Legal
Privacy Policy
What we collect, why, and the one thing we deliberately never put on-chain.
This Privacy Policy explains how Manekkin collects, uses, shares, and protects personal data when you use our marketplace and verification layer — whether as a model, brand, creative, or agency. It is written to satisfy the EU General Data Protection Regulation (GDPR) and to be honest about the parts of the system, like on-chain attestations, that behave differently from a normal database.
01
Who we are
The data controller for the purposes of the GDPR is [Company legal name / CIF], registered at [Registered address, Spain] ("Manekkin", "we", "us"). We are established in Spain and operate under EU data protection law.
02
Data we collect
The data we collect depends on how you use Manekkin.
- Account data (all roles): name, email address, hashed password or Google account identifier, role, and workspace membership.
- Identity verification data (models): when you complete identity verification, our processor Didit collects and retains your government ID document and reference selfie directly. Manekkin does not receive or store the ID document image or your biometric reference portrait — we store only a Didit session identifier and the verification outcome (verified / not verified, plus similarity and liveness scores where relevant). See Section 09 for how face-matching itself works.
- Training and portfolio imagery (models): photos you upload to train your AI avatar and to build your public portfolio. These are stored on our infrastructure and are matched against your verified identity before an avatar can be trained.
- Payment data (brands, models, creatives, agencies): processed by our payment provider, Stripe. Manekkin does not store full card numbers; we retain transaction records, payout history, and the billing details necessary for invoicing and tax compliance.
- Casting attributes (models, optional): self-described details like gender, ethnicity, region, or nationality that you choose to share to help brands cast for a look. These are entirely optional and under your control.
- Usage data (all roles): pages viewed, actions taken, generation requests, device and browser information, and approximate location derived from IP address, collected to operate, secure, and improve the service.
- Communications: messages sent through booking threads, support requests, and notification preferences.
03
Why we process it
We rely on the following legal bases under Article 6 GDPR:
- Contract — to create your account, run the marketplace, process licenses and bookings, and handle payments.
- Consent — for identity verification and biometric face-matching (see Section 09), for optional casting attributes, and for any marketing communications you opt into.
- Legal obligation — for tax, accounting, and anti-fraud record-keeping.
- Legitimate interest — for platform security, abuse prevention, and service improvement, balanced against your rights and never used to override a consent-based basis like biometric processing.
04
On-chain data
Every license and every generated asset gets a small public attestation recorded on Base, a public blockchain, using the Ethereum Attestation Service. This is what makes Manekkin's proof independently verifiable — anyone, including you, can check it without trusting us. It is also the one part of our system that behaves differently from an ordinary database, and it deserves a plain explanation.
On-chain attestations contain only pseudonymous handles, content hashes, license codes, and timestamps — never your name, email, date of birth, document numbers, or any other directly identifying field. Our systems actively guard against this: data we consider personally identifying is rejected before it can be written to an attestation. This is data-minimization by design, not an afterthought.
The practical consequence is that data written to Base cannot be edited or erased — that permanence is the entire reason an attestation is trustworthy proof. Because nothing personally identifying is written there in the first place, this does not create an erasure gap for your personal data: what's on-chain is a hash and a handle, not a request we could fulfil by deleting your name from a table. See Section 08 for how this interacts with your right to erasure.
05
Retention
We keep account and license data for as long as your account is active, and for a reasonable period after closure to satisfy legal, tax, accounting, and dispute obligations (generally up to 6 years for financial records, per Spanish requirements). Identity verification documents and biometric portraits are held by Didit under their own retention policy, not by us — we retain only the session reference and outcome. Usage and log data is retained for a limited operational window (typically under 12 months) before it is deleted or aggregated beyond individual identification.
06
Who we share data with
We share data with the processors who help us run the service, each engaged under a data-processing agreement and instructed to use your data only for the purpose we specify:
- Didit — identity verification and biometric face-matching.
- Stripe — payment processing, payouts, and billing.
- Supabase — database and object storage infrastructure.
- Vercel — application hosting and content delivery.
- fal.ai — AI image and video generation infrastructure used to run Studio pipelines.
We do not sell personal data, and we do not share it with third parties for their own marketing purposes. We may disclose data where required by law or to protect the rights, safety, or property of Manekkin or others.
07
International transfers
Some of our processors operate infrastructure outside the European Economic Area. Where that happens, we rely on the safeguards recognized under GDPR Chapter V — Standard Contractual Clauses, an adequacy decision, or an equivalent mechanism — to ensure your data receives a comparable level of protection wherever it is processed.
08
Your rights
Subject to the conditions and exceptions set out in the GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data, in the circumstances the GDPR provides for (for example, where it's no longer necessary for the purpose it was collected).
- Port your data to another provider in a structured, machine-readable format.
- Object to processing based on legitimate interest, and to withdraw consent at any time where processing is consent-based (this does not affect the lawfulness of processing before withdrawal).
On-chain limitation, stated honestly. Erasure and rectification requests apply fully to the data we hold in our own systems. They cannot reach data already written to the Base blockchain, because no party — including us — can alter or delete a confirmed on-chain record. As explained in Section 04, we design attestations so this limitation never bites in practice: the fields written on-chain are pseudonymous handles and hashes, not personal data, so there is nothing personally identifying there to erase. If you believe an attestation nonetheless contains personal data, contact us and we will investigate and, where the license or record it relates to permits it, revoke the associated license so no further use can be made of it.
To exercise any of these rights, contact us using the details in Section 12. You also have the right to lodge a complaint with your local data protection authority — in Spain, the Agencia Española de Protección de Datos (AEPD).
09
Biometric data & face-matching
Face-matching — confirming that your training photos and your verified identity belong to the same person — is special category data under Article 9 GDPR and requires your explicit consent, which we obtain before running any match. You give this consent as part of identity verification and again, implicitly, each time you submit new training photos that require a match.
The face-matching computation itself is performed by Didit, comparing your verified reference against a candidate photo and returning a similarity score and a match/no-match result. Manekkin does not compute or store facial embeddings or biometric templates ourselves — we store the outcome (matched or not, and a similarity score) against the relevant photo record, not a reusable biometric signature.
You can withdraw consent to biometric processing at any time by contacting us or, for models, by revoking your license — which also halts any further generation against your avatar (see Terms of Service, Section 03). Withdrawing consent means future training photos cannot be face-matched and verified against your identity, which will prevent new avatar training; it does not retroactively make past, already-consented matching unlawful.
11
Changes to this policy
We may update this Privacy Policy as our processors, product, or legal obligations change. For material changes, we will give reasonable advance notice by email or an in-product notice. The "last updated" date at the top of this page always reflects the current version.
12
Contact & DPO
For any question about this policy or to exercise your rights, contact us at privacy@manekkin.com. For matters requiring our Data Protection Officer: dpo@manekkin.com [DPO name / placeholder].
[Company legal name / CIF] · [Registered address, Spain]
See also our Terms of Service.