NailMuseLab Privacy Policy

NailMuseLab inspires nail artistry, manicure planning, and color storytelling on Google Play.

Effective 9 April 2026 · Updated 10 April 2026

Privacy Policy | Child Safety Standards | Terms of Use

Age & onboarding. NailMuseLab is meant only for individuals at least eighteen (18) years old. There is no mandatory user account or login to access the primary experience; where the app asks you to acknowledge this Policy and the Terms of Use, that gesture records your agreement and supports your representation that you meet the age threshold. NailMuseLab does not operate a standalone age-verification gate beyond those acknowledgements and tools you configure on your device or store profile.

Contents

Identity of the Controller | About NailMuseLab | Personal Data We Process | Device Permissions | Purposes & Compatibility | Legal Bases (where applicable) | Retention | Sharing & Processors | Sales, Sharing & Opt-Out | International Transfers | Security | Your Regional Rights | Supervisory Complaints | No Targeting of Minors | Third-Party Surfaces | Changes

1. Identity of the Controller

The operator of NailMuseLab (“we,” “us,” or “our”) is Xiangxiang Tuanmei Trading Co., Ltd. We decide how and why personal data is processed in connection with the mobile experience distributed through Google Play, and we therefore act as the data controller when data protection law assigns that role to us.

Postal address: No. 127, Xinjie Community, Maotian Town, Xiangxiang, Xiangtan, Hunan Province

Privacy & data requests: welcome@tuanmeitrading.com

Alternate inbox: jaclynwhee@gmail.com

Website: https://tuanmeitrading.com

Email welcome@tuanmeitrading.com for privacy questions, data subject requests, and regulatory correspondence. We designate this channel as our Data Protection Contact (sometimes referenced as a privacy officer or data protection coordinator depending on jurisdiction).

Data Protection Officer (DPO): Our designated Data Protection Officer is Jaclyn Whee, who is responsible for overseeing compliance with data protection regulations, addressing privacy concerns, and managing data subject requests. You may contact the DPO directly via the alternate inbox: jaclynwhee@gmail.com, or via the primary privacy inbox: welcome@tuanmeitrading.com (please note “Attention: DPO” in the subject line). To learn more about GDPR and CCPA compliance for app developers, view the TL;DR GDPR and Data Regulations for Developers courses from our partners at Data Protocol.

2. About NailMuseLab

NailMuseLab is a beauty-forward utility for exploring nail aesthetics—capturing manicures, cataloging palettes, planning sets, publishing posts, and curating a profile that reflects your polish journey. Unless a screen states otherwise, image processing and draft assembly often occur on-device on supported Android hardware.

The application does not rely on mandatory third-party social sign-in as a condition of entry. Some workflows (store purchases, help messages you initiate, or future synchronised backups) may create additional records as described below.

3. Personal Data We Process

3.1 Content you volunteer

Photographs of nails and hands, profile portraits, optional on-device video sequences assembled from stills for publishing, textual captions, short voice memos, reminder metadata, and feedback clips you attach inside the Profile area may all qualify as personal data when they identify you. These assets usually remain inside app-scoped storage until you export or hand off content through the Android share sheet.

3.2 Commerce & entitlement data

If you acquire digital items through Google Play Billing, we may observe SKU identifiers, purchase timestamps, refund/chargeback flags, and virtual currency balances mirrored locally or on our minimal back office when such infrastructure exists.

3.3 Diagnostics & product analytics

We can collect app version, OS level, device model, language locale, crash stack traces, ANR fingerprints, and coarse engagement metrics needed to stabilize rendering of polish textures and scrolling layouts across OEM skins.

3.4 Identifiers for advertising & attribution

Partner SDKs you install with our build may read a resettable advertising ID or similar tokens. You may limit ad personalization using Android settings where available.

3.5 Communications

Support tickets, abuse reports, and privacy inquiries you email us will include whatever identifiers and narrative context you supply in headers and bodies.

4. Device Permissions

We request privileged access only when you invoke a matching feature, and supplemental rationales appear in English inside the client where the platform requires them.

4.1 Camera

NailMuseLab uses the camera to photograph your nails and hands when publishing posts, refreshing profile imagery, or capturing skin-tone reference swatches that inform shade suggestions. You may decline camera access and rely on gallery imports where supported.

4.2 Photos & media library

Read access lets you pick archived nail photos or existing portrait shots for posts and avatars. Write access (where enabled) saves exported collages, storyboards, or rendered tutorial frames into albums you control, consistent with Android scoped storage rules.

4.3 Microphone

The microphone records brief voice memos that can accompany manicure posts, capture planning reminders, and support spoken feedback in the Profile feedback flow when you elect to attach audio. Recording begins only after you start those explicit actions.

4.4 Storage & filesystem

We may read or write within app-specific directories or other scopes the system grants for caching beauty assets, downloaded reference boards, and temporary encodes prior to publishing.

4.5 Application metadata

Google Play and the host OS expose package names, certificate fingerprints, version codes, and Play Integrity signals that we rely on for anti-tampering and licensing.

5. Purposes & Compatibility

 Render capture, editing, on-device effect layers, crop guides, and publishing flows for nail content.

 Power reminder cues, voice-note overlays, and feedback capture you initiate.

 Deliver in-application shopping for digital goods or stylist add-ons sanctioned on Google Play.

 Maintain community safety, including references to our Child Safety Standards.

 Debug hardware-specific color science issues and uphold compatibility contracts with Android API levels.

 Honor lawful requests from people, regulators, and payment partners.

6. Legal Bases (where applicable)

For residents subject to the EU or UK General Data Protection Regulation, Swiss FADP, and analogous frameworks, we rely on:

 Contract (Art. 6(1)(b) GDPR): processing necessary to supply NailMuseLab features and purchases you activate.

 Legitimate interests (Art. 6(1)(f) GDPR): securing accounts of misuse, improving reliability, understanding aggregate trends, and documenting transactions, balanced against your rights.

 Consent (Art. 6(1)(a) GDPR): optional analytics, push experiments, or categories of sensitive imaging where local law mandates explicit approval.

 Legal obligation (Art. 6(1)(c) GDPR): retaining evidence required by tax, commerce, or child-safety mandates.

Under Brazil’s LGPD, themes map to service performance, legitimate interest, consent, fraud prevention, and regulatory compliance depending on the specific activity.

7. Retention

We are committed to disclosing our data retention practices clearly, as required by major privacy regulations (including GDPR and CCPA), to ensure you understand how long your personal data is retained and the reasons for such retention. Our retention practices are as follows, aligned with the purpose of processing and legal obligations:

 On-device content (galleries, drafts, and volunteer content): On-device galleries, manicure photos, drafts, voice memos, and other volunteer content persist until you delete them, revoke relevant permissions, clear app storage, or uninstall the app. This retention period is determined by your actions, as these assets are primarily stored locally on your device (subject to manufacturer backup behavior you manage). The reason for this retention is to allow you to access and manage your content at your discretion.

 Transaction ledgers: Transaction ledgers accessed through Google Play (including SKU identifiers, purchase timestamps, refund/chargeback flags, and virtual currency balances) may be stored for multi-year horizons. This retention is necessary to satisfy commerce and tax statutes, as well as to resolve any disputes related to purchases.

 Communications (privacy/safety inquiries): Correspondence about privacy or safety (including support tickets, abuse reports, and privacy inquiries) is generally retained up to twenty-four (24) months after the last substantive message. If a litigation hold is in place (e.g., to address legal disputes), this content may be retained for a longer period to comply with legal obligations.

 Diagnostics & analytics data: Diagnostic data (app version, OS level, crash stack traces) and coarse engagement metrics are retained for up to twelve (12) months from the date of collection. This retention period allows us to debug hardware-specific issues, stabilize app performance, and improve the overall user experience, after which the data is either anonymized or deleted.

 Advertising & attribution identifiers: Resettable advertising IDs and similar tokens are not stored by us beyond the duration of your app session, unless required by our advertising partners to measure attribution, in which case retention is limited to ninety (90) days. This aligns with our commitment to minimizing data retention.

To learn more about GDPR compliance for app developers, view the TL;DR GDPR and Data Regulations for Developers courses from our partners at Data Protocol. To learn more about platform policy compliance best practices, view the Decoding Platform Policies and Managing_Platforms courses from our partners at Data Protocol.

8. Sharing & Processors

We clearly disclose all third-party sharing of your personal data, as required by CCPA and other privacy regulations. Below is a detailed breakdown of the third parties with whom we share personal data, the types of data shared, and the purpose of sharing:

 Google LLC & affiliates: We share data with Google LLC and its affiliates for distribution (via Google Play), billing (via Google Play Billing), optional Firebase or Play Integrity telemetry, and crash pipelines we enable. The data shared includes app version, device model, crash stack traces, purchase timestamps, and SKU identifiers. This sharing is necessary to distribute the app, process payments, and maintain app stability.

 Analytics, advertising, attribution, or customer-support vendors: We share data with these vendors only when their SDKs are included in the app binary you install. The data shared may include resettable advertising IDs, coarse engagement metrics, and support ticket content (for customer-support vendors). This sharing is for the purpose of improving app performance, measuring advertising effectiveness, and providing customer support.

 Professional advisers: We share data with counsel, insurers, or auditors, who are subject to confidentiality obligations. The data shared is limited to what is necessary for legal advice, insurance coverage, or audit purposes.

 Authorities & NGOs: We share data with authorities and NGOs when we must respond to lawful orders or escalate credible child-safety matters. This sharing is required by law or to protect the safety of minors.

 Corporate transactions: In the event of a corporate transaction (e.g., merger, acquisition), successors may receive continuing disclosures of personal data, with notice provided when required by law. This ensures continuity of service and compliance with legal obligations.

You have the right to know whether your personal data is shared with third parties, as required by CCPA. For California residents, this right includes the ability to request details about the categories of third parties with whom we share personal data, the categories of data shared, and the purpose of such sharing (see Section 12 for how to submit a request).

9. Sales, Sharing & Opt-Out

U.S. state statutes—including the California Consumer Privacy Act as amended by the CPRA, the Virginia Consumer Data Protection Act (VCDPA), Colorado, Connecticut, Utah, and kindred laws—define “sale,” “sharing,” and “targeted advertising” in specialized ways. Digital analytics or advertising partners may engage in activities that qualify under those definitions even when no cash changes hands in a traditional “sale.”

Right to Know About Data Sales: You have the right to know whether your personal data is sold, as required by CCPA. Under California law, “sale” is broadly defined as the disclosure of personal data for valuable consideration (which may include non-monetary consideration, such as access to analytics tools). We do not engage in traditional sales of personal data (i.e., selling your data for cash), but some activities with our advertising and analytics partners may qualify as “sales” under CCPA. Specifically, when partner SDKs read your resettable advertising ID for attribution or targeted advertising purposes, this may be considered a “sale” under California law. To learn more about CCPA compliance for app developers, view the Data Regulations for Developers course from our partners at Data Protocol.

Right to Opt-Out of Data Sales: You have the right to opt out of the sale of your personal data, as required by CCPA and other upcoming state privacy laws. This right allows you to prevent us from disclosing your personal data in any transaction that qualifies as a “sale” under applicable law.

Opt-out request: To exercise your right to opt out of data sales (or other privacy rights), email welcome@tuanmeitrading.com with subject “Privacy Opt-Out — NailMuseLab,” describe the right you wish to exercise (for example, opt out of targeted advertising or statutory “sales”), include a reply address, and identify your region. We may request verification consistent with applicable law to ensure the request is legitimate. You may also use Android’s advertising-ID controls (in your device settings) and any Google Play privacy toggles made available to you to limit ad personalization and opt out of certain data sales.

We will not discriminate against you for exercising privacy rights except where loyalty programs lawfully differentiate benefits with proper notice.

10. International Transfers

Our business address sits outside the European Economic Area, United Kingdom, and Switzerland. If you access NailMuseLab from those regions, personal data may transit globally. Where regulators require additional safeguards, we implement instruments such as the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, or Swiss annexes, supplemented with technical measures you may inquire about by writing to us.

11. Security

We deploy administrative, technical, and organizational controls sized to the risk, including least-privilege staff access, transport encryption for services we host, reliance on Android sandboxing, and periodic review of subprocessors. No online or mobile system is flawless; please maintain device passwords, disable unknown-sources sideloading, and keep NailMuseLab updated.

12. Your Regional Rights

Depending on where you reside, you may request access, correction, deletion, restriction, portability, or objection; withdraw consent without undermining earlier lawful processing; or decline certain profiling with legal effects. Brazilian data subjects may petition ANPD, while EEA, UK, and Swiss residents may choose among supervisory forums described below.

Right to Correct Inaccurate or Incomplete Personal Data: You have the right to request the correction of any inaccurate or incomplete personal data that we collect and process, as required by GDPR and CCPA. If you believe your personal data is inaccurate (e.g., incorrect purchase information, outdated profile content) or incomplete (e.g., missing details in your feedback), you may submit a correction request to have this data updated. To learn more about GDPR and CCPA compliance for app developers, view the TL;DR GDPR and Data Regulations for Developers courses from our partners at Data Protocol.

Submit requests (including correction, access, deletion, and opt-out requests) to welcome@tuanmeitrading.com. Authorized agents may act where statutes permit—include signed proof of authority. We respond within legal deadlines or, absent any, within forty-five days with reasonable extensions for complex cases.

U.S. state privacy programs

Residents may request category-level disclosures, access to specific pieces of personal information, and deletion subject to exceptions tied to finished transactions or legal holds. Some states provide appeal rights if we deny a verified request. For California residents, this includes the right to know about data sales and sharing, the right to opt out of data sales, and the right to correct inaccurate personal data, as detailed in Sections 7, 8, and 9.

13. Supervisory Complaints

You may contact a data protection regulator before or without involving us, though we welcome the chance to solve concerns informally. Illustrative authorities include:

 EEA: your national supervisory authority (see European Data Protection Board listings).

 United Kingdom: Information Commissioner’s Office.

 Switzerland: Federal Data Protection and Information Commissioner.

 Brazil: Autoridade Nacional de Proteção de Dados.

 United States: state attorneys general privacy desks where operational.

14. No Targeting of Minors

NailMuseLab is not directed at children, and we do not knowingly collect personal information from anyone younger than eighteen (18). Guardians who believe a minor has submitted data should alert us; we will delete information we are not legally obligated to retain.

15. Third-Party Surfaces

Embedded browsers, salon booking partners, or social destinations you open after sharing content operate under separate privacy notices. Billing continues to be governed by Google’s policies for the components they control.

16. Changes

We may revise this Policy to address new product flows, regulatory interpretation, or clarity. Material updates will carry a refreshed “Updated” line above and, when practical, additional notice inside NailMuseLab or on our store listing. Continued use after notice—where allowed—signals acceptance unless a jurisdiction insists on fresh consent.

© 2026 Xiangxiang Tuanmei Trading Co., Ltd. “NailMuseLab” is used for identification of the application experience.

|(注:文档部分内容可能由 AI 生成)