Privacy Notice

This notice explains how Vibar (the “Application”) collects, uses, discloses, and protects information when you install or use the Application distributed through Google Play. It is written for an international audience and supplements any disclosures presented inside the product experience.

Effective date: 7 April 2026

Last reviewed & updated: 17 April 2026

Controller: Xiangtan Sunen Trading Co., Ltd.

This Privacy Notice is reviewed at least once every 12 months and updated when our data practices or legal requirements change materially, in line with obligations such as Cal. Civ. Code § 1798.130 (CCPA/CPRA) and comparable state laws.

United States — California & Virginia (summary). This paragraph highlights rights that may apply under U.S. state privacy laws and points to the detailed sections below.

California residents — California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). If you are a California resident, the CCPA and CPRA (Cal. Civ. Code §§ 1798.100 et seq., including § 1798.105 (deletion), § 1798.106 (correction), § 1798.110–1798.115 (right to know, including whether personal information is sold or shared), § 1798.120 (opt-out of sale), and § 1798.130 (notice and disclosure)) may grant you rights that include: the right to know whether personal information is sold or shared (including for cross-context behavioral advertising); the right to access and the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale of personal information and the right to opt out of certain sharing or targeted advertising; rights relating to profiling in limited circumstances; and the right not to be discriminated against for exercising these rights. Section 5 describes sharing practices; Section 7 describes retention; Section 9.3 explains how to submit requests.

Virginia residents — Virginia Consumer Data Protection Act (VCDPA). If you are a Virginia resident, the VCDPA (Va. Code Ann. § 59.1-576 et seq., including § 59.1-578) may grant you rights such as to confirm processing, access, delete, correct, opt out of targeted advertising, the sale of personal data, and certain profiling, and to appeal our response. See Section 9.2a.

1. Scope and acceptance

The Application is offered by Xiangtan Sunen Trading Co., Ltd. (the “Publisher,” “we,” “us,” or “our”). By installing or continuing to use the Application after you acknowledge this notice (for example, by selecting the applicable checkbox), you confirm that you have read this notice and agree to the processing activities described here, subject to any rights you may have under applicable law.

Age restriction. The Application is intended for individuals who are at least eighteen (18) years old. The Application does not include account registration or sign-in, and it does not perform separate age-verification checks. You must not use the Application if you are under eighteen.

This notice applies to the Application on Android distribution channels we operate. It does not describe third-party websites or services that may be linked from collateral materials (for example, our corporate site). Note: Our corporate website (https://sunen-trade.com) is currently unavailable; any links to it do not affect the validity of this Privacy Notice.

2. Data controller and privacy contact

For purposes of the EU and UK General Data Protection Regulation (“GDPR”), the Swiss Federal Act on Data Protection (“FADP”), Brazil’s Lei Geral de Proteção de Dados (“LGPD”), and comparable regimes, the data controller is:

Legal name: Xiangtan Sunen Trading Co., Ltd.
Registered address: No. 13, Fengshu Group, Cha’en Village, Cha’ensi Town, Xiangtan County, Xiangtan City, Hunan Province
Website: https://sunen-trade.com (currently unavailable)

2.1 Data Protection Officer (DPO) & Privacy Contact

We maintain a Privacy Office that fulfils the Data Protection Officer (DPO) function for the Publisher. We do not name an individual natural person as DPO; the Privacy Office is the designated contact for DPO matters. Use the email below for privacy, security, and data-protection questions under GDPR, UK GDPR, FADP, LGPD, and comparable regimes.

DPO / Privacy Office Email: [email protected]
Preferred DPO Subject Line: “Vibar — Data Protection Officer Request” or “Vibar — Privacy Inquiry”
Application Support Email: [email protected]

When contacting us regarding privacy matters, please include:

Your jurisdiction (if relevant)
A concise description of your request
Enough detail to locate your information (device model, approximate date of use, reference identifiers)

We may request additional information to verify requests where the law requires or permits verification.

3. What we collect and why

Because the Application does not offer user accounts, most information is tied to the device, session, or content you choose to generate. We collect and use personal information only for the purposes described below and only to the extent permitted by applicable law.

3.1 Categories of information

Content you supply: images you upload to create outputs (including profile-style imagery and feedback attachments), audio you record in conversational or feedback flows, and any text you enter in forms.
Product telemetry: diagnostic events, crash data, performance counters, feature usage signals, and similar metadata needed to maintain reliability.
Device and app-context signals: device model, operating system version, language or region settings, limited app-build identifiers, and similar technical attributes.
Advertising and measurement identifiers: when enabled on your device, advertising IDs and related signals used for ad delivery, frequency capping, attribution, and fraud mitigation (subject to platform settings).
Support communications: information you email to us relating to questions, disputes, or safety reports.

3.2 Purposes of processing

Deliver the product: Operate generation workflows, store transient processing queues, render previews, and make outputs available within the Application experience.
Voice and creative assistance: Enable conversational features with the styling assistant and capture optional voice feedback you choose to submit through the “My” module.
Safety and integrity: Detect abuse, enforce policy, investigate reports, and protect users and the Publisher from fraudulent or harmful activity.
Improvement and analytics: Understand aggregate usage, prioritize bug fixes, evaluate feature performance, and refine models or pipelines where applicable.
Advertising and measurement: Deliver and measure advertising where integrated, including contextual or personalized placements permitted by platform controls.
Legal compliance: Fulfil retention duties, respond to lawful requests, establish or defend legal claims, and honour regulator guidance.

3.3 Legal bases (EEA, UK, and Switzerland)

Where GDPR, the UK GDPR, or FADP applies, we rely on one or more of the following legal bases:

Purpose	Typical basis
Providing the Application, honouring your settings, and performing requested creative processing	Performance of a contract (Article 6(1)(b) GDPR) and, where necessary, legitimate interests in operating a consumer software product (e.g., security hardening) (Article 6(1)(f))
Optional analytics, certain advertising measurements, or non-essential cookies or SDK behaviours where consent is required	Your consent (Article 6(1)(a)), which you may withdraw through device or in-product controls where available
Fraud prevention, network security, and enforcing acceptable use	Legitimate interests (Article 6(1)(f)) and, where applicable, our legal obligations (Article 6(1)(c))
Compliance with law, regulatory inquiries, and litigation	Legal obligation (Article 6(1)(c)) or legitimate interests in asserting legal rights (Article 6(1)(f))

Where we process special categories of data through your uploads (for example, imagery that incidentally reveals health or biometric aspects), we will rely on explicit consent where required, or ensure processing is manifestly made public by you, strictly limited to the service you requested, as permitted by applicable law.

3.4 LGPD (Brazil)

For users in Brazil, we process personal data under the legal hypotheses set out in LGPD Article 7, including performance of services, legitimate interest (with balancing tests where required), consent for optional processing, compliance with legal obligations, and regular exercise of rights in legal proceedings, as applicable to each processing activity.

4. Permissions and platform access

The Application requests access only when a feature requires it. You may grant or refuse permissions in your device settings; refusing a permission may disable related functionality.

Camera: Vibar requests camera access so you can capture profile imagery and attach photos when sending feedback.
Photos / media library: Vibar requests access to your photo library so you can select profile imagery and choose image attachments for feedback and media workflows (including uploads that may generate video-oriented outputs for publishing).
Microphone: Vibar requests microphone access so you can engage in voice sessions with the AI styling assistant and record spoken feedback in the “My” module’s feedback interface (as implemented in the product).
Storage / media locations: We may use external or scoped storage APIs permitted on your Android version to cache renders, import or export media you choose, and maintain temporary working files required for generation.
App information: Limited reads of application state or package metadata may be used for diagnostics, update routing, compatibility checks, and fraud prevention in line with platform standards.
Advertising identifier: Where advertising or measurement partners are present, we may access the advertising ID consistent with Google Play policies and your device reset or opt-out preferences.

We do not sell personal information for money in the colloquial sense of exchanging lists for cash. However, certain privacy laws define “sale,” “sharing,” or “targeted advertising” broadly to include some disclosures to advertising partners or analytics providers. Where those definitions apply, we provide opt-out mechanisms described below.

Under the CCPA/CPRA and similar U.S. state laws, you have the right to know whether your personal information is sold or shared (including for cross-context behavioral advertising), and the right to opt out of the sale of personal information and to opt out of certain sharing or targeted advertising where those rights apply. See Section 9.3 for how to submit a right to know request or opt out of sale or sharing.

We may disclose information to:

Infrastructure and communications vendors who host components, deliver push notices or email, or operate security tooling.
Analytics and crash-reporting suppliers that help us understand stability and engagement in aggregate.
Advertising and attribution partners subject to platform requirements and, where mandated, consent.
AI or media processing subcontractors that transform content you submit, under confidentiality and data-processing terms.
Professional advisers (lawyers, auditors) where necessary.
Authorities when we believe disclosure is required to comply with law, protect safety, or respond to lawful process.

We contractually restrict service providers from using personal data for their own unrelated marketing unless the law permits and you receive any notices required.

6. International transfers

Our processing may involve transfers to countries outside the country where you reside, including locations where our vendors maintain systems. Where GDPR, UK GDPR, or FADP applies, we implement appropriate safeguards such as Standard Contractual Clauses, supplementary technical and organisational measures, and transfer impact assessments when required. You may request a summary of the mechanisms we rely on by emailing [email protected].

7. Data retention

We retain personal information only for as long as needed for the purposes described in this notice, unless a longer period is required or permitted by law. The following describes how long we keep categories of information and why we retain them:

Content you supply (e.g. uploads, audio, text): retained until you delete it in the Application where deletion is offered, or until we purge inactive or stale content according to operational schedules.
Product telemetry and device signals (e.g. diagnostics, crash data, feature usage): typically retained for a limited rolling period (for example, up to 12 months) for reliability and security, unless a shorter or longer period is needed for a specific investigation or legal obligation.
Advertising and measurement identifiers: associated logs may be retained for periods consistent with measurement and fraud-prevention needs, after which they are deleted or aggregated.
Support and safety communications: retained as long as needed to respond to your request and to meet legal, dispute, or regulatory requirements.
Backups: may persist for a limited additional period before secure overwrite or deletion.

When retention ends, we delete or anonymise personal information where feasible, subject to exceptions such as legal holds or defence of legal claims.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. No method of transmission or storage is perfectly secure; if you have reason to believe your interaction with us is no longer safe, please notify us promptly using the addresses in Section 2.

9. Your privacy rights

Depending on your place of residence, you may have rights to access, correct, delete, port, object to, or restrict certain processing of your personal information, and to withdraw consent where processing is consent-based. Some regions also grant rights relating to automated decision-making and profiling; the Application’s features determine whether those rights arise in practice.

9.1 European Economic Area, United Kingdom, and Switzerland

You may exercise GDPR, UK GDPR, or FADP rights by emailing [email protected]. You also have the right to lodge a complaint with your local supervisory authority or the authority in the country where we are established, as permitted by law.

9.2 Brazil (LGPD)

Brazilian data subjects may request confirmation of processing, access, correction, anonymisation, deletion, information about sharing, portability, information about denial and consequences, and revocation of consent, subject to legal exceptions. Contact [email protected] to exercise these rights.

9.2a United States — Virginia Residents (VCDPA)

For Virginia residents: Under the Virginia Consumer Data Protection Act (“VCDPA”), you have the right to:

Know whether we collect your personal information and the categories of personal information
Access your personal information
Delete your personal information
Correct inaccurate personal information
Opt out of targeted advertising and the sale of your personal information
Opt out of profiling that produces legal or similarly significant effects
Not be discriminated against for exercising these rights

To exercise your VCDPA rights, email [email protected] with the subject line Vibar — VCDPA Request.

9.3 United States — California (CCPA/CPRA), Colorado, Connecticut, Utah, and similar state laws

Where the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, or similar U.S. state laws apply, you may have the rights described in this subsection.

Right to know — sale and sharing. You have the right to know whether your personal information is sold or shared (including for cross-context behavioral advertising), and to receive certain disclosures about those practices, as required by laws such as Cal. Civ. Code § 1798.115 and § 1798.130. “Sale” and “share” have specific meanings under California law and may be broader than everyday English.

Right to opt out of sale. You have the right to opt out of the sale of your personal information where “sale” applies under applicable law, including by submitting a request as described below (see Do Not Sell or Share My Personal Information).

Right to correct. You have the right to request correction of inaccurate personal information that we maintain, subject to verification and legal exceptions (CPRA / Cal. Civ. Code § 1798.106 and comparable state provisions).

Residents of those states may also have rights to access, delete, and opt out of certain processing, including the sharing of personal information for cross-context behavioral advertising, processing for targeted advertising, and certain profiling, as those terms are defined under applicable law. We describe monetisation and advertising-related disclosures in Section 5.

For general access, deletion, or correction requests, email [email protected] with the subject line Vibar — U.S. Privacy Request. We will verify requests where required using a verifiable consumer request process reasonable under the circumstances.

How to opt out of the sale of personal information

Under the CCPA/CPRA and similar laws, “sale” can include disclosures for valuable consideration, not only for cash. You have the right to opt out of the sale of your personal information. To exercise that right and opt out of the sale, email [email protected] and use one of these subject lines:

Vibar — Opt-Out of Sale
Vibar — Do Not Sell My Personal Information

To opt out of the sharing of personal information for cross-context behavioral advertising, or to opt out of targeted advertising where those rights apply (including under VCDPA and similar statutes), email [email protected] with the subject line Vibar — Opt-Out of Sharing / Targeted Advertising or Vibar — Opt-Out of Sharing / Targeted Ads. Include enough detail for us to identify your request.

On Android, you can also limit ad-related uses of identifiers: open Settings, go to Google → Ads, and use Reset advertising ID or Opt out of Ads Personalization (wording may vary by device). You may adjust related controls under Google Play and device privacy settings. These steps supplement your email request.

California residents and others with similar rights may use this channel to opt out of the sale and, where applicable, opt out of the sharing of personal information for cross-context behavioral advertising. If you prefer one request covering both sale and sharing opt-outs where both apply, email [email protected] with the subject line Vibar — Do Not Sell or Share My Personal Information.

To exercise a right to know whether your personal information is sold or shared (including for cross-context behavioral advertising), email [email protected] with the subject line Vibar — Right to Know (Sale) or Vibar — Right to Know (Share), as applicable.

Profiling and decisions with legal or similarly significant effects

Certain laws (including the VCDPA and CPRA) provide rights relating to profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. Vibar is not designed to use profiling for such decisions about you. If you believe such processing applies, contact [email protected] with the subject line Vibar — Profiling Opt-Out or describe the concern in a Vibar — U.S. Privacy Request.

Opt-out preference signals

Where required by applicable law and technically feasible in the contexts we operate, we will honour opt-out preference signals (such as browser or platform signals recognised under CCPA/CPRA regulations) in line with applicable requirements. For the mobile Application, submitting an email opt-out as described above remains a reliable way to exercise your rights.

Non-discrimination; appeals; incentives

We will not discriminate against you for exercising privacy rights, subject to permitted incentives disclosed in compliance with law. Where state law requires an appeal process for denied requests, describe your appeal in a reply to our response or email [email protected] with Vibar — Privacy Appeal in the subject line. We do not offer financial incentive programs that require selling personal information as a condition of a different price or quality of service.

Authorized agents may submit requests where state law allows; we may require proof of authorisation and identity verification consistent with statutory thresholds.

9.4 Other regions

If you reside outside the regions detailed above, local law may still provide rights. We will honour applicable requirements when notified through [email protected].

10. Regulatory complaints

You have the right to contact a competent data protection or consumer regulator about our processing. Examples include supervisory authorities across the EEA and UK, the Brazilian National Data Protection Authority (“ANPD”), counterpart bodies in Switzerland, and U.S. state attorneys general or privacy divisions where available. We encourage you to reach out to us first so we can attempt to resolve the matter directly.

11. Automated processing

Some creative or conversational features may rely on automated systems, including machine-learning components. We do not use these systems for decisions that produce legal or similarly significant effects about you without human oversight where such a combination is required by law. If you have questions about a particular workflow, contact us and describe the feature name and approximate time of use.

12. Children

The Application is not directed to children, and we do not knowingly collect personal information from individuals under eighteen. If you believe we have collected such information, contact us immediately at [email protected] and [email protected] so we can delete it promptly.

13. Changes to this notice

We may update this notice to reflect product changes, legal requirements, or organisational updates. When material changes occur, we will provide notice through reasonable means, such as posting an updated effective date, presenting an in-product alert, or updating the document linked from our store listing. Continued use after the effective date may constitute acceptance where permitted.

14. Contact

For privacy questions or to exercise your rights, email [email protected] or [email protected], or write to the registered address listed in Section 2.

Privacy Policy - Ravina AI