Privacy Policy
Last updated: January 2025
1. Introduction
This Privacy Policy explains how NEXTLEVELAPP ("Company", "we", "us", or "our") collects, uses, and protects your personal data when you use the NextLevelApp platform ("Service").
Data Controller:
- Business Name: NEXTLEVELAPP
- Owner: Norbert Waleszczyk
- NIP: 5423510366
- REGON: 543787703
- Contact: privacy@nextlevelapp.pl
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 Account Information
- Email address
- Name (optional)
- Profile picture (if using Google login)
- Password (hashed, if using email registration)
2.2 Payment Information
- Processed securely through Stripe
- We do not store credit card numbers
- Billing history and subscription status
2.3 Content Data
- Product images you upload
- Generated images and videos
- Creative prompts and preferences
2.4 Usage Data
- Login timestamps
- Feature usage statistics
- Project history
- Credit transactions
2.5 Technical Data
- IP address
- Browser type and version
- Device information
- Cookies and similar technologies
3. How We Use Your Data
We process your data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Processing payments | Contract performance |
| Account management | Contract performance |
| Customer support | Legitimate interest |
| Service improvement | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
4. AI Processing
4.1 Image Processing
- Uploaded images are processed by AI systems (Google Gemini, HiggsField) to generate content
- Images are transmitted securely to third-party AI providers
- Generated content is stored on our servers (Cloudflare R2)
4.2 Data Retention for AI
- Uploaded images: Retained for the duration of your account
- Generated content: Retained until you delete the project or account
- AI providers may temporarily process images but do not retain them
5. Data Sharing
We share data with the following categories of recipients:
5.1 Service Providers
- Stripe - Payment processing
- Google Cloud - AI image generation (Gemini)
- HiggsField - Video generation
- ElevenLabs - Music generation
- Cloudflare - Asset storage (R2)
- Railway - Server hosting
- Vercel - Frontend hosting
5.2 Legal Requirements
We may disclose data if required by law or to protect our rights.
5.3 Business Transfers
In case of merger or acquisition, your data may be transferred to the new entity.
6. International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all providers
- Privacy Shield certified providers where applicable
7. Data Security
We implement appropriate security measures:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure authentication (bcrypt password hashing)
- Regular security audits
- Access controls and monitoring
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
8.1 Right of Access
Request a copy of your personal data.
8.2 Right to Rectification
Correct inaccurate personal data.
8.3 Right to Erasure
Request deletion of your personal data ("right to be forgotten").
8.4 Right to Restrict Processing
Limit how we use your data.
8.5 Right to Data Portability
Receive your data in a structured, machine-readable format.
8.6 Right to Object
Object to processing based on legitimate interests.
8.7 Right to Withdraw Consent
Withdraw consent for marketing communications at any time.
To exercise your rights, contact us at: privacy@nextlevelapp.pl
9. Cookies
We use cookies for:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security | Session |
| Functional | User preferences | 1 year |
| Analytics | Usage statistics | 1 year |
You can manage cookies through your browser settings.
10. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Generated content | Until project/account deletion |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
| Analytics data | 2 years |
11. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.
12. Marketing Communications
- We send transactional emails (account, purchases, video completion)
- Marketing emails require explicit consent
- You can unsubscribe at any time via email preferences in Settings
13. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date. Significant changes will be communicated via email.
14. Contact Us
For privacy-related inquiries:
- Email: privacy@nextlevelapp.pl
- General Contact: contact@nextlevelapp.pl
- Website: https://nextlevelapp.pl
For complaints, you may also contact your local data protection authority.
NEXTLEVELAPP
NIP: 5423510366 | REGON: 543787703