Privacy Policy

Effective Date: September 4, 2025
Controller: Onat Çipli ("we", "us", "our")

This Privacy Policy describes how we collect, use, disclose, and protect information when you use our mobile applications, web applications, and related services (collectively, the "Services").

Important: If anything here conflicts with an in-app notice for a specific feature, the in-app notice controls for that feature.

1. Information We Collect

1.1 Information You Provide

Account Data (Anonymous Only)
• What: Anonymous Firebase user identifier only - we do NOT collect names, email addresses, or personal contact information
• Use: Create/manage your anonymous account, track your usage and credits
• Retention: While your account is active and as needed to provide Services
• Sharing: Service providers as described below

User Content (including images)
• What: Photos, videos, text, and other content you upload for features like AI sticker generation. These files may contain faces
• Use: Provide requested features (e.g., generate/edit/re-download stickers), maintain your in-app library
• Retention: See Section 4 (Face Data & Images)
• Sharing: Third-party AI processors for generation only (see Section 4.6)

Communications (if you contact us)
• What: Support messages sent through app or email, feedback
• Use: Support, troubleshooting, service improvement
• Retention: See Section 6
• Note: We do not collect email addresses unless you directly contact us for support

1.2 Information Collected Automatically

Usage Data
• What: Feature interactions, session events
• Use: Operate, secure, and improve the Services
• Retention: See Section 6

Technical Data
• What: Device model, OS/app version, IP address, device identifiers
• Use: Performance, compatibility, security, fraud prevention
• Retention: See Section 6

Logs & Crash Reports
• What: App/server logs for reliability and security
• Note: We do not log raw image files
• Retention: See Section 6

Aggregated/De-identified Data
We may aggregate/de-identify data for analytics and product improvement. Aggregated/de-identified data is not considered personal information.

2. How We Use Information

We process information to:
• Provide and maintain the Services
• Fulfill your requests (e.g., generate stickers)
• Secure, debug, and prevent abuse
• Respond to support requests (only if you contact us)
• Analyze and improve features
• Comply with law and enforce our terms

Important commitments:
• We do NOT collect personal identifying information (names, emails, etc.) through normal app use
• We do NOT sell personal information
• We do NOT use your content to train our models or third-party models unless you separately opt in (off by default)
• We do NOT create biometric identifiers/templates for identification
• We do NOT send marketing communications since we don't collect contact information

3. Legal Bases (GDPR)

For EU/EEA users, processing is based on:
• Contract: To deliver the Services
• Legitimate Interests: Security, fraud prevention, service improvement
• Consent: Where required (e.g., certain analytics/marketing)
• Legal Obligation: When required by law

4. Face Data & Images

4.1 What We Mean by "Face Data"

"Face Data" includes images or video that may contain a person's face and any transient facial landmarks our software infers only to place effects.

IMPORTANT: FACE DATA IS NOT RETAINED. We do NOT create, store, or retain biometric identifiers, templates, or facial recognition data for identification purposes.

4.2 Why We Process Images That May Contain Faces

• To provide the features you request (e.g., apply effects and generate stickers)
• To allow re-edits/re-downloads
• To maintain your in-app library

4.3 Where and How Images Are Stored

• Storage: User images are stored in Firebase Storage in a project we control
• Access Controls: Images are private to your account and protected by authentication and Firebase Security Rules
• Internal Access: Limited to authorized personnel to resolve support requests you initiate or to comply with law

4.4 Retention & Deletion of Images (including those with faces)

• Retention Rule: We retain your images until you delete them in-app or delete your account, or until your account is inactive for 12 months
• Inactivity Cleanup: Inactive accounts and associated data may be deleted after 12 months of inactivity
• Backups: After deletion from active storage, routine backups purge within 30 days
• Important: Deleting the app from your device does NOT delete cloud-stored content. Use Settings → Delete Account to remove cloud data

4.5 Face Data Processing & Retention Policy

Face Data Retention: NONE - Face data is NOT retained by our services.

• Processing Only: During sticker generation, we may momentarily infer facial landmarks (e.g., eye/mouth positions) only to place artistic effects • No Storage: These facial landmarks are immediately discarded and NOT stored after processing completes
• No Retention: No face data, facial features, or biometric information is retained beyond the active processing session • Processing Duration: Face data processing occurs only during active sticker generation (typically 30-120 seconds maximum) • Automatic Deletion: All face data is automatically and permanently deleted immediately upon processing completion

Why We Process Face Data (Temporarily): • To create accurate artistic transformations and cartoon-style stickers • To apply visual effects and filters to faces in images • To improve the quality and accuracy of generated stickers • Essential for core functionality of AI sticker creation service

Length of Face Data Processing: Face data exists only during active processing (30-120 seconds maximum) and is immediately deleted upon completion.

4.6 Third-Party Face Data Sharing & Processing

Why We Share Face Data with Third Parties: We send images containing faces to AI providers solely to fulfill your sticker generation requests. No other use is permitted.

Third Parties We Share Face Data With:

OpenAI (GPT-4 Vision API) • Face Data Shared: Images containing faces for artistic transformation only • Third-Party Face Data Storage: OpenAI does NOT store face data beyond processing. API inputs/outputs may be kept in secure logs for up to 30 days for abuse prevention only • Why They Store: Abuse prevention and safety monitoring only
• Storage Duration: Up to 30 days maximum in secure logs • Face Data Use: Artistic transformation only - NO identification, recognition, or profiling • Deletion: Face data automatically deleted after processing; log data purged after 30 days

Google Gemini (Vision API)
• Face Data Shared: Images containing faces for sticker generation only • Third-Party Face Data Storage: Google does NOT store face data for identification. Quality review: authorized human reviewers may read inputs/outputs for safety • Why They Store: Quality assurance and safety monitoring • Storage Duration: Temporary processing only - no long-term face data storage • Face Data Use: Artistic generation only - NO identification, recognition, or profiling
• Deletion: Face data deleted immediately after processing completion

Replicate (API) • Face Data Shared: Images containing faces for artistic effects only • Third-Party Face Data Storage: Replicate does NOT store face data beyond processing • Why They Store: Active processing only • Storage Duration: Inputs/outputs automatically deleted ~1 hour after completion • Face Data Use: Artistic transformation only - NO identification, recognition, or profiling • Deletion: Automatic deletion within 1 hour of processing completion

Fal.ai • Face Data Shared: Images containing faces for artistic generation only
• Third-Party Face Data Storage: Fal.ai does NOT store face data for identification purposes • Why They Store: Active processing and temporary file generation only • Storage Duration: Generated files may persist briefly per provider policy (typically hours) • Face Data Use: Artistic generation only - NO identification, recognition, or profiling • Deletion: Generated files deleted per provider retention policy

Important Third-Party Commitments: • All AI providers are contractually prohibited from using face data for biometric identification • No face data is used for targeted advertising or user profiling • All providers must delete face data immediately after processing (except brief retention for abuse prevention as noted) • Processing occurs in secure, isolated environments • We will update this Policy when processors change and notify you of material changes

4.7 Your Controls for Images/Face Data

• Delete Items: Remove individual images anytime in the app
• Delete Account: Delete your account (and associated cloud content) via Settings → Delete Account
• Support Deletion: Email us to request deletion; we verify identity and delete qualifying data within 30 days

5. Information Sharing

We share information only as described:

Service Providers

• Cloud hosting: Firebase, Google Cloud
• Analytics: Firebase Analytics (anonymous usage data only)
• Payments: RevenueCat, Apple App Store, Google Play Store
• Crash reporting: Firebase Crashlytics (no personal data)
• AI processors: See Section 4.6 for image generation providers

Providers act under contract and may process data in various countries.

Legal Compliance

To comply with law, respond to lawful requests, or protect rights, safety, and property.

Business Transfers

In a merger, acquisition, or asset sale, data may transfer subject to this Policy.

We do NOT allow providers to use your images for biometric identification or targeted advertising.

6. Data Retention (Summary)

• Images (raw files that may contain faces): Until deletion by you or 12 months of inactivity; backups purge within 30 days
• Face Data (extracted features/landmarks): NOT RETAINED - immediately deleted after processing
• Account Data (Anonymous ID): While your account is active; deleted upon account deletion
• Contact Data (Support only): Only if you contact us - retained per support retention policy
• Communications/Support: Up to 24 months after resolution
• Usage/Analytics (aggregated): Up to 5 years
• Logs/Diagnostics (no raw images): Up to 36 months
• Marketing Data: Not applicable - we do not collect contact information for marketing

7. Your Rights & Choices

Since we collect minimal personal data (anonymous user ID only), most traditional data rights have limited application. However, you still have:

• Account Deletion: Delete your account and associated data anytime via Settings → Delete Account
• Data Access: Contact us to request information about data associated with your anonymous account
• Content Control: Delete individual stickers/images anytime in the app
• Analytics: Limited analytics data collection (anonymous usage patterns only)

EU/EEA residents may contact their local supervisory authority.
California residents may exercise rights under the CCPA/CPRA.

Note: Since we don't collect names, emails, or contact information, traditional rights like "data portability" or "marketing opt-out" don't apply to normal app usage.

8. Children's Privacy

The Services are not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child provided information, contact us and we will delete it.

9. International Data Transfers

We may process data outside your country of residence. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses).

10. App Tracking Transparency (iOS)

We request App Tracking Transparency (ATT) permission only if we collect data in the app and share it with other companies for cross-app/website tracking. You can change this setting in iOS anytime. Analytics that do not involve cross-app tracking do not require ATT.

11. Changes to This Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will notify you of material changes via in-app notice, email, or website posting. The "Effective Date" above shows the latest revision. Continued use after changes means you accept the updated Policy.

12. Contact Us

Email: support@onatcipli.dev
Support & Website: https://onatcipli.dev/contact

For data subject requests, write "Privacy Request" in the subject line and include the email associated with your account.

13. Cookie Policy (Web Version)

• We use essential cookies for functionality
• Analytics cookies only with consent
• Manage cookie preferences in your browser settings or our cookie banner (where available)

14. Third-Party Links

Our Services may contain links to third-party sites. Their privacy practices are not covered by this Policy; please review their policies.

15. Data Protection Rights Contact

To exercise your rights or file a complaint:
• Contact us using the information above
• EU users may contact their local data protection authority
• California residents may contact the California Attorney General

16. Data Security

We implement appropriate technical and organizational measures:
• Encryption in transit (TLS/SSL) and at rest
• Regular security reviews and vulnerability remediation
• Limited access controls and authentication
• Automatic deletion of temporary data
• Secure processing environments for AI operations

17. User Consent and Agreement

By using our Services, you agree to this Policy.

Key commitments:
• We collect MINIMAL data - only anonymous user ID, no personal contact information
• We do NOT sell your personal information
• We do NOT use your content to train AI models unless you give separate, explicit opt-in
• We do NOT create biometric identifiers for identification
• You can delete your account and data anytime (see Section 18)

If you do not agree to these terms, please do not use our Services.

18. Data Control and Account Deletion

You have full control over your data:
• Delete Account: Settings → Delete Account removes all your data
• Delete Content: Remove individual stickers/images anytime in the app
• Contact Us: support@onatcipli.dev for data requests (include your anonymous user ID)
• Device Settings: Control app permissions in your device settings

Note: Since we only collect anonymous usage data, withdrawing consent means deleting your account.

Last Reviewed: September 4, 2025
Version: 2.1