ChroMuse Privacy Policy

Effective Date: April 13, 2026

Operator: INNOKWAY LIMITED

Contact Email: help@chromuse.com

Welcome to ChroMuse. This Privacy Policy explains how we collect, use, store, share, and protect your information when you access, register for, log in to, or use ChroMuse and related services.

ChroMuse is an application primarily offered to users in the United States and provides features such as alcohol marker color set management, scanning product SN codes to import color sets, uploading line art images, and generating AI-colored images based on the marker colors owned by the user.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

We may collect information you voluntarily provide, including but not limited to:

  1. Account information, such as your email address, login credentials, username, profile image, and other account details.
  2. Product entry information, such as product SN codes you scan or enter manually, corresponding color set information, entry time, and account association.
  3. Image and content information, such as line art images, reference images, color selections, prompts, AI generation parameters, and generated images.
  4. Support, report, and feedback information, such as inquiries, suggestions, complaints, copyright or safety reports, email content, and attachments.
  5. Gift card or redeem code information, such as code submission, redemption time, redemption status, and the account to which a code is applied.
  6. Information submitted when you participate in surveys, testing programs, promotions, or activities.

1.2 Information Collected Automatically

When you use the Service, we may automatically collect certain technical and usage information, including:

  1. Device information, such as device model, operating system version, language, time zone, and app version.
  2. Network and log information, such as IP address, network type, access time, login time, activity logs, error logs, and crash logs.
  3. Usage information, such as page views, button clicks, scan frequency, color entry frequency, AI image generation frequency, save records, feature usage data, report submissions, and credit usage history.
  4. Identifiers, such as device identifiers, session identifiers, or other identifiers related to analytics, fraud prevention, purchases, or notifications.

1.3 Information from Third Parties

Where applicable, we may receive necessary information about you from third parties, including:

  1. Order information, transaction identifiers, product identifiers, purchase time, purchase status, subscription status, refund status, and chargeback or reversal status from app stores or payment platforms.
  2. Authorized identity information from third-party sign-in providers.
  3. Analytics results, notification status, moderation or safety screening results, or security screening results from service providers.
  4. Order validation results and entitlement confirmation information from billing, app store, or distribution partners.
  5. Account information received from third-party sign-in providers, such as Apple, Google, Facebook, Instagram, or TikTok, including provider-specific user identifiers, email address, display name, or profile image, depending on the provider and your authorized permissions or scopes.

2. How We Use Your Information

We may use the information we collect for the following purposes:

  1. To provide, maintain, and improve ChroMuse and related services.
  2. To identify and associate scanned product SN codes with your account and import corresponding color sets.
  3. To process uploaded images, prompts, color set information, and generation parameters in order to generate AI images.
  4. To store your artwork history, color assets, generation history, Credits balance, redemption history, and preferences.
  5. To verify identity, maintain account security, detect abnormal activity, and prevent fraud or abuse.
  6. To process in-app purchases, validate transactions, apply purchased or redeemed Credits, detect billing abuse, and handle refunds, reversals, or disputes.
  7. To provide customer support and respond to inquiries, disputes, reports, and requests.
  8. To analyze product usage and improve features, performance, safety controls, and user experience.
  9. To send service-related notices, such as AI generation completion notifications, account security alerts, purchase confirmations, redemption notices, service updates, or policy updates.
  10. To register and authenticate your account through third-party sign-in providers, link and manage supported login methods, prevent unauthorized access, and support account recovery and customer support.
  11. To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others.

3. AI Features, Uploaded Images, and Safety Handling

3.1 AI Processing

When you use AI image generation features, the uploaded images, prompts, color set information, generation parameters, and generated results you provide or create may be used to:

  1. Process images, perform model inference, generate outputs, and return results.
  2. Save history so you can review, manage, and reuse your records.
  3. Deduct or account for Credits used for eligible AI features or other digital functionality.
  4. Troubleshoot issues, optimize performance, and improve service quality.
  5. Conduct content safety review, risk control, fraud prevention, and legal compliance management.

3.2 Vertex AI and Gemini Image Models

We use Google Cloud Vertex AI, including Gemini image generation models, to process prompts, uploaded images, and generated outputs in order to provide image generation and editing features. Generated outputs are handled as customer data under the applicable Google Cloud terms. Unless you give permission or instruction otherwise, customer data is not used by Google to train or fine-tune Google foundation models for this service.

3.3 User Rights Confirmation for Uploaded Images

You are responsible for ensuring that the content you upload, process, generate, or save is lawfully obtained and does not infringe any third party's intellectual property rights, privacy rights, publicity rights, trademark rights, or other legal rights. We may require you to confirm that you own the uploaded image or have the necessary rights and permission to use it.

3.4 Private Visibility of Generated Images

Generated images and uploaded images are intended to be visible only to the account holder by default within the Service, unless we later introduce a sharing feature or you choose to export, save, or otherwise distribute content outside the Service.

3.5 Safety, Copyright Detection, and Review

To help prevent misuse, we may use automated tools, filters, classifiers, metadata review, watermark or logo detection, duplicate detection, and manual review processes to identify or investigate content that may be unsafe, unlawful, infringing, deceptive, abusive, or otherwise prohibited.

3.6 Reporting and Complaints

The Service may provide in-app reporting or feedback tools that allow you to report offensive, unsafe, infringing, or otherwise problematic generated results or uploaded images without leaving the app. You may also contact us at help@chromuse.com. We may review, restrict, remove, block, or preserve records relating to reported content where necessary for safety, legal compliance, fraud prevention, or rights protection.

4. Third-Party Sign-In Services

We may allow you to register for, sign in to, or link your ChroMuse account using third-party identity providers, including Apple, Google, Facebook, Instagram, and TikTok, where available and supported in your region or on your device.

When you choose a third-party sign-in method, we may receive certain account information from that provider, depending on the provider, the permissions or scopes you authorize, and the information made available by the provider. Such information may include:

  1. A provider-specific user identifier.
  2. Your email address, where provided or authorized.
  3. Your display name, nickname, or username.
  4. Your profile image or avatar.
  5. Other basic account information that the provider makes available to us for sign-in, account creation, or account linking purposes.

We use this information to create or authenticate your account, link your third-party login method to your ChroMuse account, maintain account access, improve account security, help you recover access to your account, and provide customer support.

The specific data we receive depends on the relevant third-party provider and the permissions or scopes you approve. We do not control the privacy or security practices of these third-party providers. Your use of third-party sign-in services is also subject to the applicable provider’s terms, privacy policy, and account settings.

If you revoke authorization, remove permissions, unlink your account, or lose access to your third-party account, some login or account recovery features may no longer be available to you unless you have added another supported login method or recovery method to your ChroMuse account.

4.1 Provider-Specific Notes

For example, Facebook Login may provide basic profile information and email address where authorized; TikTok sign-in may provide a provider-specific identifier and other information within the scope you approve; and Google sign-in may provide account information made available under the permissions or scopes you authorize.

5. In-App Purchases, Credits, Gift Cards, and Billing Information

ChroMuse may offer in-app purchases such as Credits, subscriptions, paid features, redeemable gift cards, or other digital entitlements.

5.1 Platform Billing

When you make a purchase through Apple App Store, Google Play, or another authorized distribution platform, payment processing is generally handled by that platform and subject to its billing and payment rules. We do not receive your full payment card number or full financial account credentials from Apple or Google.

5.2 Purchase and Billing Data We May Receive

To operate purchases and entitlements, we may receive and process billing-related metadata such as:

  1. Product identifiers.
  2. Transaction or order identifiers.
  3. Purchase time and purchase status.
  4. Subscription status, renewal status, or expiration status, where applicable.
  5. Refund, reversal, or chargeback status.
  6. Country or storefront information associated with a purchase.
  7. Entitlement fulfillment and order validation results.

5.3 How We Use Purchase and Redemption Data

We may use purchase, billing, and redemption data to:

  1. Apply Credits or other purchased entitlements to your account.
  2. Verify and restore eligible purchases.
  3. Process gift card or redeem code redemptions.
  4. Detect fraud, abuse, unauthorized transactions, or policy violations.
  5. Provide support for billing, redemption, or account issues.
  6. Comply with tax, accounting, legal, or regulatory obligations.

5.4 Gift Cards and Redeem Codes

If you redeem a gift card, voucher, or redeem code, we may process the code submitted, the redemption result, linked account information, and related anti-fraud signals in order to validate, apply, audit, and support the redemption.

6. How We Share Your Information

We do not sell your personal information, nor do we share your personal information with third parties for cross-context behavioral advertising purposes as defined under the California Privacy Rights Act (CPRA). California residents may submit a "Do Not Sell or Share My Personal Information" request at any time by contacting help@chromuse.com.

We may share, disclose, or transfer necessary information in the following circumstances:

  1. Service Providers: such as cloud storage providers, cloud computing providers, Google Cloud Vertex AI service providers, image processing providers, content moderation providers, analytics providers, notification services, email delivery providers, customer support services, billing support providers, fraud prevention providers, and monitoring services.
  2. Payment and Platform Partners: such as Apple, Google, or other providers handling payments, order verification, subscriptions, refunds, or purchase restoration.
  3. Legal and Compliance Requirements: to comply with applicable law, court orders, subpoenas, regulatory requests, or lawful law enforcement requests.
  4. Business Transactions: in connection with a merger, acquisition, asset sale, financing, restructuring, or similar transaction.
  5. With Your Consent: where you have expressly authorized us to do so.

We require relevant third parties to process your information only as reasonably necessary and to implement appropriate safeguards.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our general retention practices include the following:

  1. Account information is generally retained while your account remains active and for a reasonable period after deletion where permitted or required by law.
  2. AI generation history and artwork records are generally retained while your account is active and deleted or anonymized within a reasonable period after account deletion, subject to legal or technical limitations.
  3. Device and usage logs may be retained for security, fraud prevention, and service improvement purposes for a limited period.
  4. Analytics data may be retained in aggregated or de-identified form.
  5. Legal hold, billing, dispute, fraud prevention, and compliance data may be retained for the period required by applicable law or until resolution of the relevant matter.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the right to:

  1. Access the personal information we hold about you.
  2. Correct inaccurate or incomplete information.
  3. Delete your account or certain personal information.
  4. Restrict or object to certain processing activities.
  5. Opt out of certain marketing communications.
  6. Request export of certain data you submitted.

You may contact us at help@chromuse.com to submit a request. We may need to verify your identity before processing your request.

9. Additional Notice for California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including rights to know, correct, delete, and access certain personal information we collect about you, and, where applicable, rights related to the sale or sharing of personal information and the use of sensitive personal information.

We do not sell your personal information or share it for cross-context behavioral advertising. To exercise your rights, contact help@chromuse.com. We may need to verify your identity before processing your request, and we will not discriminate against you for exercising applicable privacy rights.

10. App Permissions and Device Access

To provide relevant features, we may request access to certain device permissions when you use related functions. You may manage these permissions in your device settings. If you decline a permission, certain features may not function properly, but basic app functionality will generally remain available.

10.1 iOS Permissions

  1. Camera Permission. Used to scan product SN codes, capture line art images, or take other images related to app functionality.
  2. Photo Library Permission. Used to select line art images or reference images from your device, and to save AI-generated results to your photo library.
  3. Notification Permission. Used to send AI generation completion alerts, account security notices, order or subscription notifications, and service update notices.

10.2 Android Permissions

  1. Camera Permission. Used to scan product SN codes, capture line art images, or take other images related to app functionality.
  2. Network Permission. Used for login, data synchronization, image upload, AI image generation, content loading, push notifications, and other online features.
  3. Storage / Media Access Permission. Used to allow you to select local images for upload, read image files you choose to provide, and save AI-generated results to your device. The specific permission type requested may vary depending on the Android system version.
  4. Notification Permission. Used to send AI generation completion alerts, account security notices, service messages, and order or subscription notifications.

10.3 Our Principles for Using Permissions

  1. We request only the permissions necessary for clearly identified functions.
  2. We seek to minimize the scope of permissions requested.
  3. We do not access unrelated permissions without notice.
  4. You may disable permissions at any time, but some features may be limited as a result.

11. Third-Party SDKs and Services

To support analytics, performance optimization, notifications, content processing, payment validation, and other service capabilities, we may integrate third-party SDKs, APIs, or services.

11.1 Firebase / Google Analytics for Firebase

We may use Firebase and Google Analytics for Firebase for app analytics, product optimization, user behavior analysis, crash monitoring, and service improvement.

When such services are used, the third-party provider may process data related to app usage, such as:

  1. Device and app information, such as device model, operating system version, and app version.
  2. Usage information, such as app launches, page views, click events, feature usage, and session duration.
  3. Event information, such as scan events, upload events, generation events, save events, purchase events, and redemption events.
  4. Identifiers, approximate location information, or network-related information associated with analytics services.

11.2 Google Cloud Vertex AI

We may use Google Cloud Vertex AI services, including Gemini image generation models, to process prompts, uploaded images, and generated outputs for image generation and editing features.

11.3 Changes to Third-Party Services

As our product, technical architecture, or regulatory requirements evolve, we may add, replace, or remove third-party SDKs or services. If such changes materially affect how personal information is processed, we will notify you through an updated Privacy Policy, in-app notice, or other reasonable means.

12. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. These safeguards may include encryption in transit, access controls, security monitoring, and vendor management practices. However, no internet transmission or electronic storage method is completely secure, and we cannot guarantee absolute security.

13. International Transfers

User data collected through ChroMuse is primarily stored on servers located in the United States. Some of our third-party service providers may process data in other countries. Where data is transferred outside your country of residence, we will take reasonable steps to ensure appropriate safeguards are in place, as required by applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If a change materially affects your rights or the way we process your data, we may notify you by email to the address associated with your account and/or by a prominent in-app notice before the change takes effect, where required by applicable law. Where a material change involves a new use of your previously collected personal information and consent is required, we will obtain your consent before applying that change to your information. The updated version becomes effective on the date stated in the revised policy. If you do not agree to the updated Privacy Policy, you should stop using the Service and may request deletion of your account where applicable.

15. Contact Us

If you have any questions, comments, requests, or complaints regarding this Privacy Policy, please contact us:

INNOKWAY LIMITED

Email: help@chromuse.com

Address: UNIT 903A 9/F CAMERON COMMERCIAL CENTRE 458-468 HENNESSY ROAD CAUSEWAY BAY HK