Privacy policy

Last updated: February 26, 2026

Novalinya is committed to protecting the privacy of its users. This policy explains how we collect, use and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data controller

The data controller is Novalinya, reachable at: contact@novalinya.com.

2. Data collected

As part of our AI body analysis service, we collect the following data:

  • Email address: to send you the link to your analysis report
  • Form data: gender, age, height, weight, goals, activity level
  • Body photos: 3 photos (front, side, back) required for AI analysis
  • Technical data: IP address, browser type, request timestamp

3. Purposes of processing

Your data is processed for the following purposes:

  • Performing AI-powered body analysis
  • Generating your personalized report (score, heatmap, recommendations)
  • Sending your report link via email
  • Improving our service quality and algorithms

4. Legal basis

Data processing is based on your explicit consent, given by checking the consent box on the analysis form and submitting your information.

5. Sub-processors

To provide our service, we use the following sub-processors:

  • AI service provider: image processing and recommendation generation (US servers, with GDPR-compliant standard contractual clauses)
  • Supabase: database hosting (EU region, Ireland)
  • Amazon Web Services: temporary photo storage (EU region, Paris)
  • Stripe: payment processing for Premium option (receives no photos or analysis data)
  • Tilda: website hosting

6. Data retention

  • Photos: deleted immediately after AI analysis (no permanent storage)
  • Analysis results: retained as long as necessary to provide access to your report
  • Email address: retained for report delivery and deleted upon request
  • Payment data: processed exclusively by Stripe, not stored by Novalinya

7. Data security

We implement the following security measures:

  • AES-256 encryption of photos during transfer and processing
  • HTTPS connection (TLS 1.3) for all communications
  • Automatic deletion of photos after analysis
  • Restricted data access (no human access to photos)
  • Hosting in certified data centers (AWS, Supabase)

8. Your rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to data portability: receive your data in a structured format
  • Right to object: object to the processing of your data
  • Right to withdraw consent: withdraw your consent at any time

To exercise these rights, contact us at: contact@novalinya.com. We respond within 30 days.

9. Cookies

Our website uses only essential cookies:

  • Consent cookie: remembers your cookie preference (localStorage)
  • Tilda technical cookies: necessary for website functionality

We do not use advertising or tracking cookies.

10. International transfers

Some data may be transferred to providers located outside the European Union. These transfers are governed by standard contractual clauses approved by the European Commission, ensuring an adequate level of protection.

11. Complaints

If you believe that the processing of your data is not compliant, you can file a complaint with your local data protection authority. For French residents: CNIL (Commission Nationale de l'Informatique et des Libertes) at www.cnil.fr.

12. Changes

We reserve the right to modify this policy at any time. Any changes will be published on this page with an updated date. We encourage you to review this page regularly.

Legal notice Privacy policy Terms of service Contact

© 2026 Novalinya. All rights reserved.

Made on
Tilda