NIWERS PRIVACY POLICY (UNITED STATES)
Effective Date: pending — company being formed Last Updated: pending — company being formed Version: 2026-05-v1.0
Introduction
pending — company being formed d/b/a Niwers ("Niwers", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Niwers Platform (mobile applications and niwers.com).
This Privacy Policy applies to U.S. residents. If you are a Turkey resident, see our TR Privacy Notice.
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). See our California Privacy Notice for additional details.
By using the Niwers Platform, you acknowledge this Privacy Policy. If you do not agree, please do not use the Service.
1. INFORMATION WE COLLECT
1.1. Information You Provide
1.1.1. Account Registration:
- Name (full name or display name)
- Username
- Email address
- Phone number
- Date of birth (for age verification — must be 13+)
- Profile photo (optional)
- Biographical information (optional, user-provided)
1.1.2. Profile Information:
- Style preferences
- Body measurements (optional)
- Gender (optional, user-provided)
- Location (city/state, optional)
1.1.3. Transactional Information (Buyers):
- Shipping addresses
- Order history
- Payment method information (handled by Stripe, not stored by Niwers)
- Communication with Sellers
1.1.4. Seller Information (in addition to above, if you sell on Niwers):
- Business name
- Business address
- Tax Identification Number (SSN, ITIN, or EIN) — required by INFORM Act, 15 U.S.C. § 45f
- Government-issued photo identification
- Bank account information (handled by Stripe)
- Business documents (LLC formation, license, etc.)
1.1.5. User-Generated Content:
- Posts, photos, videos
- Comments, likes, follows
- Messages with other Users
- Product reviews and ratings
- Saved collections
1.2. Automatically Collected Information
1.2.1. Device Information:
- Device type, model, operating system, version
- Device identifiers (IDFV on iOS, Android ID on Android)
- IP address
- Browser type and version (for web access)
- Language and timezone settings
1.2.2. Usage Data:
- Pages and screens viewed
- Click patterns and navigation paths
- Search queries
- Session duration
- Crash reports and error logs
1.2.3. Location Data:
- General location (city/state) inferred from IP address
- Precise location (only with your explicit permission)
1.2.4. Cookies and Similar Technologies:
- See our Cookie Policy for details (web only)
- For mobile apps, we use device identifiers and SDK-based analytics
1.3. Information from Third Parties
1.3.1. Authentication Providers (if you sign up with Apple or Google):
- Email address
- Display name
- Profile photo
- Authentication tokens
1.3.2. Payment Processors:
- Transaction confirmation
- Fraud signals
- Payout status (Sellers)
1.3.3. Identity Verification Providers:
- KYC results (for INFORM Act compliance)
- Risk assessment data
2. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
2.1. Service Provision
- Create and manage your account
- Process transactions and orders
- Facilitate communication between Users
- Display content (feeds, profiles, listings)
- Customer support
2.2. Compliance and Legal
- INFORM Act compliance — verify Sellers, disclose Seller info to Buyers
- DMCA compliance — process notices and counter-notices
- Tax compliance — issue 1099-K forms, collect/remit sales tax
- AML/KYC — anti-money laundering checks
- Court orders, subpoenas, government requests
- Stripe and payment processor compliance
2.3. Safety and Security
- Detect and prevent fraud, abuse, and illegal activity
- Enforce our Terms of Service and Acceptable Use Policy
- Protect rights, property, and safety of Users, Niwers, and third parties
- Investigate and respond to security incidents
2.4. Personalization and Recommendations
- Personalized content feed
- Product recommendations
- Search results ranking
- Trending content
2.5. Analytics and Improvement
- Understand how Users use the Niwers Platform
- Improve features and user experience
- A/B testing (anonymized when possible)
- Performance monitoring
2.6. Marketing and Communications
- Service announcements and updates
- Promotional emails (with opt-out as required by CAN-SPAM Act)
- Push notifications (with consent)
- SMS notifications (with consent under TCPA)
2.7. AI-Based Content Moderation
- Automated review of user-generated content for policy violations
- Counterfeit and IP infringement detection
- Spam and harassment detection
- Content classification (NSFW, hate speech, etc.)
3. LEGAL BASIS FOR PROCESSING
Under U.S. state privacy laws (CCPA, VCDPA, CPA, etc.), we process personal information based on:
- Contractual necessity — to provide the services you request
- Legitimate interests — to operate, secure, and improve the Niwers Platform
- Legal obligation — to comply with INFORM Act, tax laws, court orders
- Consent — for specific uses requiring opt-in (e.g., marketing emails, precise location, sensitive data)
4. HOW WE SHARE YOUR INFORMATION
4.1. With Other Users
4.1.1. Public Profile Information: Your username, profile photo, posts, comments, and other public content are visible to other Users.
4.1.2. Buyer-Seller Information Sharing:
- To Sellers: When you place an Order, we share your name, shipping address, phone number, and Order details with the Seller for fulfillment
- To Buyers: Per INFORM Act, 15 U.S.C. § 45f(b)(2)(A), we display Seller's name, address, email, and phone in storefronts and listings
4.2. With Service Providers
We share information with trusted third parties who perform services on our behalf:
| Provider | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing, KYC, marketplace facilitator | USA | stripe.com/privacy |
| Cloudflare, Inc. | CDN, DDoS protection, content moderation | USA | cloudflare.com/privacypolicy |
| Supabase, Inc. | Database, authentication, storage | USA | supabase.com/privacy |
| Sentry | Error tracking, crash reporting | USA | sentry.io/privacy |
| Resend | Transactional email | USA | resend.com/privacy-policy |
| Apple, Google | Push notifications, app distribution | USA | apple.com/privacy, policies.google.com |
| Customer Support Provider | Customer service ticketing | USA | (provider-specific) |
These providers are bound by contract to use information only for the purposes we specify.
4.3. With Legal and Regulatory Authorities
We may disclose information when required by law or to:
- Comply with court orders, subpoenas, or government requests
- Respond to valid law enforcement requests, including those under the Stored Communications Act (18 U.S.C. § 2701 et seq.)
- Comply with INFORM Act reporting to FTC and state attorneys general
- Comply with mandatory CSAM reporting to NCMEC under 18 U.S.C. § 2258A
- Protect the rights, property, and safety of Niwers, Users, or others
- Investigate fraud or abuse
- Defend legal claims
4.4. Business Transfers
If Niwers is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will notify you of any change in ownership or use of your information.
4.5. With Your Consent
We may share information for purposes other than those described in this Policy with your consent.
4.6. Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified data that cannot be linked back to you for analytics, research, marketing, or business purposes.
4.7. We Do NOT Sell Your Personal Information for Money
Niwers does not sell your personal information for monetary consideration to third parties.
However, certain disclosures may constitute a "sale" or "share" under CCPA/CPRA:
- Sharing with advertising partners for cross-context behavioral advertising (currently not used by Niwers, but may be in the future)
- Sharing pseudonymized identifiers with analytics providers
California residents have the right to opt out of any "sale" or "share" — see California Privacy Notice.
5. YOUR PRIVACY RIGHTS (BY STATE)
5.1. Universal Rights (All U.S. Users)
You have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and associated information (subject to legal retention requirements)
- Opt out of marketing communications
To exercise these rights, contact [email protected] or use the in-app Settings → Privacy Rights.
5.2. California (CCPA / CPRA)
California residents have additional rights including:
- Right to know categories of personal information collected, sold, or shared
- Right to delete personal information
- Right to correct inaccurate information
- Right to opt out of sale or sharing of personal information
- Right to limit use and disclosure of sensitive personal information
- Right to portability
- Right to non-discrimination for exercising rights
See full details and exercise rights at our California Privacy Notice.
5.3. Virginia (VCDPA), Colorado (CPA), Connecticut (ConnDPA), Utah (UCPA)
Residents of these states have rights to:
- Access personal data
- Correct inaccurate data
- Delete personal data
- Data portability
- Opt out of:
- Targeted advertising
- Sale of personal data
- Profiling for significant decisions
5.4. Texas (TDPSA)
Texas residents have similar rights to those above, with state-specific procedures.
5.5. Other States
Residents of Oregon, Montana, Iowa, Tennessee, Indiana, New Jersey, Delaware, and other states with comprehensive privacy laws have similar rights as those laws are enacted and effective.
5.6. How to Exercise Rights
Option 1 — In-App:
- Open Niwers Platform → Settings → Privacy Rights
- Select the right you want to exercise
- We will respond within timeframes required by applicable law (typically 45 days)
Option 2 — Email:
- Send request to
[email protected] - Include your account email and the right you want to exercise
- For some requests, we may need to verify your identity
Option 3 — Mail: pending — company being formed pending — company being formed Attn: Privacy Rights
5.7. Authorized Agents
You may designate an authorized agent to exercise your rights on your behalf. We require:
- Written authorization signed by you
- Verification of agent's identity
- Verification of your identity directly
5.8. Verification
To protect your privacy, we verify identity before processing requests by matching information you provide with our records.
5.9. Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights. We will not:
- Deny services
- Charge different prices
- Provide a different level of quality
- Suggest you will receive different services
6. GLOBAL PRIVACY CONTROL (GPC)
Niwers honors the Global Privacy Control (GPC) signal as a request to opt out of the sale and sharing of personal information for cross-context behavioral advertising.
If your browser sends a GPC signal:
- We treat it as an opt-out for browser-based access
- For mobile app, you can set similar preferences in Settings → Privacy Rights
GPC is a technical specification, and our recognition is limited to scope and capabilities supported by the standard.
7. SENSITIVE PERSONAL INFORMATION
7.1. CCPA/CPRA Sensitive Personal Information
Under California law, sensitive personal information ("SPI") includes:
- Government identifiers (SSN, driver's license, passport)
- Account login credentials
- Precise geolocation
- Racial or ethnic origin
- Religious or philosophical beliefs
- Union membership
- Mail, email, text contents
- Genetic data
- Biometric information
- Health information
- Sex life or sexual orientation
7.2. Niwers's Use of SPI
We collect and use SPI only as necessary to:
- Verify your identity (INFORM Act, KYC)
- Process payments
- Comply with tax laws
- Provide services you request
- Comply with law
We do not use SPI to infer characteristics about you for advertising or profiling purposes.
7.3. Right to Limit Use of SPI
California residents may request that we limit our use of SPI to those purposes set out in CCPA/CPRA. See California Privacy Notice.
8. CHILDREN'S PRIVACY
8.1. Age Restriction
The Niwers Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13.
If we learn that we have collected information from a child under 13, we will delete it promptly and terminate the account.
8.2. Users 13–17
Users between 13 and 17 may use the Niwers Platform with parental or guardian consent. We treat their information with appropriate care and:
- Do not direct advertising to users under 18
- Limit data collection
- Provide enhanced controls to users and parents
8.3. Parents/Guardians
If you believe your child under 13 has registered for the Niwers Platform, please contact [email protected] and we will promptly delete the account.
8.4. COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.) and related FTC regulations.
9. DATA RETENTION
We retain personal information for as long as needed to:
- Provide services
- Comply with legal obligations (e.g., IRS — 7 years for tax records)
- Resolve disputes
- Enforce our agreements
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | Active account + 30-day grace period after deletion | Service provision |
| Transaction records | 7 years | IRS, state tax laws |
| Tax forms (1099-K) | 7 years | IRS |
| KYC/INFORM Act records | 5 years after account closure | INFORM Act, AML laws |
| Communications | 3 years | Legitimate interest |
| Marketing preferences | Until withdrawn | Consent |
| Sentry/Error logs | 90 days then anonymized | Legitimate interest |
| Privacy request records | 5 years | CCPA, state privacy laws |
| Litigation hold data | Duration of litigation + statute of limitations | Legal obligation |
After retention periods expire, we delete or anonymize data in accordance with applicable law.
10. DATA SECURITY
10.1. Technical Measures
- TLS encryption (HTTPS) for all data in transit
- At-rest encryption for sensitive data
- Row Level Security (RLS) in our database
- PCI DSS Level 1 payment processing (via Stripe)
- Token vault for sensitive credentials
- Sentry PII scrubbing to prevent leaks in error reports
- Multi-factor authentication (MFA) option for accounts
- Bcrypt/Argon2 password hashing
- Regular security audits and penetration testing
10.2. Administrative Measures
- Confidentiality agreements with all employees and contractors
- Access controls based on principle of least privilege
- Privacy and security training
- Vendor risk assessments
- Incident response plan
10.3. Data Breach Notification
In the event of a data breach involving personal information, we will:
- Notify affected individuals as required by applicable state breach notification laws (e.g., California Civil Code § 1798.82)
- Notify state attorneys general as required (CA, VA, etc.)
- Notify FTC and other federal agencies as required
- Notify law enforcement when appropriate
11. INTERNATIONAL DATA TRANSFERS
The Niwers Platform is operated in the United States. Your information may be transferred to, processed, and stored in the U.S. and other countries where our service providers operate.
For users outside the U.S., these countries may have different data protection laws. We use contractual safeguards (e.g., Standard Contractual Clauses) where required.
12. THIRD-PARTY LINKS
The Niwers Platform may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before providing information.
13. PUSH NOTIFICATIONS, EMAIL, AND SMS
13.1. Push Notifications
You can opt in to push notifications through device settings. To opt out:
- iOS: Settings → Notifications → Niwers → Off
- Android: Settings → Apps → Niwers → Notifications → Off
13.2. Email
We comply with CAN-SPAM Act, 15 U.S.C. § 7701 et seq. All marketing emails include an unsubscribe link.
13.3. SMS
We comply with Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227. SMS messages are sent only with consent. Reply STOP to unsubscribe.
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. Material changes will be communicated by:
- In-app notification
- Email to your registered address
- Notice on the Niwers Platform
The "Last Updated" date reflects the most recent revision. Continued use after changes constitutes acceptance.
15. CONTACT US
For privacy questions, requests, or concerns:
| Topic | Contact |
|---|---|
| Privacy Officer / Data Protection | [email protected] |
| General Support | [email protected] |
| Legal | [email protected] |
| California Privacy Rights | See California Privacy Notice |
| Mailing Address | pending — company being formed pending — company being formed Attn: Privacy Officer |
| Toll-Free CCPA Line | (Not currently available; written request required) |
16. STATE-SPECIFIC NOTICES
California: See California Privacy Notice.
Nevada: Nevada residents may opt out of the sale of personal information by emailing [email protected]. (Note: Niwers does not currently sell personal information.)
Vermont: Special protections apply for VT residents under VT Stat. Title 9 § 2430 et seq.
Washington (WA My Health My Data Act): Health-related data is given special protection.
Version: 2026-05-v1.0 Effective Date: pending — company being formed