Privacy Policy

DenimNotes is operated by Esipick (esipick.com), a software agency registered in Pakistan and the United States. This Privacy Policy explains how we collect, use, and protect information when you use the DenimNotes mobile application on iOS, Android, or through the web.

By using DenimNotes, you agree to the practices described in this policy. If you do not agree, please do not use the app.

Account data

When you create an account, we collect your name and email address. If you sign in with Google, we receive your name, email address, and profile picture from Google's OAuth service.

Fabric capture data

• Photos you take within the app of fabric samples
• Article numbers and fabric details captured via OCR or manual entry
• Voice recordings and their AI-generated transcriptions
• Taxonomy classifications you apply (stretch type, construction, softness, shade, price tier)
• Session names, event names, and contact names you create
• Composition strings, price fields, and free-text notes

Usage data

Standard technical information such as device type, operating system version, and app version. This is used solely to diagnose errors and improve the app. We do not use this data for advertising or profiling.

• To provide the DenimNotes service — storing your fabric captures, generating PDFs, and syncing your data across sessions and devices
• To authenticate your identity and maintain the security of your account
• To send voice recordings to OpenAI's Whisper API for transcription — voice data is processed according to OpenAI's API data usage policies and is not used to train AI models under their API terms
• To improve the app and fix bugs — only anonymised, aggregated usage patterns are analysed for this purpose
• To send transactional emails related to your account (password resets, security alerts)

We do not use your fabric capture data for any purpose other than delivering the service to you. We do not run advertisements. We do not build profiles for third-party marketing.

Your data is stored on Supabase (supabase.com), a cloud database provider with servers in the European Union. All data is:

• Encrypted in transit using TLS 1.2 or higher
• Encrypted at rest using AES-256
• Stored in a private database accessible only to your account via row-level security

Fabric images are stored in Supabase Storage and are accessible only through authenticated URLs tied to your account. Images are not publicly discoverable.

The app also stores a local copy of your captures on your device to enable offline use. This data is stored in the app's private storage container and is not accessible to other apps or to us remotely.

We retain your data for as long as your account is active. You can request deletion at any time — see Section 7.

DenimNotes uses the following third-party services to operate. Each is listed with the specific data it processes and a link to its privacy policy.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your fabric capture data is private to your account and is never shared with other DenimNotes users or third parties, except as required to deliver the service (for example, Supabase storing your data on our behalf as a data processor).

We may disclose data if required by law, court order, or a binding government request. In such cases, we will notify you to the extent permitted by law before disclosing.

When you use the Checkout feature to generate a PDF and send it via WhatsApp or email, that sharing is initiated entirely by you. We do not transmit your data to recipients — you do, through your own apps.

You have the following rights over your data:

• Access — request a full export of all data we hold about you. We will provide it within 30 days.
• Deletion — delete your account and all associated data using the "Delete Account" option in Settings, or by emailing us. Deletion is permanent and irreversible.
• Correction — update your name and email directly in the app Settings at any time.
• Portability — request your fabric capture data in JSON format. Email us and we will prepare an export within 30 days.
• Restriction — request that we stop processing your data while a dispute is resolved. Contact us to do so.
• Objection — object to our processing of your data for any reason. We will assess and respond within 30 days.

If you are located in the European Union, you also have rights under the General Data Protection Regulation (GDPR). If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at the address in Section 12.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this section applies to you. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Lawful basis for processing

We rely on the following legal bases under GDPR Article 6 to process your data:

• Contract performance (Article 6(1)(b)) — processing your account data, fabric captures, and session data is necessary to provide the DenimNotes service you have signed up for. Without this data we cannot deliver the app.
• Legitimate interests (Article 6(1)(f)) — we process anonymised usage data to improve the app and fix bugs. Our legitimate interest in maintaining a reliable, high-quality service is balanced against your privacy interests and does not override them.
• Consent (Article 6(1)(a)) — voice recordings are processed only when you actively use the microphone feature. By holding the mic button, you consent to that specific recording being sent for transcription. You can withdraw this consent at any time by disabling microphone access in your device settings.

International data transfers

Your data is stored on Supabase servers located in the European Union, so most processing occurs within the EEA. However, two transfers outside the EEA occur:

• OpenAI (United States) — voice recordings are sent to OpenAI's Whisper API for transcription. OpenAI participates in the EU–US Data Privacy Framework and processes API data under Standard Contractual Clauses (SCCs) approved by the European Commission. Voice data is not used for model training under OpenAI's API terms.
• Google (United States) — if you use Google Sign-In, your name and email are received from Google. Google is certified under the EU–US Data Privacy Framework and uses SCCs for data transfers.

You can request a copy of the applicable safeguards by contacting us at the address in Section 12.

Right to lodge a complaint

If you are in the EU and believe we have processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority. You may contact the authority in your country of residence, or the Dutch supervisory authority (as our primary EU point of contact for Kingpins Amsterdam and EU trade shows):

We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at the address in Section 12.

DenimNotes requests access to your device camera to photograph fabric samples and scan article number labels. It requests access to your microphone to record optional voice annotations.

• Camera access is required for the core capture feature. Without it, the app cannot scan labels or photograph fabrics.
• Microphone access is entirely optional. You can use DenimNotes fully without it — voice notes are an optional enhancement.
• Photos taken within the app are stored in your account only. They are not added to your device's camera roll unless you explicitly save them.
• Voice recordings are sent to OpenAI's Whisper API for transcription, then discarded from our servers. The transcribed text is saved to your fabric record.
• Neither camera nor microphone access is used for any purpose other than the features described above.

You can revoke camera or microphone permissions at any time in your device's system Settings.

DenimNotes is a professional trade tool intended for adults working in the fashion and textile industry. We do not knowingly collect data from anyone under the age of 16.

If we become aware that a person under 16 has created an account, we will immediately delete the account and all associated data. If you believe a minor has registered, please contact us at the address in Section 12.

We may update this Privacy Policy as the app evolves — for example, when we add new features that process different types of data.

We will notify you of material changes by email (to the address on your account) or by a prominent notice within the app, at least 14 days before the changes take effect.

For minor changes (correcting typos, clarifying language without changing meaning), we will update the "Last updated" date at the top of this page. Continued use of DenimNotes after changes take effect constitutes acceptance of the updated policy.

Previous versions of this policy are available on request.

For any privacy-related questions, data access requests, account deletion, or to exercise any right described in Section 7, contact us at:

We aim to respond to all privacy requests within 5 business days.