Privacy Policy

Update Date: May 24, 2023
Effective Date: May 24, 2023

AIPhotor fully respects your privacy. This policy covers the processing of personal data by AIPhotor, which is committed to protecting the privacy of your personal information whilst striving to provide the very best user experience. We want our websites to be safe and enjoyable for everyone.

The operations of AIPhotor are in accordance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018. AIPhotor has made the GDPR a priority, and we are and have always been fully aligned with the regulation’s intended result: the protection of your privacy and personal data.

1. Data Controller and Data Protection Officer

The Data Controller is AIPhotor, based on DigitalOcean, LLC.. For any requests regarding the processing of your personal data, please email us at [email protected].

Our Data Protection Officer can be contacted by sending an email to [email protected] for any requests relating to the processing of your personal data or this Privacy Policy.

2. Categories of Personal Data that We Collect, Purposes and Legal Bases for Our Processing

We process the following categories of personal data, for the purposes and on the legal bases indicated below. Please note that not all of the below information may be deemed personal data in your jurisdiction in all cases.

Purpose	Legal Basis	Categories of Processed Data
a. To enable you to use the app and to provide you with its functionalities, including: edit or enhance your photos show information about the app and your editing or enhancing process	The legal basis for the processing is the performance of our contractual relationship (art. 6(1)(b) of the GDPR).	Identifiers and Internet and network activity information (such as IP address, device model, device type, OS version, device language, device name, country set in the device settings, information about your interactions with the app, and unique identifiers, including IDFA or AAID), and other information necessary to enable you to use the app. The app processes the images you upload, including images of faces contained within images, and the images generated by the app (e.g. enhanced photos). We process these images and certain information about the faces depicted in such images, such as information that estimates the location of parts and areas of the faces (“Facial Data”). Note that in some jurisdictions outside of Europe, Facial Data may be considered biometric data; however, the technologies implemented in the app do not allow neither aim at performing a unique identification or authentication of people in the images, nor is it our intention to train the technologies to do so.
b. To improve our products and services (for example, by conducting statistical analysis or other research activities to optimize our features and provide you with new ones).	The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to improve our products and services.	Identifiers (such as name, social media handle, or email address, when requested), Internet and network activity information (such as IP address), and information collected or generated to improve the app’s functionalities (such as device language, information about your interactions with the app, inferences we generate and other related information about your usage of the app).
c. To ensure the quality and the proper functioning of the services by analyzing, preventing or correcting failures and bugs, illicit use or misuse of the services.	The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to ensure the quality and the proper functioning of the services.	Identifiers, Internet and network activity information (such as IP address, device model, device type, OS version, crash and error logs), inferences we generate, images uploaded by you, and other related information about your usage of the app.
d. To comply with our legal obligations, including requests from public authorities.	The legal basis for the processing is compliance with legal obligations to which we are subject (art. 6(1)(c) of the GDPR).	Any information which may be required by law or under the instructions of public authorities.
e. To process and respond to customer support communications and to requests for information you may raise with us.	The legal basis for the processing is the performance of our contractual relationship (art. 6(1)(b) of the GDPR).	Identification and contact information you provide us (such as name, email address) and the content of your communication or request.
f. To establish, exercise or defend our rights and those of our employees, and to carry out corporate transactions or operations (for example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to any such transactions).	The legal basis for the processing is our legitimate interest (art. 6(1)(f) of the GDPR) to establish, exercise or defend our rights and to carry out corporate transactions or operations.	Any information necessary to ensure the performance of these purposes.
g. To analyze your usage information, including your preferences, interests and behaviors when you use our products and services, to: Conduct surveys, statistical analysis or other research activities to improve our products and services Maintain, optimize, and develop new features Find and group users with similar characteristics Advertise our products and services towards more users like you and reach out to inactive users with our ads Measure the effectiveness of our campaigns and make our advertising more relevant Customize information and marketing communications	The legal basis for the processing is our legitimate interest (art. 6(1)(f) of GDPR).	Identifiers (such as name, age or email address, when requested), Internet and network activity information that we collect (such as IDFA or AAID, and IP address), information about your interactions with the app, inferences we generate and other related information about your usage of the app. The IDFA (on iPhone or iPad) and AAID (on Android devices) are unique device identifiers provided by the operating system of your device that allow advertisers to track and identify a user for advertising purposes. To disable this tracking: From iOS and iPadOS 14.5, go to Settings > Privacy > Tracking and tap to turn off or turn on Allow Apps to Request to Track or permission to track for a specific app. On previous iOS or iPadOS versions, go to Settings > Privacy > Advertising and turn on Limit Ad Tracking button. On Android devices, you can go to your device's Settings app or Google Settings app (differs depending on your device) > Services > Ads and turn on Opt out of Ads Personalization.
h. To carry out marketing activities, and send you information and marketing communications about our products and services such as tips, offers, and newsletters through emails and push notifications (only if you grant permission by enabling push notification on your mobile operating system settings).	The legal basis for the processing is your consent (art. 6(1)(a) of the GDPR). Where your consent is not required, for example, where we use your email to send you information about products and services related to or similar to the app (“Soft Opt-In”), the legal basis is our legitimate interest (art. 6(1)(f) of the GDPR).	Identifiers (such as name, email address), Internet and network activity information (such as IP address), information we may receive from third-party advertising networks and platforms (such as unique identifiers, including IDFA or AAID), information about your interactions with the app, inferences we generate and other related information about your usage of the app (such as your responses and your voice in case you take part in our interviews).
i. To share your personal data with third parties and their advertisers to serve personalized ads. You can find more information on how these third parties process your personal data by reading their privacy policies: AdMob’s Privacy Policy Meta Audience’s Privacy Policy Digital Ocean’s Privacy Policy	The legal basis for collecting and processing personal data by means of in-app tracking technologies is your consent (Article 122 of Italian Privacy Code and Article 6(1)(a) of the GDPR).	Identifiers and Internet and network activity information (such as IP address, unique identifiers including IDFA or AAID, crash logs and diagnostic information, performance data such as app launch time, hang rate, or energy usage), information about your interactions with the app, and advertising data (such as advertisements seen), your ad tracking choices and consent to receive personalized ads (if granted), and inferences about your interests and preferences. We may also assign a random code to your device and communicate it to the advertising content providers to ensure that you do not receive the same advertising content several times (please note that each code will only last 24 hours after which a new 24-hours code will be assigned and that, unless you have given your consent under Section 2.j) below, you will not receive personalized content).

3. Data Storage and Protection

Personal data may be processed by both automated and non-automated means and may be stored at our premises and on our service providers’ servers. We adopt technical and organizational measures designed to prevent the loss, improper use and alteration of your personal data. In some cases, we may also adopt data encryption and pseudonymization measures. However, transmissions over the Internet are never 100% secure, and you should not provide any personal data if you want to avoid any risk.

Personal data processed for the purposes referred to in Section 2.a), 2.e), 2.f) and 2.g) will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than 2 years from the termination of the agreement. In particular:

Images you upload, Facial Data processed to enhance, and the enhanced images generated are deleted from our servers after 1 hour.

Except for any legal obligation that sets a longer data retention period, at the end of these periods, the personal data processed will be deleted or anonymized.

4. Your Choices with Regard to the Use of Your Personal Data

It is mandatory for you to provide your personal data for the purposes referred to in Sections 2.a), 2.e), and 2.f). If you do not provide your personal data, you will not be able to enjoy the app’s services and features.

Where we rely on your consent for the purposes referred to in Sections 2.c), 2.i), your provision of personal data is optional, and you have the right to withdraw your consent at any time. If you do not provide your personal data, you will still be able to enjoy the app’s services and features.

Where we rely on our legitimate interest for the purpose referred to in Sections 2.b), 2.c), 2.d), 2.g), 2.h), and 2.i), you may, at any time, exercise your right to object to such processing as explained in Section 7 (Your Rights) below.

You can also manage how you share certain information with us by adjusting the privacy and security settings on your mobile device (such as Limit Ad Tracking or Allow Apps to Request to Track on iOS and iPadOS, or Opt out of Interest-Based Ads or Opt out of Ads Personalization on Android devices). You should refer to the instructions provided by your device’s operating system or its manufacturer to learn how to adjust your settings.

5. Sharing Your Personal Data

We may share or disclose your personal data to the following categories of recipients:

Vendors carrying out activities that are related or instrumental to our business and operational activities as outsourced data processors appointed in writing in accordance with Applicable Privacy Laws, or acting as autonomous data controllers (such as IT or storage service providers, mobile measurement partners, suppliers of mobile marketing services, and advertising networks and platforms such as Google AdMob).
If we carry out a corporate transaction or operation (for example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to any such transactions), your personal data may be disclosed to our advisers and any prospective purchaser's advisers, and may be one of the assets that is transferred to another owner.
Public, judicial or police authorities, within the limits established by applicable laws.

Personal data will not be disclosed for any reason other than those stated above, unless such disclosure is deemed necessary for the fulfillment of a legal obligation or if we request your consent.

Pursuant to Section 2.j), if you give your consent to install tracking technologies, you will allow third parties mentioned therein to collect personal data about you in order to show you customized and personalized advertising. If you want to learn more about their processing activities, please see the third parties’ Privacy Policies linked under Sections 2.j).

6. Transfers of Personal Data Outside the European Economic Area

We may transfer personal data from the European Economic Area (“EEA”), the UK or Switzerland to other countries outside the EEA. Such data transfers are based on appropriate safeguards in accordance with Applicable Privacy Laws, including (a) the standard contractual clauses developed by the European Commission; (b) the decisions of adequacy of the European Commission; or (c) binding corporate rules.

More information on the appropriate warranties are available for consultation by sending an email to [email protected].

7. Your Rights

At any time and free of charge, you can exercise the following rights, as specified and subject to certain limitations and exceptions under Applicable Privacy Laws:

Right of access. You have the right to obtain information about the processing of your personal data and to access it.
Right to rectification. You have the right to ask for the updating, rectification or integration of your personal data.
Right to erasure. You have the right to request the deletion of your personal data.
Right to restriction of processing. You have the right to request the restriction of the processing of your personal data.
Right to data portability. You have the right to obtain a portable electronic copy of your personal data.
Right to object. Where we rely on our legitimate interest to process your personal data, you have the right to object to such processing, wholly or partly, on grounds related to your particular situation. In particular, you are entitled to object to the processing of your personal data for direct marketing purposes, including profiling.
Right to withdraw your consent. Where we or third-parties rely on your consent to process your personal data, you have the right to withdraw your consent, although the processing carried out before your withdrawal of consent will remain valid.

You also have the right to lodge a complaint before the competent national Data Protection Authority, in particular before the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

To exercise your rights, you can submit a request following these steps:

Access the app from your device (if you do not have it on your device any longer, you can download it again and then access it without the need to purchase a subscription).
Long press four fingers on any screen within the app until a menu opens up.
Tap Send a Privacy Request and follow the instructions.
After you have sent your request through Send a Privacy Request, you may uninstall the app if you do not want to use it anymore.

If you have any other questions about privacy or data protection at AIPhotor, you can contact us by sending an email to [email protected]. We may take reasonable steps to verify your identity prior to responding to your request.

8. Children’s Personal Data

The app is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have received personal data from children under the age of 16, please email us at [email protected]. If we learn that a user is under the age of 16, we will take reasonable steps to delete any processed data and close such user’s account.

9. Third-party Websites and Services

The app may include links to other websites or services operated by third parties. The activities described in this Privacy Policy do not apply to data processed by such third-party websites and services. We have no control over, and we are not responsible for, the actions and privacy policies of third parties and other websites and services.

10. Changes to this Privacy Policy

We may modify, integrate or update, in whole or in part, this Privacy Policy, and we will notify users of any modification, integration or update in accordance with Applicable Privacy Laws. If we make modifications, we will notify you by revising the date at the bottom of this Privacy Policy and, under certain circumstances, we may also notify you by additional means such as pop-up or push notifications within the app or our website, or email.

11. Additional Information for California Consumers

This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”).

a) Additional Information Related to Collection, Use, and Disclosure of Personal Information

We collect personal information from several sources: directly from you (for example, when you make purchases within the app or participate in a survey); automatically when you use the app (for example, device information); and from other sources (for example, mobile measurement partners). We also generate inferences about you based on your use of the app and other information we collect.

In the preceding 12 months, we have collected the following categories of personal information: identifiers; internet or other electronic network activity information; characteristics of protected classifications under California or U.S. federal law (such as gender if you participate in a survey); commercial information (such as purchases you make in the app); approximate geolocation information (such as country); audio and visual information (such as photos you share with us); inferences; and other information that relates to or is reasonably capable of being associated with you. For details about the personal information we collect, please see Section 2 (Categories of Personal Data that We Collect, Purposes and Legal Bases for Our Processing) above. We collect personal information for the business and commercial purposes listed in the chart in Section 2 above.

We may share your personal information with the categories of third parties as described in Section 5 above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes: identifiers, internet and electronic network activity information, characteristics of protected classifications under California or U.S. federal law; commercial information; approximate geolocation information; audio and visual information and other information that we have inferred about you or that relates to or is reasonably capable of being associated with you.

We do not sell your personal information. We do allow our advertising partners to collect certain device identifiers and electronic network activity via our app to show ads that are based on your interests. If you prefer to limit this activity, your device may include a feature (such as “Limit Ad Tracking” on iOS, or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through mobile apps used for interest-based advertising purposes.

b) Rights of California Consumers

Subject to certain limitations, the CCPA provides California consumers the right to:

Request more details about the categories and specific pieces of personal information that we process.
Request the deletion of their personal information.
Opt out of “sales” of personal information that may be occurring.
Not to be discriminated against for exercising these rights.

If you’re a California consumer, to exercise these rights, you can submit a request following the steps below:

Access the app from your device (if you do not have it on your device any longer, you can download it again and then access it without the need to purchase a subscription).
Long press four fingers on any screen within the app until a menu opens up.
Tap Send a Privacy Request and follow the instructions.
After you have sent your request through Send a Privacy Request, you may uninstall the app if you don’t want to use it anymore.

If you have any other questions about privacy or data protection at AIPhotor, you can contact us by sending an email to [email protected]. We may take steps to verify your request by asking you to provide information that matches information we have on file about you. California consumers can also designate an authorized agent to exercise these rights on their behalf, but we will require proof that the person is authorized to act on their behalf and may also still ask them to verify their identity with us directly.

12. Additional Disclosures for Illinois Consumers

In accordance with Illinois law, this section provides additional disclosures related to Facial Data. As described in Section 2 above, we do not collect and do not retain Facial Data to enhance your photos. We use cloud storage providers to store Image Data. Any user images uploaded to our server are automatically deleted within 1 hour. As described above, Facial Data may be considered biometric data in some jurisdictions; however, Facial Data is not used for identification or authentication purposes.

Last updated: 24 May 2023