top of page

PRIVACY POLICY

Privacy Policy

​

Last updated: 2025/12/12

​

This Privacy Policy explains how Pons Company Limited ("PONS.ai", “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you visit or use our website, products, services, AI solutions, and related platforms (collectively, the “Services”).

​

This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

​

Scope of This Privacy Policy
This Privacy Policy applies to personal data processed through:
   •    the PONS.ai website (including pons.ai and subdomains), and
   •    PONS.ai products and services, including AI Photo Booth solutions, personalization features, event-based activations, and related digital platforms,
where PONS.ai acts as a data controller.

​

B2B & Event-Based Processing
In some cases, PONS.ai processes personal data as a data processor on behalf of corporate or institutional clients. In such cases, the client determines the purposes and means of processing, and PONS.ai acts in accordance with contractual obligations and applicable data protection laws.

⸻

1. Data Controller

The data controller responsible for your personal data is:

Pons Company Limited
Unit 506, 5/F, New World Tower 1, 18 Queen's Road Central
Hong Kong SAR

📧 Privacy contact: privacy@pons.ai
📧 General contact: support@pons.ai

If we appoint a Data Protection Officer (DPO), their contact details will be published here.

⸻

2. Personal Data We Collect

We may collect and process the following categories of personal data:
   •    Identity Data: name, username, job title
   •    Contact Data: email address, phone number
   •    Account Data: login credentials, user preferences
   •    Image & Media Data: photographs, images, or videos uploaded for AI Photo Booth or personalization features
   •    Transaction Data: billing details, payment confirmations (processed via third-party payment providers)
   •    Technical Data: IP address, device type, browser type, operating system
   •    Usage Data: interactions with our Services, analytics, logs
   •    Marketing Data: communication preferences, campaign engagement

We do not intentionally collect special categories of personal data unless explicitly provided by the user for a specific purpose.

⸻

3. How We Use Your Personal Data (Purposes & Legal Bases)

Under GDPR, we process personal data only when a lawful basis applies:

Purpose  |  Legal Basis
Provide and operate the Services  |  Performance of a contract
Account creation & user support  |  Performance of a contract
AI image generation & personalization  |  Performance of a contract / Consent
Payment processing  |  Legal obligation / Contract
Analytics & service improvement  |  Legitimate interests
Marketing communications  |  Consent
Security, fraud prevention  |  Legitimate interests
Legal compliance  |  Legal obligation

You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

⸻

4. AI, Automated Processing & Profiling

Our Services may use automated processing and AI-based systems, including image generation and personalization features.
   •    AI processing is used solely to deliver requested outputs
   •    No automated decisions produce legal or similarly significant effects
   •    Users may request human review or deletion of AI-processed data

⸻

5. Data Sharing & Recipients

We may share personal data with:
   •    Cloud hosting providers (e.g., infrastructure & storage)
   •    Analytics providers
   •    Payment processors
   •    Professional advisers (legal, accounting)
   •    Business partners involved in service delivery

We never sell personal data.

⸻

6. International Data Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards, including:
   •    EU Standard Contractual Clauses (SCCs)
   •    Transfers to countries with adequacy decisions
   •    Equivalent legal protections

⸻

7. Data Retention

We retain personal data only as long as necessary:

Data Type  |  Retention Period
Account data  |  Duration of account + 24 months
AI images & media  |  Up to 12 months unless deleted earlier
Marketing data  |  Until consent withdrawn
Technical & log data  |  Up to 12 months
Legal & financial records  |  As required by law


⸻

8. Your GDPR Rights

You have the right to:
   •    Access your personal data
   •    Rectify inaccurate data
   •    Request erasure (“right to be forgotten”)
   •    Restrict processing
   •    Object to processing
   •    Data portability
   •    Withdraw consent at any time
   •    Lodge a complaint with a supervisory authority

EU users may complain to their local Data Protection Authority or the authority in their country of residence.

To exercise your rights, contact: privacy@pons.ai

⸻

9. Cookies & Tracking

We use cookies and similar technologies for functionality, analytics, and performance. You may manage cookie preferences through your browser or cookie banner.

⸻

10. Security Measures

We implement appropriate technical and organizational security measures to protect personal data, including encryption, access controls, and secure infrastructure.

⸻

11. Children’s Data

Our Services are not directed at children under 16. We do not knowingly collect data from minors.

⸻

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via the website or email where appropriate.

⸻

13. Contact Us

If you have questions or requests regarding this Privacy Policy or your personal data, contact:

📧 privacy@pons.ai

bottom of page