Privacy Policy

Introduction

This Privacy Policy explains how Makeup App handles information when users use AI-assisted makeup-transfer features. It applies to account access, selected or captured images, generation jobs, generated results, credits, purchases, history, notifications, and settings.

Information we collect

We may process account identifiers, optional email address, authentication state, selected or captured source and reference images, generated result images, generation status, history metadata, credit records, StoreKit verification data, device permission state, notification settings, and operational request logs.

Information we do not collect

This baseline does not collect or use advertising tracking identifiers, IDFA, TikTok attribution data, full photo-library contents, Face ID data, face embeddings, faceprints, face geometry templates, health information, precise location, or AI provider secrets stored in the iOS app.

No advertising tracking

The current baseline does not request App Tracking Transparency permission, does not use IDFA, does not include TikTok or other advertising attribution SDKs, and does not configure SKAdNetwork for ad attribution. If a future version adds advertising or analytics tracking, this policy, the App Store privacy answers, and the iOS privacy manifest must be updated before release.

Photos and generated images

Users choose or take a bare-face source image and a reference makeup image. Original input images are intended for short-term processing. Generated result images are retained so users can view their history.

Camera, photo, and save permissions

Photo selection is initiated by the user through the system photo picker. Camera access is used only when the user chooses to capture a source or reference image. Saving to the photo library is used only when the user chooses to save a generated result.

AI generation provider

The iOS app does not call the AI provider directly. The backend uses uploaded images and necessary generation context to create results through the backend-only generation pipeline. Generated output may not exactly match the reference image or preserve every detail.

How we use information

We use information to authenticate users, protect account-only features, upload selected images, create generation jobs, return results, show history, manage credits, verify StoreKit purchases, refund failed charged generations, prevent abuse, diagnose errors, and support account or billing requests.

Generation completion notifications

Generation may take a few minutes. The app may ask for notification permission to alert the user when a generation completes or fails. Notification payloads should not include photos, image URLs, object keys, prompts, or sensitive account details. The M13 APNs implementation must remain aligned with this boundary.

Third-party processors

Apple supports Sign in with Apple, StoreKit purchases, and App Store distribution. AWS Cognito supports authentication. AWS storage and hosting support the backend and private image storage. The backend AI generation provider supports result creation. This baseline does not include TikTok, ad attribution SDKs, or analytics tracking SDKs.

Your rights and choices

Users can choose whether to upload images, use the camera, save generated results, receive notifications, sign out, or request account deletion after the final deletion flow is available. Users can manage camera, photo, and notification permissions in iOS Settings. StoreKit purchases and cancellations are managed through Apple where applicable.

Children and minors

The app is intended for adult single-person face images. Users should not upload images of minors unless a future release explicitly supports that use case with an appropriate compliance plan. Minors should use the app only with guardian guidance.

Retention and deletion

Original input images are intended for short-term processing. Generated results and history are retained for app functionality. Credit, trial, purchase, and transaction records are retained for integrity, support, and fraud prevention. Final account deletion behavior must be aligned with the release implementation.

App Store Connect follow-ups

Before App Store submission, this draft must be converted into a published privacy policy URL and App Store Connect privacy answers:

• use npm run legal:serve during development to review the local /privacy page;
• publish the final policy at a public URL;
• add that URL to App Store Connect app metadata;
• complete the App Privacy questionnaire using docs/privacy/privacy-data-inventory.md;
• verify the app's Xcode privacy report after final release dependencies are included;
• review this policy with the product/legal owner.

Changes and contact

The final public privacy policy URL, operator name, privacy contact, App Store Connect answers, Xcode privacy report review, and legal review must be completed before App Store submission.