Privacy Policy

Last updated: September 25, 2025 — Effective: September 25, 2025

Your Privacy Matters

At Ātotoi we treat your privacy with care. This Privacy Policy explains what data we collect and how we use it. This policy covers our website, apps, and related tools.

Wimbledon Welwyn Trading Limited (United Kingdom) owns and operates Ātotoi. This policy reflects the company's data practices and those of its service providers. For questions, contact privacy@atotoi.me.

We last updated this policy on the date shown above. We may update it to reflect product or legal changes. We will notify users of material changes by email or in-app notice.

1. Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Create an account or place an order
  • Upload photos for figure creation
  • Contact our customer support
  • Subscribe to our newsletter
  • Participate in surveys or promotions

This may include:

  • Name, email address, and phone number
  • Billing and shipping addresses
  • Payment information (securely processed through Stripe)
  • Photos and images you upload
  • Communication preferences

Usage Information

We automatically collect certain information when you visit our website.

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited and time spent on our site
  • Referring website and search terms
  • Interaction with our services and features

AI model usage & anonymization

When you use our AI features we may use your inputs, such as photos and prompts, to generate results and to improve our models. We will pseudonymize or anonymize data used for training when practicable. We remove direct identifiers where feasible and apply safeguards before using data for model improvements.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage patterns, and deliver personalized content. You can control cookie settings through your browser preferences.

2. How We Use Your Information

We use the information we collect for specific purposes. These purposes include service delivery, communication, improvement, and legal or security needs.

Service Delivery

  • Process and fulfill your orders.
  • Create your custom 3D figures.
  • Manage your account and preferences.
  • Provide customer support.

Communication

  • Send order confirmations and updates.
  • Respond to your inquiries.
  • Send promotional materials with consent.
  • Notify you of important changes.

Improvement

  • Improve our AI algorithms.
  • Enhance service quality.
  • Develop new features.
  • Analyze usage patterns.

When we use data to improve AI models, we apply de-identification and aggregation where feasible. These steps help protect privacy while enabling model improvements.

Legal & Security

  • Prevent fraud and abuse
  • Ensure platform security
  • Comply with legal obligations
  • Protect our rights and interests
3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in limited circumstances.

Service Providers

We use trusted third-party service providers to operate our business.

  • Payment processing (Stripe)
  • Cloud storage and hosting
  • Email delivery services
  • Shipping and logistics partners
  • Analytics and marketing tools

Legal Requirements

We may disclose your information when required by law. We may also disclose data to protect our rights.

  • Compliance with legal processes
  • Response to government requests
  • Protection against fraud or illegal activities
  • Enforcement of our terms of service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

4. Data Security

We implement security measures to protect personal information.

Technical Safeguards

  • SSL/TLS encryption for data transmission
  • Encrypted storage of sensitive data
  • Regular security audits and updates
  • Secure cloud infrastructure
  • Multi-factor authentication

Operational Safeguards

  • Limited access on need-to-know basis
  • Employee training on data protection
  • Regular backup and recovery procedures
  • Incident response protocols
  • Vendor security assessments

Important: While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

5. Data Retention

We retain personal information only as long as needed to meet the purposes in this policy. We may retain data longer when law requires it.

Retention Periods

  • Account Information: Until account deletion or 3 years of inactivity.
  • Order Data: 7 years for tax and legal compliance.
  • Uploaded Photos: 30 days after order completion unless you choose to keep them.
  • Support Communications: 2 years for quality assurance.
  • Marketing Data: Until you unsubscribe.

When we no longer need your information, we securely delete or anonymize it in accordance with our data retention schedule and applicable laws.

6. Your Privacy Rights

Depending on your location, you may have rights over your personal information.

Access & Control

  • Access your personal information.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to processing activities.

Data Portability

  • Receive a copy of your data.
  • Transfer data to another service.
  • Withdraw consent at any time.
  • Opt out of marketing communications.

How to Exercise Your Rights: To exercise any of these rights, contact privacy@atotoi.me or use the contact information below. We will respond within 30 days. We may verify your identity before processing some requests.

7. International Data Transfers

We store personal information mainly within the United Kingdom. When we process data cross-border, we put safeguards in place. We will inform you of transfer details and legal basis when required.

We ensure transfers comply with data protection laws. We use appropriate safeguards such as:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions for certain countries
  • Certification schemes and codes of conduct
  • Other legally recognized transfer mechanisms
8. Children's Privacy

Our services are not for children under 13. We do not knowingly collect information from children under 13. If you suspect a child provided us with data, contact us immediately.

For users aged 13 to 18, we recommend parental guidance when using our services or uploading photos.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we change the policy, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email if the changes are material
  • Post a notice on our website highlighting the changes
  • Provide additional notice as required by applicable law

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions or requests about this Privacy Policy, contact us.

Privacy Officer

Email: privacy@atotoi.me

Response Time: Within 48 hours

For EU residents: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.