Privacy Policy

Privacy Policy (hitem3d.ai) V1.1

Privacy Policy

Effective as of June 20, 2025

Last updated: June 20, 2025

This Privacy Policy describes how [Mathmagic] (“Company”), and our website at hitem3d.ai (collectively, “hitem3d.ai”, “Hitem3D.ai”, “we,” “us,” or “our”) collect, use, disclose, transfer and store your Personal Data when you access our website or use the hitem3d.ai services, applications, online platforms or any other digital properties (collectively, the “Services”) as well as what choices you have about it.

hitem3d.ai’ Services allows users to convert unstructured data—such as text, images, videos, and sensor inputs from real or virtual-world objects and environments—into AI-driven 2D/3D and related content, including images, models, textures, animations, and interactive elements. Please read carefully and fully understand this Privacy Policy together with our Terms of User Agreement to make choices that you deem appropriate before using the hitem3d.ai’ Services.

The Privacy Policy only applies to the Personal Data we collect.

The Privacy Policy will help you understand the followings:

Index

1.Definitions

2.Collecting and Using Your Personal Data

3.How We Store Your Personal Data

4.How and When We Share Your Personal Data

5.Your Rights and Choices

6.Security

7.How Your Personal Data Transferred Globally

8.Our Policy on Children’s Data

9.Other Sites and Services

10.How We Make Changes to This Policy

11.Contact Us

Supplemental U.S. State Privacy Disclosures

1. Definitions

“Collect” refers to the behaviour of gaining control over Personal Data, including voluntary provision by the data subject, automatic collection by interaction with the data subject or recording the behaviour of the data subject, and indirect acquisition by sharing, transferring and collecting public information.

“Controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Children” is a term defined differently under different jurisdictions, e.g., it refers to an individual who is under the age of 13 pursuant to Children’s Online Privacy Protection Act (“COPPA”), in the U.S.

“Delete” refers to the behaviour of removing Personal Data from the system involved in the implementation of daily business functions, so that it cannot be retrieved and accessed.

“Personal Data” refers to any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” refers to any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Publicly disclose” refers to the behaviour of releasing information to the society or to non-specific groups of people.

“Share” refers to the process of Personal Data controller providing Personal Data to other controllers, and both sides have independent control over Personal Data.

“Third Parties” refer to companies or persons who do not have a related relationship arising out of joint ownership or control with hitem3d.ai (i.e., a non-Affiliated Company) or other non-related persons. Third parties can be financial or non-financial companies, or persons other than you and hitem3d.ai;

“Transfer” refers to the process of transferring Personal Data control from one controller to another.

“You” or “your” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Collecting and Using Your Personal Data

2.1 Personal Data that We Collect

hitem3d.ai collects information for more efficient operations and provides you with the best product experience. We collect Personal Data in a few different ways including: (1) information directly provided by you; (2) data recorded by us about how you interact with our products; (3) data from Third Parties.

2.1.1 Information you provide to us

When you use hitem3d.ai’ Services, you voluntarily share certain information.

Basic information: when you join our Services, we collect information like name, email address, gender, country of residence, phone number and preferred language.
Profile data: such as the username and password that you may set to establish an online account on the Services, photograph or picture, preferences, and any other information that you add to your account profile.
Payment and Transaction data: if you subscribe to our paid Services (or purchase our points/credits for use of the Services), you will need to provide valid payment method information and associated billing details. This typically includes your full name, billing address, and payment card details or other payment account information. Our third-party payment processors receive and process your payment information directly. We typically receive and may store certain billing information from these processors, such as the last four digits of your credit card number, card expiration date, and transaction history, to facilitate customer support and manage your subscription. We do not directly store your full payment card numbers. We also collect and store information related to your points/credits balance, purchase history, and usage history to manage your account and provide the Services. In the future, if we decide to process payments directly, we would receive and process this information ourselves in accordance with this Privacy Policy and applicable security standards.
Your communications with us: if you contact us through the Services or other channels for customer support, to provide feedback, or otherwise communicate with us, we collect the content of these communications.
Referral information / inviting friends: When you choose to invite a friend to our Services (e.g., through a referral program), we will collect the personal data you provide about your friend, which may include their email address or third-party platform account details (e.g., Google account, depending on the invitation method you choose). By providing this information, you confirm that you have the necessary consent from your friend to share their details with us for this purpose. We use this information solely to send the invitation to your friend, informing them that you initiated the invitation, and, if applicable, to track the status and success of our referral program.
User-generated content data (Prompts and Outputs): text or image prompts you provide (the “Prompts”), the AI-driven 2D/3D models and any other content you generate using the Services (the “Outputs”), and other information or content (such as photos, images, videos, models, textures, animations, interactive elements, questions, messages, works of authorship, and other content or information) that you generate, transmit, submit to us, or otherwise input into or make available on the Services, including your history of such Prompts and Outputs, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data. We do not actively solicit or intend to collect “Sensitive Personal Data” (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, finance status, etc.) as part of your Prompts. You should avoid inputting such information into the Services. If you do include Sensitive Personal Data in your Prompts, you do so voluntarily, and we will handle such data in accordance with this Privacy Policy to the extent it is processed by our Services.
Marketing data: such as your preferences for receiving our marketing communications and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

2.1.2 Technical information when you use and interface with our Services

When you use a website or other internet service, certain internet and electronic network activity information gets created and logged automatically via event tracking and other technical methods, which is adopted for device performance detecting, user behavior analysis and subsequent product optimization. This is also true when you use hitem3d.ai. Here are some of the types of information we collect:

Device information: we collect information about the device you use to access our Services, including the type of device, operating system, network service provider, settings, and unique device identifiers.
Log data: when you use our Services, our servers record information, including information that your browser automatically sends whenever you visit a website. This log data includes, for example, your Internet Protocol (IP) address, activity on websites you visit that incorporate hitem3d.ai features browser type and settings, and the date and time of when you accessed the Services.
Cookies and similar technologies: some of our automatic data collection is facilitated by cookies and similar technologies. We will also store a record of your preferences in respect of the use of these technologies in connection with the Services.
Usage data and inferences: when you’re on our Services, we use your activity—such as features you use, functions you access, and any text that you add in prompts—along with other information you’ve provided when you first signed up and information from our partners to make inferences about you and your preferences related to the use of our Services.
User Choices: We will keep a record of choices you’ve selected in your settings.

2.1.3 Third Parties (such as our partners and advertisers) share information with us

We also receive information about you and your activity outside hitem3d.ai from our affiliates, advertisers, partners and other third parties we work with. For example:

Third party platforms: If you register for or log into the Service using a third-party platform (like Google), they will furnish certain information to us to facilitate your account creation or log-in with us. By registering and logging in through third-party accounts, you are consenting to the third party providing us with the Personal Data concerned.
Technical service partners: We sometimes receive information about you from technical service partners.
Payment Processors: Our payment processors may provide us with information related to your payment status or transaction confirmations.
Advertisers or other partners: Online advertisers or third parties share information with us about you to measure, report on or improve the performance of ads on hitem3d.ai, or to help us better understand what kinds of ads to show you on hitem3d.ai.

We may collect other third-party data, such as data from our affiliates, vendors, data brokers or public sources.

2.2 How We Use your Personal Data

We process your Personal Data for purposes described in the Privacy Policy based on your prior consent and our legitimate interests. We also process your Personal Data pursuant to legal obligations imposed on us or to perform contracts between hitem3d.ai and you (such as the Terms of Use Agreement). hitem3d.ai will strictly comply with the Privacy Policy and its updates to use your Personal Data. If your Personal Data is used for other purposes that is not stipulated in the Privacy Policy, we will additionally obtain your specific consent or other legal basis. Examples of our processing activities are as follows:

2.2.1 Service Delivery and Maintenance

We’re committed to providing you with a powerful and intuitive AI driven 2D/3D modeling tool. To do that, we may use your Personal Data to:

Identify you when you use our Services;
Manage your registration as a user of the Services. The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered user and subject to your subscription plan;
Provide you with access to and management of your AI 2D/3D model or content generation history (Prompts and Outputs);
Process your subscriptions, points/credit purchases, and payments;
Establish and maintain your user profile on the Service;
Provide, operate, maintain and improve the Services and our business;
Personalize the Services, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Services;
Provide you with Service-related general information, announcements, news, updates, security alerts, subscription options and status, and support and administrative messages;
Communicate with you about events, promotions related to hitem3d.ai in which you may be interested;
Understand your needs and interests, and personalize your experience with the Services and our communications;
Provide customer support for our Services, and respond to and manage your requests, questions and feedback.

2.2.2 Product & Services Improvement and Analytics

As part of our efforts to improve Services provided by hitem3d.ai, we may use your Personal Data to analyze product usage condition so as to constantly create, develop, and analyze business operation efficiency, and include new features and functions. Specifically, we use the information we collect to:

Create aggregated, de-identified and/or anonymized data from Personal Data we collect. We make Personal Data into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with Third Parties for our lawful purposes of this Privacy Policy and our business, including to analyze and improve the Services and promote our business, and will not attempt to re-identify any such data; and
Analyze your usage of the Services so as to constantly create, develop and improve the Services, improve the rest of our business, include new features and functions, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails, and to develop new products and services.

2.2.3 Compliance and protection

We use your information in our efforts to keep our users and the public safe, and to protect legal interests. To do so, we may use your personal information to:

Review your activity on our Services to detect misuse, spam or activity that poses a risk to the integrity of our Services or violates our policies. This can include working with law enforcement to keep hitem3d.ai safe;
Analyze users’ log data and device information to identify and investigate suspicious behavior or violations of our policies or terms;
Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
Access user information in relation to a legal claim, litigation, or regulatory proceeding;
Protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
Enforce the terms and conditions that govern the service; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

2.2.4 Limits on Use of Your Google User Data

Notwithstanding anything else in this Privacy Policy, if you provide hitem3d.ai access to your Google data, our use of that data will adhere to the Google API Services User Data Policy andLimited Use Policy and will be subject to these restrictions, as required by Google:

We will only use our access to read, write, or modify your Google data to perform the specific services that you request from us (for example, using Google Sign-In to create or access your account), and we will not transfer the Google data to others unless doing so is necessary to perform such services, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
We will not allow humans to read the Google data unless doing so is necessary to perform the services or tasks that you’ve requested of our specialists or guides, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations and even then only when the data have been aggregated and anonymized.

2.3 How We Use Cookies and Similar Technologies

Using cookies can help you personalize your online experience. You can accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser's settings to reject cookies if you want. Cookies do not track personal data. We may use the Cookies and similar technologies described above for the following purposes:

Technical operation. To allow the technical operation of the Services, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
Functionality. To enhance the performance and functionality of our services.
Analytics. To help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails.

You can choose to enable or disable cookies in your Internet browser. Most Internet browsers also allow you to choose whether you want to disable all cookies or only third-party cookies. By default, most Internet browsers accept cookies, but this can be changed. For more information, please see the help menu in your Internet browser or the documentation that came with your device.

The following link provides instructions on how to manage cookies in the relevant browser:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
IE: https://support.microsoft.com/en-us/help/260971/description-of-cookies
Safari (Desktop): https://support.apple.com/kb/PH5042?locale=en_US
Safari (Mobile): https://support.apple.com/en-us/HT201265

If you use other browsers, please refer to the documentation provided by the browser manufacturer.

Please note that if you refuse to use, or clear existing cookies, you may need to change your user settings personally for each visit, and we may not be able to provide a better and quality experience to you or parts of our services may not function correctly.

3. How We Store Your Personal Data (Data Retention)

We will strictly abide by our internal retention policy to store your Personal Data. We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, except a longer period required by applicable laws and regulations or your explicit consent.

We will retain and use your Personal Data to the extent necessary to:

Provide and maintain your account and access to the Services.
Allow you to access and use your User-Generated Content Data (Prompts and Outputs), including your generation history, created within the Services, subject to your subscription terms and our data management policies.
Maintain records of your subscriptions, points/credits purchases, balance, and usage history for account management, service delivery, and to comply with financial record-keeping obligations.
Comply with our legal obligations (for example, if we are required to retain your data to comply with applicable tax, accounting, or other laws).
Resolve disputes and enforce our legal agreements and policies.
Support our legitimate business interests, such as service improvement, fraud prevention, and security.

When assessing how long your Personal Data is retained, we consider criteria such as:

The nature of the Personal Data and the activities involved (e.g., account information, payment/transaction data, user-generated content).
When and for how long you use the Services, including the status of your account (active, inactive, or closed).
Our legitimate interests and our legal obligations.
The need to retain data for financial records, audit purposes, or to address potential disputes.

If you deactivate your account, or upon the expiration of the necessary retention period, we will take steps to delete or anonymize your Personal Data from our active systems in accordance with our internal data retention policies and applicable law. Anonymized data, which can no longer be used to identify you, may be retained for analytical and service improvement purposes. Please note that some data may persist in backup or archival media for a limited period as required by law or for legitimate business purposes before being securely deleted.

4. How and When We Share Your Personal Data

We do not sell your Personal Data. We may share your Personal Data with the following categories of parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection:

Service Providers, Third Party Vendors, Consultants, and other Business Partners: We may share your Personal Data with these parties in order to provide services on our behalf, monitor and analyze the use of our Services, or help us operate the Services or our business. This includes providers of:

Hosting and infrastructure (e.g., cloud storage and computing services).
Payment processing.
Data analytics and usage monitoring.
Customer support and communication tools.
Email delivery and marketing (for service announcements, updates, consumer research, and, if you opt-in, marketing communications about hitem3d.ai).
Security services.

These service providers are contractually obligated to protect your Personal Data and are restricted from using it for any other purpose than to provide the services we have engaged them for.

**Third Parties designated by you. **We may share your Personal Data with Third Parties where you have instructed us or provided your consent to do so. For example, if you choose to integrate your hitem3d.ai account with a third-party service, or if you use a feature that allows you to export or share your generated content with others outside of our Services. The use of your information by such Third Parties will be governed by their own privacy policies.
Affiliates: We may share Personal Data with our corporate parent, subsidiaries, and other affiliated companies, for purposes consistent with this Privacy Policy and for legitimate business operations.
Advertising Platforms and Marketing Partners. We may share limited Personal Data (such as device identifiers, email addresses in a hashed form, or information about actions taken on our Services, like account registration) with advertising platforms (e.g., Google, Meta, LinkedIn) to help us reach individuals who might be interested in our Services, to measure the performance of our advertising campaigns, and to create custom audiences for our ads. We do this to support the growth of our business and provide only the information required to facilitate these services. You may have choices regarding this type of data sharing through your settings on those third-party platforms or through our cookie consent mechanisms. These service providers are contractually obligated to protect your Personal Data and are restricted from using it for any other purpose than to provide the services we have engaged them for.
Professional Advisors. We may disclose your Personal Data to professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
**Law Enforcement Agencies, Government Agencies, Researchers, or Other Parties in Compliance with Laws, Rules, or Regulations. **For example, we may get requests for account information from law enforcement authorities like the police or courts. We only disclose information in response to such requests if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or hitem3d.ai; or to detect, prevent, or otherwise address fraud, security or technical issues. We may also share information if we believe it is necessary to prevent imminent and serious bodily harm to a person in emergency situations.
Business Transferees (Change of Corporate Ownership). We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in hitem3d.ai, financing of hitem3d.ai, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of hitem3d.ai as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more Third Parties as one of our business assets.
Aggregated or De-identified Data. We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with Third Parties for research, marketing, analytics, or other purposes.

We make commercially reasonable efforts to verify that the parties with whom our mobile application shares personal information provide a level of protection of personal information consistent with the practices described in this Privacy Policy, except that all such parties described above other than service providers and affiliates may, to the extent permitted by law, use personal information as described in their own privacy policies.

Unlike platforms with community features, your User-Generated Content Data (Prompts and Outputs) created within hitem3d.ai is not made public or visible to other users of the Services by default. You control whether to share your content outside of the Services through export functionalities or integrations you may choose to use.

5. Your Rights and Choices

We offer you certain choices to control your data. Depending on your location and applicable local data protection laws, you may have the following rights concerning your Personal Data that we process. You can typically exercise many of these rights and choices through your account settings or by contacting us as described at the end of this section..

**Right to Know **and Be Informed: We are committed to transparency. This Privacy Policy, along with any specific notices provided at the time of data collection, informs you how we collect, use, and share your Personal Data.
Right to Access: You have the right to request access to the Personal Data we hold about you and to receive a copy of it, along with information about how we process it.
Opt-out of Communications: You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
Right of Rectification: If you believe that any Personal Data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. You may be able to update some of this information directly within your account settings.
**Right to Delete (“Right to be Forgotten”): **you may make a request to us to delete your Personal Data under certain circumstances, such as:

The Personal Data is no longer necessary for the purposes for which it was collected;
You withdraw consent on which the processing is based, and there is no other legal ground for the processing;
You object to the processing and there are no overriding legitimate grounds for the processing (or you object to processing for direct marketing purposes);
The Personal Data has been unlawfully processed;
The Personal Data has to be erased for compliance with a legal obligation. Please note that we may be legally entitled or required to retain certain information, as detailed in **Section 3 ("How We Store Your Personal Data") **and as necessary to comply with legal requirements, prevent fraud, resolve disputes, or enforce our agreements.

Managing Your User-Generated Content: You can generally manage, modify, or delete your User-Generated Content Data (Prompts and Outputs) created within the Services through your account interface, subject to your subscription terms and our data management policies
Delete your content or close your account: You can choose to delete your account, which deletes all of your assets tied to that account. If you wish to request to close your account, please contact us or request that we delete your account from within hitem3d.ai’ websites.
**Right to Restrict Processing: **You are entitled to request hitem3d.ai to restrict processing of your Personal Data under the following circumstances:

You contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of the Personal Data;
The processing is unlawful and you oppose the erasure of your Personal Data and requests the restriction of their use instead;
We no longer need your Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
You have objected to processing, pending the verification whether the legitimate grounds of us override those of you.

This means we can store your Personal Data but cannot process it.

Right of Data Portability: To the extent permitted by laws and regulations, you are entitled to obtain your Personal Data in a structured, commonly used, and machine readable format. For instance, if you decide to change the service provider, this right enables you to reliably and safely move, copy or easily transfer your Personal Data between IT systems without affecting its use.
Right of Refusal: To the extent permitted by the applicable laws and regulations, you have right to refuse our processing for these purposes.
Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.
**Choices Regarding Linked third-party platforms. **If you choose to connect to the Service through a third-party platform like Google, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
Right to Withdraw Consent: Where our processing of your Personal Data is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. You can typically withdraw consent through the same method it was given, through your account settings, or by contacting us.
Right to Refuse Automated Decision and Profiling: You generally have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right does not apply if the decision is necessary for entering into, or performance of, a contract between you and us, is authorized by applicable law, or is based on your explicit consent. We will inform you if we implement such automated decision-making and provide you with an opportunity to opt out of the automated decision-making.
Right to Lodge a Complaint: You have the right to lodge a complaint with a competent data protection supervisory authority, particularly in the country of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your Personal Data infringes applicable data protection laws.

6. Security

The security of your Personal Data is a priority for hitem3d.ai. We implement and maintain appropriate technical and organizational security measures designed to protect your Personal Data from accidental or unlawful destruction, loss, damage, alteration, unauthorized access, disclosure, or use. These measures are in accordance with industry standards and applicable laws and include, but are not limited to:

Access Controls: Implementing strict data access authorization mechanisms, utilizing multi-factor authentication where appropriate, and monitoring access to your Personal Data to prevent unauthorized access and use.
Data Lifecycle Management: Monitoring the lifecycle of data to protect your Personal Data from unauthorized access, disclosure, modification, and accidental or intentional damage or loss.
Encryption: Employing encryption for data in transit and at rest where appropriate.
Regular Assessments: Conducting regular security assessments and updates to our security practices.

Your account is protected by a password for your privacy and security. You are responsible for maintaining the confidentiality of your password and for any activities that occur under your account. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device by signing off after you have finished accessing your account. If you believe the security of your account or Personal Data has been compromised, please contact us immediately at [legal@mathmagical.com].

However, please be attention, even if we undertake reasonable measures to protect your data, there is no website, internet transmission, computer system or wireless connection that are definitely safe. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

In case of Personal Data security incident where it is likely to result in a high risk to the rights and freedoms of you, we shall communicate the Personal Data breach to you in accordance with the requirements of laws and regulations such as basic situations and possible influence of the security incident, response measures we have taken or will take, suggestions for you regarding self-prevention and risk reduction, remedial measures for you, etc.

We will inform you in a timely manner by email, mail, telephone, push notification, etc., regarding the relevant situations of the incident. When it is difficult to notify each Personal Data subject individually, we will issue a notice in a reasonable and effective manner. In the meantime, we will take the initiative to report on the handling of Personal Data security incident in accordance with regulatory department’s requirements.

7. How Your Personal Data Transferred Globally

hitem3d.ai operates as a global service. As such, your Personal Data may be transferred to, stored, and processed in countries other than your own state, province, or country of residence, where data protection laws may differ from those in your jurisdiction.

By agreeing to the Privacy Policy and using our Services, you acknowledge that your Personal Data may be transferred to and processed in these locations for the purposes described in this Privacy Policy.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.

8. Our Policy on Children’s Data

Our services are not designed to target children, and therefore, we do not intentionally collect any data pertaining to children. We do not knowingly gather personally identifiable information from any children as defined by applicable laws.

We encourage parents and legal guardians to monitor their children's internet usage and to help enforce this Privacy Policy by instructing their children never to provide Personal Data through our Services without their permission.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately at [legal@mathmagical.com]. We take the privacy and protection of children's data very seriously. Should we become aware that we have inadvertently collected Personal Data from any child without obtaining verifiable parental consent, we will promptly take all necessary steps to remove such information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

9. Other Sites and Services

The Services may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

10. How We Make Changes to This Policy

We may change this Privacy Policy from time to time and if we do, we’ll post any changes on this page and update the “Last updated” date at the top of this Privacy Policy. If the changes are significant, we may provide a more prominent notice, such as by sending you an email.

You are advised to review this Privacy Policy periodically for any changes. If you continue to use hitem3d.ai after those changes are in effect, the new policy applies to you.

11. Contact Us

If you have any concerns or doubt over our Privacy Policy or our practices, please contact us via following channels:

logging on the hitem3d.ai products and/or services interface to provide feedback, consultation and complaint to our online customer service;
sending email to legal@mathmagical.com.

Any review and processing will normally be completed within thirty (30) days after verifying your user identity. If it takes more time to respond to your request or if weage are unable to respond to your request, we will send you a notice and explain the reasons within the maximum timeframe required by law.

Supplemental U.S. State Privacy Disclosures

This Addendum supplements our Privacy Policy and applies solely to residents of certain U.S. states with comprehensive privacy laws, such as California (including as applicable under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, collectively "CCPA"), Virginia, Colorado, Utah, and Connecticut, or individuals whose Personal Data has been collected in these states. Any terms defined in such applicable state privacy laws have the same meaning when used in this Addendum.

INFORMATION WE COLLECT

The following table describes the categories of Personal Data (as defined by the CCPA and similar state laws) that hitem3d.ai may collect, and has collected in the preceding 12 months, and the categories of Third Parties to whom we may disclose this information for a business purpose. Please refer to **Section 1 ("Personal Data We Collect") **and Section 3 ("How We Share Your Personal Data") of our main Privacy Policy for more details.

Category of Personal Data (corresponds to categories listed in CCPA§1798.140(o)(1))	Collected?	Categories of Third Parties to Whom Disclosed for a Business Purpose
A. Identifiers such as name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name.	Yes	Service providers (e.g., hosting, analytics, customer support, payment processors); Affiliates; professional advisors (legal, financial); parties involved in corporate transactions (e.g., mergers); law enforcement or government authorities (as required by law); other users (if you share information publicly or with them).
B. Personal Data categories listed in the California Customer Records statute, such as name, contact information, education, occupation, employment record and financial information.	Yes	Service providers; Affiliates; professional advisors; parties involved in corporate transactions; law enforcement or government authorities.
C. Characteristics of protected classifications under California or federal law, such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes (Currently, we only collect your age information to determine whether you meet the legal requirements to be our user)	No
D. Commercial information, such as transaction information, purchase history, financial details, and payment information.	Yes	Service providers (e.g., payment processors, analytics); Affiliates; parties involved in corporate transactions.
E. Biometric information, such as fingerprints and voiceprints.	No	No
F. Internet or other electronic network activity information, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements.	Yes	Service providers (e.g., analytics, advertising partners if applicable); Affiliates.
G. Geolocation data, such as device location.	Yes	Service providers (e.g., analytics, hosting)
H. Audio, electronic, visual, and similar information, such as images and audio, video or call recordings created in connection with our business activities.	Yes _(Includes text and image prompts you provide, AI-driven 2D/3D content you generate such as images, models, textures, and animations, your history of such Prompts and Outputs, and any other images or files you choose to upload to our Service)_	Service providers (e.g., essential services such as hosting, content delivery, analytics)
I. Professional or employment-related information, such as job title as well as employment record and working experience.	No	No
J. Education information subject to the federal Family Educational Rights and Privacy Act, such as student profiles.	No	No
K. Inferences drawn from any of the Personal Data listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.	Yes	Service providers (e.g., for personalization, analytics); affiliates.

YOUR ADDITIONAL U.S. STATE PRIVACY RIGHTS

Subject to certain limitations and exceptions under applicable state laws, you may have the following rights regarding your Personal Data:

**Right to Opt-Out of Sale of Personal Data to Third Parties: **Currently, we do not "sell" your Personal Data as those terms are defined under applicable state privacy laws, and have not done so in the preceding 12 months. Therefore, we do not offer an opt-out of sale at this time. If our practices change, we will update this Privacy Policy and provide you with the necessary opt-out rights.
Financial Incentives: We do not currently offer financial incentives in exchange for the collection or use of Personal Data. If we do so in the future, we will provide you with more information about the incentives and obtain your consent before collecting your Personal Data in connection with such an offering.
Right to be Free from Discrimination: You may always exercise all rights and we will not unlawfully discriminate against you for exercising your rights under the CCPA. You have the right not to be discriminated against for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of goods or services for exercising your rights.
“Shine the Light” Law (California Residents): Residents of the State of California have the right to request information from hitem3d.ai regarding the categories of Personal Data disclosed to Third Parties for their direct marketing purposes and the names and addresses of those Third Parties during the preceding calendar year. To make such a request, please send an email to legal@mathmagical.com. Please note that if we provide a cost-free means to opt-out of such sharing, or if we do not disclose Personal Data to Third Parties for their direct marketing purposes without affirmative consent, we may respond by providing you with information on how to exercise your opt-out or consent choices.
Residents of the State of California also have the right to request information regarding Third Parties to whom hitem3d.ai has disclosed certain categories of Personal Data during the preceding year for the Third Parties’ direct marketing purposes. If you are a California resident and you wish to opt out, please send us an email at legal@mathmagical.com.
Authorized Agents: You may designate an authorized agent to make a request on your behalf. If you use an authorized agent, we will require the agent to provide signed written permission to act on your behalf, and we may also require you to independently verify your identity and submit proof of your residency with us.
Right to Appeal: If we deny your request, you may have the right to appeal our decision. We will provide you with information on how to appeal at the time of our response to your request, in accordance with applicable state law.