Nailed It
Home Terms of Use Get the app
Legal

Privacy Policy

Last updated: July 6, 2026

Contents

  1. 1. Overview
  2. 2. What we collect
  3. 3. How your photos are used
  4. 4. Where your data lives
  5. 5. Third-party processors
  6. 6. Analytics
  7. 7. Device-based credit tracking
  8. 8. Content moderation
  9. 9. When we share data
  10. 10. Retention and deletion
  11. 11. Children's privacy
  12. 12. Your rights
  13. 13. International transfers
  14. 14. Security
  15. 15. Changes to this policy
  16. 16. Contact us

The short version: there are no accounts and no cloud database. Your photos and designs stay on your phone. A photo leaves your device exactly once, over an encrypted connection, to generate the image you asked for, and is not stored on any server afterward.

1. Overview

Nailed It was built with a simple privacy principle: your photos and designs are yours, and they stay on your phone. There is no user account, no login, and no server-side database of your content. This policy explains, in plain language, exactly what happens to your data and why.

2. What we collect

Because there is no account system, we collect very little directly. What exists:

  • Content you create or upload: text prompts, shape, length and finish selections, hand photos, inspiration photos, and the resulting AI-generated images. These are stored locally in the App on your device only.
  • Onboarding quiz answers (your stated nail vibe, habits, and preferences): stored locally on your device to personalize your feed, never transmitted anywhere.
  • Purchase and subscription status: handled entirely by Apple's StoreKit. We receive confirmation of entitlement status but never your payment details, which Apple does not share with us.
  • Basic usage analytics: see Section 6.
  • A device-level credit counter: see Section 7.

3. How your photos are used

When you generate a design, request a try-on, or import inspiration from another app, the relevant photo (your hand photo, an inspiration image, or an imported image) is sent once, over an encrypted connection, to our AI image-generation partner to produce your requested result. This is the only time your photo leaves your device. It is not stored by us on any server, and it is not stored persistently by our AI processing partner beyond what is necessary to fulfill the request and their own standard, brief operational logging.

Photos are also screened by an automated content-safety check before generation (see Section 8), which involves a similarly brief, non-persistent transmission.

Once your result comes back, the finished image is saved directly to your device's local storage. We never see it and we cannot access it. There is nothing on our end to request, export, or delete on your behalf, because nothing is stored on our end in the first place.

4. Where your data lives

All designs, edit history, favorites, and photos are stored locally on your iPhone using on-device storage. This data:

  • Is never synced to any server or cloud database operated by us;
  • May be included in your device's standard iCloud device backup, if you have that enabled at the iOS level. That backup is managed entirely by Apple and covered by Apple's own privacy practices, not ours;
  • Is permanently deleted the moment you delete the corresponding design in the App, or delete the App itself.

Because there is no cross-device sync, your saved designs live only on the one iPhone you used to create them.

5. Third-party processors

We use the following categories of third-party service providers, solely to operate the App:

  • AI image generation (currently Google's Gemini API): processes photos and prompts you submit to generate designs and try-on results, as described above.
  • Apple, Inc.: StoreKit for subscription and purchase processing; DeviceCheck, if enabled, for anti-abuse device flagging (see Section 7); and push notification delivery, if you enable notifications.
  • Analytics providers (such as Mixpanel or Amplitude): aggregate, non-identifying usage analytics (see Section 6).

We do not sell your data to any third party, and we do not share your photos or designs with advertisers.

6. Analytics

We use a client-side analytics SDK to understand aggregate app usage, for example how many people complete onboarding, or which creation mode is used most. This data is not tied to your name, email, or any account (since none exists), and does not include your photos, prompts, or generated designs. If you have granted App Tracking Transparency permission, some anonymized, aggregated attribution data may also be shared with advertising partners; you can decline this at any time via the App Tracking Transparency prompt or in iOS Settings under Privacy & Security and Tracking.

7. Device-based credit tracking

New installs receive a small number of free design generations and try-ons before a subscription is required. To keep this fair, and to prevent the same person from repeatedly deleting and reinstalling the App to claim unlimited free credits, we track how many free credits have been used in two ways:

  • iOS Keychain: a small counter stored in your device's secure Keychain, which (unlike normal app data) is not erased when the App is deleted.
  • Apple DeviceCheck (where enabled): Apple's built-in, privacy-preserving mechanism that lets an app store two bits of state per physical device on Apple's own servers, without any account, name, or identifying information attached. We never see your device's identity through this mechanism, only a yes-or-no flag.

Neither mechanism identifies you personally, and both are used exclusively for this anti-abuse purpose.

8. Content moderation

Every photo you upload (a hand photo, an inspiration or outfit photo, or an image imported via the share sheet) is automatically screened by an AI-based safety classifier before it is used to generate a design. This check exists to block content such as nudity or content unrelated to nails and beauty, and to prevent misuse of the App. The screening happens as part of the same brief transmission described in Section 3 and is not stored afterward.

9. When we share data

We share data only in the limited ways described in this policy (with the AI processing partner, Apple, and analytics providers, each solely to operate the App), or when required to comply with a valid legal request, protect our rights, or prevent fraud or harm. We do not sell personal data.

10. Retention and deletion

Because we do not operate a server-side database of your content, there is no copy of your designs or photos on our servers to retain or delete. Deleting a design in the App, or deleting the App itself, removes it completely and immediately from the only place it ever lived: your device. Aggregate, non-identifying analytics events may be retained by our analytics provider per their standard retention practices, but these do not include your photos or generated content.

11. Children's privacy

The App is rated 12+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the App in a way that raises a privacy concern, please contact us at social@lockin.cz.

12. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data (for example, under the GDPR in the EU and UK, or the CCPA in California). Because nearly all App data lives only on your device, you can exercise most of these rights directly and instantly by deleting the relevant design, or the App, on your device. For anything relating to the limited data described in this policy that is not purely on-device (such as analytics), contact us at social@lockin.cz and we will respond within a reasonable time.

13. International transfers

When your photo or prompt is sent for AI processing or safety screening, it may be transmitted to and processed in the United States or other countries where our service providers operate, which may have different data protection laws than your country of residence. These providers are contractually and legally required to protect your data appropriately.

14. Security

Data transmitted for generation or moderation is sent over encrypted (HTTPS/TLS) connections. Data stored on your device benefits from iOS's built-in device-level security, including the iOS Keychain for credit tracking. No method of transmission or storage is completely secure, but we designed the App to minimize what leaves your device in the first place.

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where required, by an in-app notice.

16. Contact us

Questions about this policy, or requests relating to your data, can be sent to social@lockin.cz.

© 2026 Nailed It. All rights reserved. Terms  ·  Privacy