Nondy Enhance

Privacy Policy

Last updated: November 22, 2025

1. Introduction

This Privacy Policy explains how Nondy Enhance ("Nondy Enhance", "we", "us", or "our") collects, uses, discloses, and safeguards the personal data of users ("you", "your") who access or use our website at ndy-enhance.com (the "Site") and our video and image enhancement services (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), Austrian Data Protection Act (Datenschutzgesetz - DSG), and other relevant privacy regulations.

By using the Service, you consent to the collection and use of your personal data as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Data Controller

Nondy Enhance is the data controller responsible for your personal data. For questions about this Privacy Policy or our data practices, contact us at:

Nondy Enhance
Email: privacy@ndy-enhance.com
Data Protection Officer: dpo@ndy-enhance.com
Website: ndy-enhance.com

3. Information We Collect

3.1 Information You Provide to Us

  • Account Information: When you create an account, we collect your name, email address, password (encrypted), and any profile information you choose to provide.
  • Payment Information: When you make a purchase, we collect billing information including your name and email address. Payment card details are collected and processed directly by our payment processor, Stripe, Inc., and are not stored on our servers.
  • Content Files: Videos, images, and other media files you upload for enhancement ("Your Content").
  • Communications: Information you provide when you contact us for support, feedback, or inquiries, including email content and attachments.
  • Enhancement Preferences: Your selections, instructions, and preferences related to content enhancement services.

3.2 Information We Collect Automatically

  • Usage Data: Information about how you interact with the Service, including pages viewed, features used, time spent, and navigation patterns.
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing behavior. See Section 11 for details.

3.3 Information from Third Parties

  • Authentication Providers: If you sign in using a third-party service (e.g., Google), we receive basic profile information such as your name and email address as permitted by your settings with that provider.
  • Payment Processors: We receive transaction confirmations, payment status, and limited payment method information from Stripe.

4. Legal Bases for Processing (GDPR)

We process your personal data only when we have a lawful basis under Article 6 of the GDPR:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfill our contractual obligations to you.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests in operating, improving, and securing the Service, preventing fraud, and understanding user behavior, provided these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities, such as marketing communications or optional cookies.
  • Legal Obligations (Art. 6(1)(c)): Processing necessary to comply with legal requirements, such as tax reporting, responding to legal requests, or complying with payment processing regulations.

5. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve the video and image enhancement services you request.
  • Account Management: To create and manage your account, authenticate you, and maintain your preferences.
  • Payment Processing: To process transactions, manage subscriptions, handle refunds, and maintain billing records through our payment processor, Stripe.
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Service Improvement: To analyze usage patterns, understand user preferences, and develop new features.
  • Security and Fraud Prevention: To detect, investigate, and prevent security incidents, fraudulent transactions, and abuse of the Service.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and payment processor requirements.
  • Communications: To send you service-related notifications, updates, security alerts, and (with your consent) marketing communications.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We share your data only in the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Payment Processing: Stripe, Inc. processes all payment transactions. Stripe's handling of your payment data is governed by their privacy policy and PCI-DSS compliance standards.
  • Cloud Hosting: Infrastructure providers that host our servers and store data securely.
  • Authentication Services: Third-party authentication providers (e.g., Google OAuth) if you choose to use them.
  • Analytics Providers: Services that help us understand Service usage and improve user experience.
  • Email Services: Providers that help us send transactional and marketing emails.

All service providers are contractually obligated to protect your data, use it only for specified purposes, and comply with applicable data protection laws.

6.2 Business Transfers

If Nondy Enhance is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, provided they agree to protect your data in accordance with this Privacy Policy.

6.3 Legal Requirements

We may disclose your personal data when required by law, legal process, or governmental request, or when we believe disclosure is necessary to:

  • Comply with legal obligations or respond to lawful requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of Nondy Enhance, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

6.4 With Your Consent

We may share your data with third parties when you have given explicit consent for such sharing.

7. International Data Transfers

Nondy Enhance is based in Austria, and your data is primarily processed within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA, including in the United States.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Providers certified under recognized data protection frameworks

For example, Stripe processes payment data in accordance with PCI-DSS standards and implements appropriate cross-border data transfer mechanisms.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
  • Uploaded Content: Your original and enhanced content files are retained for 30 days after enhancement unless you choose to delete them earlier. After this period, files are automatically deleted from our active systems but may persist in backups for up to 90 days.
  • Payment Records: Retained for at least 7 years to comply with Austrian tax and accounting regulations.
  • Communications: Support inquiries and communications are retained for up to 3 years for quality assurance and dispute resolution.
  • Log Data: Typically retained for 12 months for security and troubleshooting purposes.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using AES-256 encryption.
  • Access Controls: Strict access controls and authentication mechanisms limit data access to authorized personnel only.
  • Secure Infrastructure: Our systems are hosted on secure, regularly audited cloud infrastructure.
  • Regular Security Audits: We conduct regular security assessments and penetration testing.
  • Employee Training: Our team members receive ongoing data protection and security training.
  • Payment Security: All payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider. We do not store complete payment card details on our servers.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data in certain circumstances ("right to be forgotten").
  • Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Request transfer of your data to another service provider in a structured, commonly used format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7): Withdraw consent for processing based on consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: File a complaint with your national data protection authority (in Austria: Österreichische Datenschutzbehörde).

To exercise any of these rights, contact us at privacy@ndy-enhance.com. We will respond within 30 days and may need to verify your identity before processing your request.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity and preferences. Cookies are small text files stored on your device that help us:

  • Essential Cookies: Necessary for authentication, security, and basic Service functionality. These cannot be disabled.
  • Performance Cookies: Collect information about Service usage and help us improve performance.
  • Functional Cookies: Remember your preferences and settings.
  • Analytics Cookies: Help us understand user behavior and improve the Service.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality. For more information about cookies, visit www.allaboutcookies.org.

12. Marketing Communications

With your consent, we may send you marketing emails about new features, special offers, and Service updates. You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at privacy@ndy-enhance.com

Note that you cannot opt out of essential service-related communications, such as account notifications, security alerts, or transactional emails.

13. Children's Privacy

The Service is not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child without parental consent, we will delete that information promptly.

If you believe a child has provided us with personal data, please contact us at privacy@ndy-enhance.com.

14. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant data protection authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. The notification will include the nature of the breach, potential consequences, and measures taken to address it.

15. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at privacy@ndy-enhance.com.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, technology, or legal requirements. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the Service

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nondy Enhance
Email: privacy@ndy-enhance.com
Data Protection Officer: dpo@ndy-enhance.com
Website: ndy-enhance.com

Austrian Data Protection Authority (Supervisory Authority):
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
Website: www.dsb.gv.at

By using Nondy Enhance, you acknowledge that you have read and understood this Privacy Policy.