Privacy Policy | TriedIt DIY

1. Who We Are

TriedIt DIY ("the Service") is operated by Nunn Holdings, LLC, a North Carolina limited liability company ("we," "us," or "our").

Registered address: 4030 Wake Forest Road STE 349, Raleigh, NC 27609, United States.

For the purposes of the EU/UK General Data Protection Regulation (GDPR), we are the data controller of your personal data.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. It applies to our website, iOS app, Android app, and all related services.

2. Information We Collect

2.1 Information you provide

Account information: When you sign in with Google, we receive your name, email address, and profile photo. If you create a profile, you may also provide a username, bio, website URL, and social media handles (Instagram, Pinterest).
Content you create: Projects, build steps, instructions, reviews, shopping lists, and images you upload.
Saved content: Saved projects, collections, shopping list items, and creators you follow.
Room photos: If you use the Project Preview feature, you may upload a photo of your room. This image is sent to our AI provider for processing and is not stored on our servers after the preview is generated.
AI conversations: Messages you send to HandyBot (our AI assistant) are processed in real time and are not stored on our servers. Chat history is kept only in your browser or app session and is lost when you close it.
Payment information: When you subscribe to Pro, payment details (card number, billing address) are collected directly by our payment processors (Stripe or Apple/Google app stores). We do not receive or store your full card number.

2.2 Information collected automatically

Usage data: We track feature usage counts to enforce tier limits (e.g., number of HandyBot messages, Project Preview generations, and saved projects per month). These counters are stored in your account and reset monthly.
Project view counts: We count views on projects to show popularity. Individual view events are not linked to your identity.
Device and browser data: We use your device platform (iOS or Android) for app functionality. We do not collect device IDs, advertising identifiers, or browser fingerprints.
Local storage: We store preferences (such as your dark mode setting and guest step progress) on your device using browser localStorage or mobile AsyncStorage. This data stays on your device and is not sent to our servers.

2.3 Information we do not collect

We do not collect your precise location or GPS data, contacts, health data, biometric data, browsing history outside of our Service, or advertising identifiers.

3. How We Use Your Information

We use your personal data for the following purposes:

Purpose	Lawful Basis (GDPR)
Provide the Service (account, projects, saves, collections, shopping lists)	Performance of contract
Process payments and manage subscriptions	Performance of contract
Enforce tier limits (free vs. Pro usage counters)	Performance of contract
Generate AI-powered Project Previews and HandyBot responses	Performance of contract
Send transactional emails (account confirmations, subscription changes)	Performance of contract
Improve and maintain the Service (bug fixes, performance)	Legitimate interest
Protect against fraud and abuse	Legitimate interest
Comply with legal obligations	Legal obligation

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. How We Share Your Information

We do not sell or share your personal information for cross-context behavioral advertising. We share data only with the following service providers who process it on our behalf:

Service Provider	Purpose	Data Shared
Firebase (Google)	Authentication, database, file storage	Account data, profile, content, images
Stripe	Web payment processing	Email, subscription details
RevenueCat	Mobile in-app purchase management	User ID, product ID, subscription status
Google Gemini AI	Project Preview generation, HandyBot responses	Room photos (ephemeral), chat messages (ephemeral), project metadata
Amazon	Affiliate product links and referrals	Clicks on affiliate links (handled by Amazon per their privacy notice)

We may also disclose your information if required by law, to protect our legal rights, or to prevent fraud or safety issues.

5. Cookies and Local Storage

We use strictly necessary cookies and local storage only. We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

Authentication cookies: Set by Firebase to keep you signed in. These are essential for the Service to function.
Local preferences: Your theme setting (light/dark mode), step progress, and session state are stored locally on your device and are not transmitted to us.

Because we use only strictly necessary cookies, no consent banner is required under GDPR. You can clear cookies and local storage through your browser or device settings at any time.

6. International Data Transfers

Our Service and its infrastructure are hosted in the United States. If you access the Service from outside the United States (including the EU/EEA or UK), your personal data will be transferred to the United States for processing.

For transfers of personal data from the EU/EEA or UK to the United States, we rely on:

The EU-U.S. Data Privacy Framework for service providers that are certified participants (Google, Stripe).
Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated into our data processing agreements with service providers.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

Data Category	Retention Period
Account and profile data	Until you delete your account
Projects, reviews, and user-created content	Until you delete the content or your account
Saved projects, collections, shopping lists, follows	Until you delete them or your account
Usage counters (HandyBot, previews)	Reset monthly; deleted with account
Subscription and payment records	Retained by Stripe/RevenueCat per their policies; our records deleted with account
Room photos (AI Preview)	Not stored — processed in real time and discarded
HandyBot conversations	Not stored — session-only, lost when you close the app
Local preferences (theme, step progress)	Stored on your device only; you control deletion

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit (HTTPS/TLS for all data transmissions)
Encryption at rest (provided by Firebase/Google Cloud)
Authentication via secure OAuth 2.0 (Google Sign-In)
Firebase Security Rules restricting data access to authorized users
Server-side token verification for all API requests
Payment data handled entirely by PCI-DSS compliant processors (Stripe, Apple, Google)

No method of transmission or storage is 100% secure. If you become aware of a security issue, please contact us immediately at support@trieditdiy.com.

9. Your Privacy Rights

9.1 Rights for all users

Regardless of where you are located, you can:

Access your personal data from your Account settings
Update your profile information at any time
Delete your account and all associated data from Account settings
Export your project data

9.2 Additional rights for EU/EEA/UK residents (GDPR)

If you are in the European Economic Area or United Kingdom, you also have the right to:

Rectification: Request correction of inaccurate personal data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request that we limit how we process your data
Portability: Receive your personal data in a structured, machine-readable format
Objection: Object to processing based on legitimate interest
Withdraw consent: Where processing is based on consent, withdraw it at any time
Lodge a complaint: File a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany)

We will respond to GDPR requests within 30 days. In exceptional cases, we may extend this by up to 60 additional days with notice.

9.3 Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
Delete: Request deletion of your personal information
Correct: Request correction of inaccurate personal information
Opt-out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising, so no opt-out is necessary
Non-discrimination: We will not discriminate against you for exercising any of these rights

We will acknowledge CCPA requests within 10 business days and respond substantively within 45 calendar days.

10. California-Specific Disclosures (CCPA/CPRA)

In the preceding 12 months, we have collected the following categories of personal information:

Category	Examples	Source	Business Purpose
Identifiers	Name, email, user ID	You (via Google Sign-In)	Account creation, authentication
Internet activity	Feature usage counters, project views	Automatic collection	Tier enforcement, service improvement
Commercial information	Subscription tier, billing period	Payment processors	Payment processing, subscription management
User-generated content	Projects, reviews, images, shopping lists	You	Core service functionality
Sensory data	Room photos (for AI Preview)	You	AI preview generation (not stored)

Sale or sharing: We have not sold or shared personal information in the preceding 12 months, and we do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

Sensitive personal information: We do not collect sensitive personal information as defined by the CPRA (such as Social Security numbers, precise geolocation, racial or ethnic origin, or biometric data).

11. Children's Privacy

TriedIt DIY is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@trieditdiy.com and we will promptly delete it.

12. Business Transfers

If Nunn Holdings, LLC is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Effective date" at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

We encourage you to review this page periodically for the latest information on our privacy practices.

14. Contact Us

For privacy-related questions, data subject requests, or concerns about this policy, contact us at:

Nunn Holdings, LLC

Attn: Privacy

4030 Wake Forest Road STE 349

Raleigh, NC 27609, United States

Email: support@trieditdiy.com

If you are an EU/EEA or UK resident and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.