Privacy Policy

1. Data Collection and Use

Face Data Collection and Purpose:
• What We Collect: We collect user-submitted photos (“face data”) when you upload them to our app.
• Why We Collect It: The sole purpose of collecting these photos is to train our AI model so that the app can generate images based on your photos. No additional processing, such as facial recognition for personalized filters, is performed on these photos.

Storage and Retention of Face Data:
• The uploaded photos are stored temporarily for the duration required to train our AI model. Specifically, the photos are retained for a maximum of 20 minutes—just long enough to complete the training process—and are automatically deleted immediately after training concludes.
• Important: The original face data used for training is not stored permanently. Only the images generated by the AI model (which are not considered face data) are stored in our database for your access.

Other Data Collected:
• Metadata: We also collect non-identifiable metadata (such as usage logs) to help optimize and improve our service. Metadata is retained only for as long as necessary and then deleted according to our retention schedule.

2. Use of Data for AI Training
• AI Training Process:
We use the uploaded photos exclusively to train our AI model. Once training is complete, the face data is automatically deleted after 20 minutes.
• Technology Employed:
The AI model training is powered by Replicate.com. All input and output data related to the training process is handled according to the temporary retention policy described above.
• Data Hosting:
Data (including the generated images) is hosted on a Xano instance in France, where it is encrypted in transit (TLS 1.2+) and at rest (AES-256). Only the generated images, not the original face data, are stored on our database for ongoing user access.

3. Third-Party Sharing and Transfers

Sharing Face Data with Third Parties:
• Replicate.com:
• Purpose: We share your uploaded photos with Replicate.com solely for the purpose of training our AI model.
• Storage Duration: Face data provided to Replicate.com is stored for no longer than 20 minutes during the training process.
• Deletion: After training, Replicate.com automatically deletes the photos. They are contractually bound to ensure the data is not retained beyond this period or used for any secondary purposes.
• Xano:
• Purpose: Xano hosts our database and stores the generated images (the output of our AI model) for your access.
• Clarification: The original face data used for training is never stored on Xano.

International Data Transfers:
• In cases where data is transferred outside the EEA or Switzerland, we ensure compliance with applicable data protection laws using GDPR-approved mechanisms, such as Standard Contractual Clauses.

4. Security and Confidentiality

We take the security of your data seriously and implement strict technical and organizational measures, including:
• Encryption: Data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
• Access Controls: Access to data is limited to authorized personnel through strict access controls and multi-factor authentication.
• Audits: Regular third-party security assessments are conducted to maintain a secure environment.

5. User Rights

Users have the following rights regarding their personal data:
• Access: You may request a copy of your personal data.
• Rectification: You can request corrections to any inaccurate or incomplete data.
• Deletion: You may delete your face data (subject to the temporary nature of such data) via your account settings or by contacting us at contact@studioshootai.com.
• Portability: You can request your data in JSON or CSV format within 30 days.

To exercise any of these rights, please contact us at:
Email: contact@studioshootai.com

6. Management of Credits/Tokens
• Purchase of Credits/Tokens: Users can purchase credits/tokens to either generate images or to train the AI model. These credits are distinct and must be used according to their designated purpose.
• Expiration of Credits/Tokens: All purchased credits/tokens must be used within two months of the purchase date. Any unused credits/tokens will automatically expire after this period.

7. Policy Updates

We reserve the right to update this Privacy Policy from time to time. Substantial changes—especially those that alter how data is collected or used—will be communicated via email or in-app notifications. We encourage you to review this policy periodically to stay informed about how your data is protected.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: contact@studioshootai.com

By using our app, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.

This updated Privacy Policy addresses Apple’s requirements by clearly stating:
• Why face data is collected (solely for AI model training to generate images).
• How long the face data is stored (20 minutes during training).
• Why and with whom the face data is shared (Replicate.com for AI training, with strict deletion policies, and Xano only for storing generated images).

Ensure that you update your App Privacy section in App Store Connect with a link to this revised policy.