Privacy Policy

Privacy Policy

Effective Date: September 4, 2025
Controller: Onat Çipli ("we", "us", "our")

This Privacy Policy describes how we collect, use, disclose, and protect information when you use our mobile applications, web applications, and related services (collectively, the "Services").

Important: If anything here conflicts with an in-app notice for a specific feature, the in-app notice controls for that feature.

1. Information We Collect

1.1 Information You Provide

Account Data (Anonymous Only)
What: Anonymous Firebase user identifier only - we do NOT collect names, email addresses, or personal contact information
Use: Create/manage your anonymous account, track your usage and credits
Retention: While your account is active and as needed to provide Services
Sharing: Service providers as described below

User Content (including images)
What: Photos, videos, text, and other content you upload for features like AI sticker generation. These files may contain faces
Use: Provide requested features (e.g., generate/edit/re-download stickers), maintain your in-app library
Retention: See Section 4 (Face Data & Images)
Sharing: Third-party AI processors for generation only (see Section 4.6)

Communications (if you contact us)
What: Support messages sent through app or email, feedback
Use: Support, troubleshooting, service improvement
Retention: See Section 6
Note: We do not collect email addresses unless you directly contact us for support

1.2 Information Collected Automatically

Usage Data
What: Feature interactions, session events
Use: Operate, secure, and improve the Services
Retention: See Section 6

Technical Data
What: Device model, OS/app version, IP address, device identifiers
Use: Performance, compatibility, security, fraud prevention
Retention: See Section 6

Logs & Crash Reports
What: App/server logs for reliability and security
Note: We do not log raw image files
Retention: See Section 6

Aggregated/De-identified Data
We may aggregate/de-identify data for analytics and product improvement. Aggregated/de-identified data is not considered personal information.

2. How We Use Information

We process information to:
• Provide and maintain the Services
• Fulfill your requests (e.g., generate stickers)
• Secure, debug, and prevent abuse
• Respond to support requests (only if you contact us)
• Analyze and improve features
• Comply with law and enforce our terms

Important commitments:
• We do NOT collect personal identifying information (names, emails, etc.) through normal app use
• We do NOT sell personal information
• We do NOT use your content to train our models or third-party models unless you separately opt in (off by default)
• We do NOT create biometric identifiers/templates for identification
• We do NOT send marketing communications since we don't collect contact information

3. Legal Bases (GDPR)

For EU/EEA users, processing is based on:
Contract: To deliver the Services
Legitimate Interests: Security, fraud prevention, service improvement
Consent: Where required (e.g., certain analytics/marketing)
Legal Obligation: When required by law

4. Face Data & Images

4.1 What We Mean by "Face Data"

"Face Data" includes images or video that may contain a person's face and any transient facial landmarks our software infers only to place effects.

IMPORTANT: FACE DATA IS NOT RETAINED. We do NOT create, store, or retain biometric identifiers, templates, or facial recognition data for identification purposes.

4.2 Why We Process Images That May Contain Faces

• To provide the features you request (e.g., apply effects and generate stickers)
• To allow re-edits/re-downloads
• To maintain your in-app library

4.3 Where and How Images Are Stored

Storage: User images are stored in Firebase Storage in a project we control
Access Controls: Images are private to your account and protected by authentication and Firebase Security Rules
Internal Access: Limited to authorized personnel to resolve support requests you initiate or to comply with law

4.4 Retention & Deletion of Images (including those with faces)

Retention Rule: We retain your images until you delete them in-app or delete your account, or until your account is inactive for 12 months
Inactivity Cleanup: Inactive accounts and associated data may be deleted after 12 months of inactivity
Backups: After deletion from active storage, routine backups purge within 30 days
Important: Deleting the app from your device does NOT delete cloud-stored content. Use Settings → Delete Account to remove cloud data

4.5 Face Data Processing & Retention Policy

Face Data Retention: NONE - Face data is NOT retained by our services.

Processing Only: During sticker generation, we may momentarily infer facial landmarks (e.g., eye/mouth positions) only to place artistic effects • No Storage: These facial landmarks are immediately discarded and NOT stored after processing completes
No Retention: No face data, facial features, or biometric information is retained beyond the active processing session • Processing Duration: Face data processing occurs only during active sticker generation (typically 30-120 seconds maximum) • Automatic Deletion: All face data is automatically and permanently deleted immediately upon processing completion

Why We Process Face Data (Temporarily): • To create accurate artistic transformations and cartoon-style stickers • To apply visual effects and filters to faces in images • To improve the quality and accuracy of generated stickers • Essential for core functionality of AI sticker creation service

Length of Face Data Processing: Face data exists only during active processing (30-120 seconds maximum) and is immediately deleted upon completion.

4.6 Third-Party Face Data Sharing & Processing

Why We Share Face Data with Third Parties: We send images containing faces to AI providers solely to fulfill your sticker generation requests. No other use is permitted.

Third Parties We Share Face Data With:

OpenAI (GPT-4 Vision API)Face Data Shared: Images containing faces for artistic transformation only • Third-Party Face Data Storage: OpenAI does NOT store face data beyond processing. API inputs/outputs may be kept in secure logs for up to 30 days for abuse prevention only • Why They Store: Abuse prevention and safety monitoring only
Storage Duration: Up to 30 days maximum in secure logs • Face Data Use: Artistic transformation only - NO identification, recognition, or profiling • Deletion: Face data automatically deleted after processing; log data purged after 30 days

Google Gemini (Vision API)
Face Data Shared: Images containing faces for sticker generation only • Third-Party Face Data Storage: Google does NOT store face data for identification. Quality review: authorized human reviewers may read inputs/outputs for safety • Why They Store: Quality assurance and safety monitoring • Storage Duration: Temporary processing only - no long-term face data storage • Face Data Use: Artistic generation only - NO identification, recognition, or profiling
Deletion: Face data deleted immediately after processing completion

Replicate (API)Face Data Shared: Images containing faces for artistic effects only • Third-Party Face Data Storage: Replicate does NOT store face data beyond processing • Why They Store: Active processing only • Storage Duration: Inputs/outputs automatically deleted ~1 hour after completion • Face Data Use: Artistic transformation only - NO identification, recognition, or profiling • Deletion: Automatic deletion within 1 hour of processing completion

Fal.aiFace Data Shared: Images containing faces for artistic generation only
Third-Party Face Data Storage: Fal.ai does NOT store face data for identification purposes • Why They Store: Active processing and temporary file generation only • Storage Duration: Generated files may persist briefly per provider policy (typically hours) • Face Data Use: Artistic generation only - NO identification, recognition, or profiling • Deletion: Generated files deleted per provider retention policy

Important Third-Party Commitments: • All AI providers are contractually prohibited from using face data for biometric identification • No face data is used for targeted advertising or user profiling • All providers must delete face data immediately after processing (except brief retention for abuse prevention as noted) • Processing occurs in secure, isolated environments • We will update this Policy when processors change and notify you of material changes

4.7 Your Controls for Images/Face Data

Delete Items: Remove individual images anytime in the app
Delete Account: Delete your account (and associated cloud content) via Settings → Delete Account
Support Deletion: Email us to request deletion; we verify identity and delete qualifying data within 30 days

5. Information Sharing

We share information only as described:

Service Providers

Cloud hosting: Firebase, Google Cloud
Analytics: Firebase Analytics (anonymous usage data only)
Payments: RevenueCat, Apple App Store, Google Play Store
Crash reporting: Firebase Crashlytics (no personal data)
AI processors: See Section 4.6 for image generation providers

Providers act under contract and may process data in various countries.

Legal Compliance

To comply with law, respond to lawful requests, or protect rights, safety, and property.

Business Transfers

In a merger, acquisition, or asset sale, data may transfer subject to this Policy.

We do NOT allow providers to use your images for biometric identification or targeted advertising.

6. Data Retention (Summary)

Images (raw files that may contain faces): Until deletion by you or 12 months of inactivity; backups purge within 30 days
Face Data (extracted features/landmarks): NOT RETAINED - immediately deleted after processing
Account Data (Anonymous ID): While your account is active; deleted upon account deletion
Contact Data (Support only): Only if you contact us - retained per support retention policy
Communications/Support: Up to 24 months after resolution
Usage/Analytics (aggregated): Up to 5 years
Logs/Diagnostics (no raw images): Up to 36 months
Marketing Data: Not applicable - we do not collect contact information for marketing

7. Your Rights & Choices

Since we collect minimal personal data (anonymous user ID only), most traditional data rights have limited application. However, you still have:

Account Deletion: Delete your account and associated data anytime via Settings → Delete Account
Data Access: Contact us to request information about data associated with your anonymous account
Content Control: Delete individual stickers/images anytime in the app
Analytics: Limited analytics data collection (anonymous usage patterns only)

EU/EEA residents may contact their local supervisory authority.
California residents may exercise rights under the CCPA/CPRA.

Note: Since we don't collect names, emails, or contact information, traditional rights like "data portability" or "marketing opt-out" don't apply to normal app usage.

8. Children's Privacy

The Services are not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child provided information, contact us and we will delete it.

9. International Data Transfers

We may process data outside your country of residence. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses).

10. App Tracking Transparency (iOS)

We request App Tracking Transparency (ATT) permission only if we collect data in the app and share it with other companies for cross-app/website tracking. You can change this setting in iOS anytime. Analytics that do not involve cross-app tracking do not require ATT.

11. Changes to This Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will notify you of material changes via in-app notice, email, or website posting. The "Effective Date" above shows the latest revision. Continued use after changes means you accept the updated Policy.

12. Contact Us

Email: support@onatcipli.dev
Support & Website: https://onatcipli.dev/contact

For data subject requests, write "Privacy Request" in the subject line and include the email associated with your account.

13. Cookie Policy (Web Version)

• We use essential cookies for functionality
• Analytics cookies only with consent
• Manage cookie preferences in your browser settings or our cookie banner (where available)

14. Third-Party Links

Our Services may contain links to third-party sites. Their privacy practices are not covered by this Policy; please review their policies.

15. Data Protection Rights Contact

To exercise your rights or file a complaint:
• Contact us using the information above
• EU users may contact their local data protection authority
• California residents may contact the California Attorney General

16. Data Security

We implement appropriate technical and organizational measures:
• Encryption in transit (TLS/SSL) and at rest
• Regular security reviews and vulnerability remediation
• Limited access controls and authentication
• Automatic deletion of temporary data
• Secure processing environments for AI operations

17. User Consent and Agreement

By using our Services, you agree to this Policy.

Key commitments:
• We collect MINIMAL data - only anonymous user ID, no personal contact information
• We do NOT sell your personal information
• We do NOT use your content to train AI models unless you give separate, explicit opt-in
• We do NOT create biometric identifiers for identification
• You can delete your account and data anytime (see Section 18)

If you do not agree to these terms, please do not use our Services.

18. Data Control and Account Deletion

You have full control over your data:
Delete Account: Settings → Delete Account removes all your data
Delete Content: Remove individual stickers/images anytime in the app
Contact Us: support@onatcipli.dev for data requests (include your anonymous user ID)
Device Settings: Control app permissions in your device settings

Note: Since we only collect anonymous usage data, withdrawing consent means deleting your account.

Last Reviewed: September 4, 2025
Version: 2.1