Privacy Policy - DePuff AI

1. Introduction

DePuff AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services. We take your privacy seriously and are committed to being transparent about our data practices.

2. Information We Collect

Facial Images and Biometric Data

We collect the following types of facial data when you use our app:

• Facial photographs: Front-facing images of your face captured through your device camera
• Facial geometry measurements: Derived data points including jawline definition scores, facial symmetry ratios, cheekbone visibility measurements, under-eye puffiness levels, and overall facial bloating assessments
• AI-generated analysis scores: Numerical scores (1-10 scale) for facial definition, jawline prominence, puffiness levels, and bloating reduction progress
• Progress tracking data: Comparative measurements between multiple photos taken over time
• Facial feature coordinates: Temporary geometric data points used during AI analysis (automatically deleted after processing)

Important: We do NOT collect biometric identifiers for identity verification, facial recognition, or authentication purposes. All facial data is collected solely for facial improvement analysis and progress tracking.

Third-Party Processing: Your facial images are shared with Google's Gemini AI service to provide core app functionality including facial analysis, debloating recommendations, and progress tracking. This sharing is essential for the app to function properly. Google processes these images according to their privacy policy and does not retain images after analysis completion.

Personal Information

We may collect personal information such as your name, email address, age, and other demographic information you choose to provide when creating an account or using our services.

Device Information and Identifiers

We collect device and usage information to provide analytics, attribution, and improve our services:

• Device identifiers: IDFA (iOS Identifier for Advertisers), IDFV (iOS Identifier for Vendors), GAID (Google Advertising ID)
• Attribution data: Marketing campaign performance, install sources, and user acquisition metrics
• In-app purchase events: Subscription activations, purchases, revenue data, and transaction details
• App usage analytics: Feature usage patterns, session duration, user engagement metrics

Error Monitoring and Analytics

Sentry Error Monitoring

We use Sentry, a third-party service, to monitor app performance and track crashes to improve app reliability. Sentry collects:

• Error logs and crash reports
• Basic device information (OS version, app version)
• Performance metrics
• Stack traces when errors occur

PostHog Analytics

We use PostHog to understand how users interact with our app to improve the user experience. PostHog collects:

• Feature usage patterns
• App navigation data
• Performance metrics
• Anonymous usage statistics

This data does not include your facial images, personal information, or any content you create in the app. Both services use randomly generated device IDs that cannot identify you personally across app installations.

3. How We Use Your Information

3.1 Detailed Face Data Uses

We use your facial data exclusively for the following purposes:

• AI-Powered Analysis: Process facial images through Google Gemini AI to generate facial definition scores, identify areas for improvement, and track changes over time
• Progress Visualization: Create before/after comparisons and progress charts showing your facial transformation journey
• Personalized Recommendations: Generate customized exercise routines, lifestyle suggestions, and debloating strategies based on your specific facial analysis results
• Feature Enhancement: Improve our AI algorithms and analysis accuracy using anonymized, aggregated data patterns
• Quality Assurance: Ensure our facial analysis technology provides accurate and helpful results

We do NOT use facial data for: Identity verification, facial recognition, advertising targeting, sharing with marketers, creating user profiles for non-app purposes, or any commercial use beyond the core app functionality.

3.2 General Information Uses

• Core Functionality: Provide AI-powered facial analysis and personalized debloating recommendations through Google Gemini
• Track your progress and generate transformation reports
• Improve our AI algorithms and service quality
• Analytics: Analyze app usage patterns through PostHog to enhance user experience
• Error Monitoring: Monitor app performance and crashes through Sentry to ensure reliability
• Send you important updates about our services
• Provide customer support and respond to your inquiries
• Ensure the security and integrity of our services

4. Data Sharing and Third-Party Services

Google Gemini AI - Essential Service Partner

Data Shared: Your facial photographs are transmitted to Google's Gemini AI service for analysis processing. This includes the raw image data and basic metadata (timestamp, image dimensions).

Purpose: Google Gemini processes your images to generate facial analysis scores, identify facial features, and provide recommendations. This processing is essential for our app's core functionality.

Data Handling: Google processes images in real-time and does not store or retain your facial images after analysis completion. Processing typically takes 2-5 seconds per image.

Storage Location: During processing, images are temporarily stored on Google's secure servers (multiple global locations) and are automatically deleted immediately after analysis.

Google's Responsibilities: Google's handling of your data during processing is governed by their privacy policy. Google is contractually prohibited from using your facial data for their own purposes.

AppsFlyer - Attribution and Analytics

Data Shared: Device identifiers (IDFA, IDFV, GAID), app install events, in-app purchase events, and user engagement metrics for marketing attribution and campaign optimization.

Purpose: AppsFlyer helps us understand which marketing campaigns are most effective, track user acquisition costs, and optimize our advertising spend.

Privacy Policy: AppsFlyer Privacy Policy

RevenueCat - Subscription Management

Data Shared: Device identifiers, subscription status, purchase events, revenue data, and user IDs for managing in-app subscriptions and purchases.

Purpose: RevenueCat processes subscription management, handles payment processing, provides subscription analytics, and manages user entitlements.

Privacy Policy: RevenueCat Privacy Policy

Analytics and Monitoring

We use PostHog for product analytics and Sentry for error monitoring. These services receive basic usage data and error logs but do not have access to your facial images or personal identification information.

Other Disclosures

We do not sell, trade, or otherwise transfer your personal information or facial data to any other third parties without your explicit consent, except as described in this policy or as required by law.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption, secure servers, and regular security audits. Your facial images are encrypted during transmission to Google Gemini and are processed securely. We regularly update our security practices to protect against unauthorized access, alteration, disclosure, or destruction of your personal information.

6. Data Retention and Account Deletion

Face Photo Storage: Your original facial photos are stored securely on our servers (Supabase) with end-to-end encryption until you manually delete them or delete your account.

Analysis Data: Facial measurements, scores, and progress data are retained indefinitely for your progress tracking until account deletion.

Temporary Processing: During AI analysis, your images are temporarily stored on Google Gemini servers for 2-5 seconds and are automatically deleted immediately after processing completion.

Account Deletion: When you delete your account, we permanently delete ALL associated data within 30 days, including:

• All facial photographs from our servers
• All analysis scores and measurements
• All progress tracking data
• All personal account information

Individual Photo Deletion: You can delete individual photos at any time through the app, and they will be permanently removed from our servers within 24 hours.

Legal Retention: We do not retain any facial data for legal or compliance purposes beyond what is necessary for app functionality.

7. Your Rights

You have the right to access, update, or delete your personal information and facial data at any time. You can also request a copy of your data or opt out of certain data collection practices. Account deletion will result in the permanent removal of all your images and personal data. To exercise these rights, please contact us at [email protected].

8. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States where Google Gemini services are operated. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you through the app or by email.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

DePuff AI Privacy Team

Email: [email protected]

Response time: Within 48 hours