or approximate geolocation data from your device.

  Purpose:

  • To suggest nearby artworks or venues where the App is supported.

  • To support geofenced visibility options, where these form part of contribution permissions or local venue features.

  Legal basis:

  • Consent, requested through your device permissions and in-App prompts.

  • You can disable location permissions at any time via your device settings, although some features may no longer work as intended.

  4. Legal Basis for Processing (Overview)

  Depending on your location and the specific processing activity, we rely on different legal bases, including:

  • Consent: For example, for contributions, certain analytics, location-based services and push notifications, as required by Indian DPDP Law, UK GDPR, EU GDPR and certain US state laws.

  • Performance of a contract: To create and manage your account, provide recognition services, and deliver features you request.

  • Legitimate interests: To maintain and improve our App, prevent fraud and abuse, secure our systems, perform analytics, and develop new features, while always considering your rights and expectations and offering opt-outs where required.

  • Compliance with legal obligations: Where we are required by law to retain or disclose certain information, or to respond to lawful requests from authorities.

  Where we rely on legitimate interests, we have carried out a balancing assessment and concluded that our interests are not overridden by your fundamental rights and freedoms. You can contact us if you would like more information about this assessment.

  5. Sharing Your Personal Data

  We only share your personal data where this is necessary and subject to appropriate safeguards.

  We may share or disclose your personal data in the following situations:

  • Service providers and contractors: With trusted third parties who provide services on our behalf, such as cloud hosting providers, analytics providers, crash reporting tools, customer support services, and content moderation or contribution-processing providers. These providers are contractually obliged to process your personal data only on our instructions and to implement appropriate security measures.

  • Third-party partners and public display: Where you select a public or venue-only license for your contributions, the relevant content and related metadata may be made available to other users, venues or partners in accordance with that license.

  • Business transfers: If we are involved in a merger, acquisition, reorganisation, sale of assets or similar transaction, your personal data may be transferred as part of that transaction, subject to applicable law and, where required, further notices or safeguards.

  • Legal and regulatory requirements: Where we are required to do so by law, regulation or legal process, or to protect our rights, property or safety, or that of our users or others.

  We do not sell your personal data in the sense commonly understood under US state privacy laws, and we do not knowingly engage in cross-context behavioural advertising using your personal data without giving you relevant opt-out options where required by law.

  6. International Data Transfers

  As part of our operations, your personal data may be stored and processed on servers or systems located outside your home country, including in India and other jurisdictions where our service providers operate.

  Where we transfer personal data from the UK or EU/EEA to countries that have not been granted an adequacy decision, we will implement appropriate safeguards such as standard contractual clauses or equivalent measures, and we will ensure that you can obtain a copy of these safeguards on request.

  For transfers under Indian DPDP Law, we will comply with any applicable transfer restrictions, exemptions and government notifications from time to time.

  7. Data Retention
     
     We keep personal data only for as long as it is reasonably necessary for the purposes described in this Privacy Policy, and to the extent required to comply with our legal obligations, resolve disputes and enforce our agreements.

     In particular:

     • Guest users: Recognition images generally remain on your device and are not stored on Eicon servers unless you choose to contribute them or otherwise upload them.

     • Logged-in users (recognition images and metadata): These may be retained for as long as your account remains active and for a reasonable period thereafter to improve our models and services, unless you request deletion or applicable laws require a different period. Where possible, we will either delete or irreversibly de-identify data once it is no longer needed in identifiable form.

     • Contribution data: Images and metadata that you explicitly submit through contribution workflows are stored and used in line with the license or visibility settings you select. Some contributions, particularly those under a public license, may be retained and used for longer periods where necessary to preserve the integrity of the dataset or where deletion would not be technically or contractually feasible.

     • Usage, analytics and interaction data: These are retained for periods appropriate to support service improvement, security, fraud prevention and analytics, after which they are either deleted or anonymised.

     • Account data: We retain your account data while your account is active. If you close your account, we will delete or anonymise your personal data within a reasonable period, subject to any legal, regulatory or legitimate business needs (for example, defence of legal claims or fraud prevention).

     Where applicable law requires specific retention periods or criteria, we comply with those requirements and can provide more details on request.

     8. Cookies and Similar Technologies

     If you visit any Eicon website, we may use cookies and similar technologies for essential operations (such as security and log-in), analytics and functional purposes.

     Within the App, we may use software development kits (“SDKs”) and similar technologies supplied by third parties to collect usage information, measure performance and understand how features are used.

     Where required by law, we will ask for your consent before placing non-essential cookies or enabling certain SDKs, and you can manage your preferences through your browser, device settings or in-App controls where available.

     9. Security

     We use a combination of technical and organisational measures designed to protect your personal data against unauthorised access, loss, misuse, alteration or destruction. These measures include, where appropriate, HTTPS/TLS in transit, encryption at rest, access controls, logging and monitoring and regular security reviews.

     Despite our efforts, no system or transmission method is completely secure. If we become aware of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant authorities and affected individuals as required by applicable law.

     10. Your Rights

     Depending on your location and the laws that apply to you, you may have some or all of the rights listed below in relation to your personal data.

     • Right of access: You can ask us to confirm whether we process your personal data and, if so, receive a copy of that data and related information.

     • Right to correction/rectification: You can request correction of inaccurate or incomplete personal data we hold about you.

     • Right to deletion/erasure (“right to be forgotten”): You can ask us to delete your personal data in certain circumstances, for example, where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing.

     • Right to restriction: You can request that we restrict the processing of your personal data in certain situations.

     • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you can request a copy of your personal data in a structured, commonly used and machine-readable format, and you may ask us to transfer it to another controller where technically feasible.

     • Right to object: You can object to certain processing, including processing based on legitimate interests and, where applicable, to direct marketing or profiling related to direct marketing.

     • Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

     Under Indian DPDP Law, you also have the right to obtain information about the personal data we process about you, to correct and erase such data and to register a complaint with the Data Protection Board of India.

     Under UK and EU GDPR, you also have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner’s Office (ICO) or the data protection authority in the EU member state where you live or work.

     Under applicable US state privacy laws, you may have additional rights, such as the right to know categories of personal information collected, the right to opt out of targeted advertising and certain types of profiling, and, in some states, the right to limit the use and disclosure of certain sensitive personal information.

     To exercise any of these rights, please contact us at info@eiconvision.com. We may need to verify your identity before responding to your request, and in some cases we may be entitled to refuse or partially comply with your request, for example where it would infringe the rights of others or conflict with legal obligations.
     
     

     11. Children’s Data

  Our Services are not intended for children under the age of thirteen (13). We do not knowingly collect personal data from children under this age.

  If we become aware that we have collected personal data from a child under thirteen (13) without appropriate consent, we will take reasonable steps to delete that data as soon as practicable. Parents or guardians who believe that their child has provided us with personal data are encouraged to contact us using the details above.

  Where we are required by law to apply additional protections for children’s data (for example, under Indian DPDP Law or local child privacy laws), we will do so.

  12. . Changes to This Privacy Policy

  We may modify or update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.

  When we make material changes, we will take appropriate steps to notify you, for example, through the App, by email or by posting an updated version with a new effective date. We encourage you to review this Privacy Policy periodically so that you stay informed about how we handle personal data.

  13. Contact Information

  If you have any questions, concerns or complaints about this Privacy Policy or our use of your personal data, or if you wish to exercise your rights, you can contact us at:

  Email: info@eiconvision.com

  Address:

  No. 4, Dr. Radhakrishnan Salai, 2nd Street, Mylapore, Chennai – 600004, Tamil Nadu, India

  Where required by local law, you may also have the right to lodge a complaint with the competent data protection authority in your jurisdiction.

  14. Additional Information for United States Residents

  If you are a resident of a US state with a comprehensive consumer privacy law (for example, California, Colorado, Connecticut, Utah, Virginia and other similar states as such laws come into force), you may have certain rights in relation to your personal data (often called “personal information” in US laws), in addition to those described above.

  These may include the right to:

  • Request to know or confirm whether we process your personal information and to access that information.

  • Request correction of inaccurate personal information we hold about you.

  • Request deletion of your personal information, subject to certain exceptions.

  • Request a copy of your personal information in a portable and, where technically feasible, readily usable format.

  • Opt out of the sale of personal information, of certain types of targeted advertising, or of profiling in furtherance of decisions that produce legal or similarly significant effects, where such concepts are defined and applicable under your state’s law.

  We do not sell your personal information, and we do not use or disclose your personal information for cross-context behavioural or targeted advertising in a way that would require us to provide “Do Not Sell or Share” links under California or similar state laws.

  To exercise any of these rights, or to appeal a decision we have made in relation to a privacy request where such an appeal right is provided under your state law, please contact us at info@eiconvision.com and clearly indicate that you are a resident of a US state and wish to exercise a state privacy right. We may need to verify your identity before we can respond and may ask for additional information solely for this purpose.

  If we deny your request or appeal, we will explain the main reasons for our decision and tell you how you can contact the relevant state authority, where applicable.

  15. Additional Information for California Residents

  If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, “California Privacy Law”) may grant you specific rights regarding your personal information.

  15.1 Categories of Personal Information Collected

  In the 12 months preceding the Effective Date of this Privacy Policy, we have collected the following categories of personal information for the business and commercial purposes described in Sections 3, 4, 5 and 7 above:

  - Identifiers (for example, name, email address, device identifiers).

  - Internet or other electronic network activity information (for example, usage data, logs, interactions within the App).

  - Geolocation data (if you enable location-based features).

  - Audio-visual or similar information (for example, contribution and recognition images).

  - Inferences drawn from the above (for example, preferences and interests we may infer from usage and interaction data).

  We collect these categories of personal information from the sources and for the purposes described in this Privacy Policy, and we share them with the types of recipients described in the “Sharing Your Personal Data” section.

  We do not knowingly collect or process “sensitive personal information” about California residents in a way that would require us to offer a “Limit the Use of My Sensitive Personal Information” right under California Privacy Law.

  15.2 No Sale or Sharing for Cross-Context Behavioural Advertising

  We do not sell personal information of California residents and we do not share personal information for cross-context behavioural advertising as those terms are defined in California Privacy Law.

  15.3 Your California Rights

  Subject to certain conditions and exceptions, California residents have the right to:

  - Request to know the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, our business or commercial purposes for collecting it, and the categories of third parties to whom we disclose it.

  - Request deletion of personal information we have collected from you, subject to legal and other permitted exceptions.

  - Request correction of inaccurate personal information we hold about you.

  - Not be discriminated against for exercising any of your rights under California Privacy Law.

  You may exercise these rights by contacting us at info@eiconvision.com and indicating that you are a California resident making a “California privacy request”. We will take reasonable steps to verify your identity before responding, and you may be allowed to use an authorised agent to submit a request on your behalf, subject to verification and documentation requirements under California Privacy Law.

  If you make a request to know, request to delete or request to correct, we will respond within the time periods required by California Privacy Law and will explain our response and any reasons for refusing all or part of your request where permitted.