Privacy Policy

Scented.ai is operated by Evgenii Razinkov pr Novi Sad, with registered address at Mite Ružića 2, Novi Sad, Serbia (matični broj: 67620046; PIB: 114493269).

For any privacy-related enquiries, contact us at support@scented.ai.

At scented.ai, we prioritize the privacy and protection of our users' data. We may collect and generate data about the use of the Service, which may include:

Personal Information:

• Email Address
• Encrypted account credentials (your password is stored as a one-way cryptographic hash and is never stored in readable form)
• Username
• Country of Residence
• Gender (optional — you may select "don't want to answer")
• User's personal collection of perfumes
• Ratings and feedback provided by the user on various perfumes
• Subscription tier (Free or Pro)
• Subscription status (active, cancelled, expired)
• Subscription billing cycle (as selected at time of purchase)
• Subscription start date, renewal date, and expiry date
• Purchase transaction IDs
• Purchase receipt data (issued by Apple App Store or Google Play)
• Billing country (the country of your App Store or Google Play account, used for local pricing and applicable tax calculations — received via RevenueCat)

Note on Sign in with Apple: If you choose to sign in using Sign in with Apple, Apple may provide us with a private relay email address on your behalf rather than your real email address. We use this address only to communicate with you and manage your account.

Usage Information:

• App usage information (screens visited, features used)
• Device type and operating system version
• Log data
• IP address
• App User ID (a unique identifier shared with RevenueCat to link your account to your purchases)
• Store platform (iOS App Store or Google Play — shared with RevenueCat to route and validate your purchases)

How We Collect This Data

• Account registration: email address, password (hashed), username, and country of residence are provided by you when you create your account. Gender is optional — you may select "don't want to answer".
• In-app actions: your perfume collection, ratings, subscription activity, and app preferences are recorded as you use the app.
• Email interactions: when you interact with emails we send — such as account deletion confirmation links or email verification — we record that action solely to complete the associated process.
• Automatically: usage information including app activity, log data, device type, OS version, and IP address is collected automatically as you use the Service via PostHog analytics.
• From Apple and Google (via RevenueCat): purchase receipts, subscription status, billing country, and store platform are received when you make a purchase or your subscription renews.

The primary goal of collecting this data is to enhance the user experience on scented.ai by:

• Continuously improving and adjusting our algorithms to provide more accurate and personalized scent recommendations.
• Understanding user behavior and preferences to introduce relevant features, products, or updates.
• Managing your Scented.ai Pro subscription, including activating Pro features (additional recommendations, magic searches, custom lists without limits), processing renewals, and handling cancellations.
• Verifying purchases made through the Apple App Store or Google Play and preventing fraudulent transactions.
• Complying with applicable legal and tax obligations related to financial transactions, including retaining billing records as required by law.

Legal Basis for Processing

Where required by applicable law (including for users in the EU, EEA, and Serbia), we process your personal data on the following legal bases:

• Contractual necessity: processing required to provide the Scented.ai service and manage your Pro subscription — for example, activating Pro features after a successful purchase and processing renewals.
• Legitimate interests: improving our app and recommendation algorithms, detecting fraud, and maintaining the security of our service.
• Legal obligation: retaining billing records, transaction IDs, and purchase receipts as required by applicable tax and accounting laws.
• Consent: where we have asked for and received your explicit consent — for example, push notifications for personalised recommendations, or any future optional marketing communications. You may withdraw consent for push notifications through your device notification settings at any time; for other consent, contact support@scented.ai.

Our core service uses automated processing of your personal data — including your perfume collection, ratings, and preferences — to generate personalised scent recommendations. This constitutes profiling within the meaning of GDPR Article 4(4) and Serbian PDPL.

The recommendations generated are algorithmic and are not solely determinative of any significant decision affecting you. You have the right to object to this profiling at any time by contacting us at support@scented.ai. Please note that opting out of profiling will significantly limit the core functionality of the Service, as personalised recommendations are its primary feature.

We take the security of your data seriously and employ the following measures:

• All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
• Personal data is encrypted at rest in our databases.
• Account passwords are stored as a one-way cryptographic hash; they are never stored in readable form.
• Access to personal data is restricted to authorised personnel on a need-to-know basis, protected by access controls and authentication.
• Payment card data is never transmitted to or stored on our servers; it is handled exclusively by Apple and Google.
• Our server infrastructure is hosted on dedicated hardware provided by Hetzner Online GmbH.

We have entered into Data Processing Agreements (DPAs) with RevenueCat, PostHog, and Hetzner Online GmbH in accordance with GDPR Article 28 and Serbian PDPL Article 45, ensuring these processors handle your personal data only as instructed and maintain appropriate security measures.

Despite these measures, no method of internet transmission or electronic storage is completely secure. If you have concerns about your data security, please contact us at support@scented.ai.

Access: Users have the right to request details about the data we hold on them.

Correction: Users can edit or update their personal data through their account settings at any time. If there are any discrepancies or inaccuracies, users are encouraged to rectify them promptly.

Erasure (Right to Deletion): You have the right to erasure of your personal data under GDPR Article 17. To exercise this right, delete your Scented.ai account from within the app: go to account settings and select Delete Account. You will receive a confirmation email with a secure link; clicking that link starts the deletion process. Upon confirmation, we will delete your account, profile, perfume collection, and usage data.

Important — cancel your subscription first: Before deleting your account, you must cancel any active Pro subscription through your device's App Store or Google Play subscription settings to avoid future charges. Deleting your Scented.ai account does not automatically cancel your subscription.

Exception — billing records: Transaction IDs, purchase receipts, and billing records associated with your Pro subscription are subject to legal retention requirements (minimum 7 years from the transaction date) and cannot be fully deleted within that period. These records are retained solely to comply with tax and accounting obligations and are not used for any other purpose.

Portability: You have the right to receive your personal data (such as your perfume collection and profile) in a structured, machine-readable format, and to request that we transmit it to another service where technically feasible.

Restriction: You have the right to request that we restrict processing of your personal data in certain circumstances — for example, while you contest the accuracy of data we hold about you.

Objection: You have the right to object to processing based on our legitimate interests, including profiling for personalised recommendations. We will stop that processing unless we have compelling legitimate grounds that override your interests.

Complaints: If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. For users in Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs). For EU/EEA users, contact your national DPA.

To exercise any of these rights, email us at support@scented.ai. We will respond within 30 days.

California residents: Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have the right to know what personal data we collect and how it is used, the right to correct inaccurate personal information, and the right to request deletion of your personal information. Scented.ai does not sell or share your personal data for cross-context behavioural advertising. To exercise your California privacy rights, contact us at support@scented.ai.

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Account data (email, username, country, gender, perfume collection, ratings): Retained for the lifetime of your account. Deleted within 30 days of a valid account deletion request, subject to the billing exception below.

Pro subscription and billing records (transaction IDs, purchase receipts, billing status, renewal dates): Retained for a minimum of 7 years from the transaction date, as required by applicable tax and accounting laws. These records may persist after account deletion.

Usage and analytics data (app usage, log data, IP addresses, PostHog analytics): Retained for up to 24 months, after which data is aggregated or deleted.

RevenueCat subscription data: Also subject to RevenueCat's own retention policy. See revenuecat.com/privacy for details.

scented.ai does not sell or rent user data to third parties. Data may be shared with the specific service providers named in the Third-Party Integrations section below solely for the purpose of enhancing the platform's functionality or as required by law. We have entered into Data Processing Agreements with all third-party processors to ensure your data is handled in accordance with applicable law.

scented.ai uses the following third-party service providers. Each processor has entered into a Data Processing Agreement with us and processes your personal data only as instructed.

PostHog: We use PostHog as an analytics tool to better understand user interactions within our native iOS and Android applications and on our server. PostHog helps us collect data on user activities, such as screens visited and interactions with features, which aids in improving our services. PostHog operates only within the mobile app and on the server side and does not set cookies in your browser. We rely on legitimate interests (Article 6(1)(f) GDPR) as the legal basis for this analytics processing. For full details, see posthog.com/privacy.

RevenueCat: We use RevenueCat to manage Pro subscription entitlements, available billing cycles and purchase validation. To provide this service, RevenueCat collects and processes: your App User ID (a device identifier linking your account to your purchases), your store platform (iOS App Store or Google Play), your billing country (your App Store or Google Play account country), and your purchase history (purchase receipt data issued by Apple or Google). RevenueCat does not receive your payment card details. These data categories correspond to Identifiers, Purchases, and Usage Data in Apple's App Privacy labels and Google Play's Data Safety section. RevenueCat is based in the United States. For full details, see their privacy policy at revenuecat.com/privacy.

Hetzner Online GmbH: Our server infrastructure is hosted on dedicated hardware provided by Hetzner. Hetzner acts as a data processor for infrastructure purposes only and does not access your personal data in an identifiable form.

Payment Processing

Scented.ai does not collect or store payment card information. All Pro subscription payments — regardless of billing cycle — are processed directly by Apple Inc. (via the App Store) or Google LLC (via Google Play), depending on which platform you use.

Apple Inc. and Google LLC act as independent data controllers in relation to your payment credentials and transactions; they are not data processors acting on our behalf for these purposes.

Your payment credentials are governed exclusively by Apple's Privacy Policy or Google's Privacy Policy, as applicable.

Scented.ai receives only confirmation of a successful or failed purchase and your resulting subscription status. We never receive your card number, CVV, or any other sensitive payment credentials.

Scented.ai is available globally, and some of the third-party service providers we use are based outside the European Economic Area (EEA) and Serbia. In particular:

• RevenueCat, Inc. is based in the United States and processes subscription and purchase data on our behalf.

PostHog, our analytics provider, processes data exclusively on servers located within the EU and does not transfer your personal data outside the EEA.

Where personal data is transferred to a country not recognised as providing an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we ensure the recipient maintains equivalent protections.

You may request more information about the applicable transfer mechanisms by contacting us at support@scented.ai.

With your explicit permission, we may send you push notifications about personalised perfume recommendations. We request your permission before sending any notifications.

You may withdraw this permission at any time through your device's notification settings:

• iOS: Settings → Notifications → Scented.ai
• Android: Settings → Apps → Scented.ai → Notifications

Withdrawing notification permission does not affect your access to the rest of the Service. We do not send advertising or marketing notifications on behalf of third parties.

Scented.ai's native iOS and Android applications do not use browser cookies. PostHog analytics operates exclusively within the native apps and on our server infrastructure — it does not set cookies in your browser.

Our website (scented.ai) may use essential technical cookies solely to maintain basic website functionality. We do not use cookies for advertising, cross-site tracking, or profiling purposes.

You can adjust your browser settings at any time to limit or refuse cookies. Doing so will not affect your use of the mobile application.

Our Service is available exclusively through the Apple App Store and Google Play, both rated for users aged 16 and over. By downloading and using our app, you confirm that you are at least 16 years old.

We do not knowingly collect personal data from users under 16. If we become aware that a user under 16 has registered, we will promptly delete their account and associated personal data. To report a potential underage account, please contact us at support@scented.ai.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority — for Serbia, the Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs) — within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and Serbian PDPL.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless the affected data was rendered unintelligible (for example, through encryption) such that the risk is unlikely to materialise.

If you suspect a data security incident involving your account, please contact us immediately at support@scented.ai.

From time to time, we may update this Privacy Policy to reflect changes in practices or for other operational, legal, or regulatory reasons. Users will be notified of any significant changes through a mandatory in-app notice on first launch following the update, or via email.

By using scented.ai, users acknowledge and agree to this Privacy Policy. We encourage users to review this section periodically to stay informed about how we are helping to protect the personal information we collect.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@scented.ai.