Nofilt App Privacy Policy

1. Introduction

This Privacy Policy explains how Nofilt ("we", "us" or "our") collects, uses, stores, transfers and protects your information when you use our AI-powered makeup/filter removal services on iOS devices. By using our Services, you acknowledge that you have read, understood and agreed to the collection and use of your information in accordance with this Policy.

We comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other relevant regional regulations.

2. Information We Collect

We adhere to the principle of "data minimization" and only collect information necessary to provide and optimize our Services. We do NOT retain any user data, nor do we collect, store or process any image data (including original images you upload and AI-generated images). The information we collect includes the following categories:

2.1 Account-Related Information

Anonymous identifiers associated with your Apple ID (such as IDFA), which is only collected if you authorize "Allow App to Request Tracking" on your iOS device, and such information is not retained long-term.
We do NOT collect personally identifiable information (PII) such as your real name, phone number, email address or physical address.

2.2 Device Information

Basic device parameters: Device model, iOS system version, and screen resolution, solely for service adaptation.
We do NOT collect sensitive device information such as IMEI, MAC address, or device serial number.

2.3 Service Usage Information

Subscription status: Membership validity period, auto-renewal status, and subscription plan type, solely for service permission verification.
Usage records: Number of AI processing requests initiated during your membership period, solely for service optimization.
We do NOT associate usage records with any personal identifiers or image content, and such information is not retained long-term.

2.4 Payment-Related Information

Payment status: Transaction results (e.g., "paid", "refunded", "payment failed") returned by Apple's In-App Purchase (IAP) system.
We do NOT store any payment card information, bank account details, or other sensitive payment data. All payment processing is handled by Apple, and we only receive non-sensitive transaction status notifications.

3. How We Use Your Information

We use the collected information solely for the following purposes and do not retain it long-term:

To provide core Services: Verify your subscription status and enable you to use AI processing features.
To optimize user experience: Adapt our Services to different iOS device models and system versions, and troubleshoot technical issues.
To maintain service security: Detect and prevent fraudulent activities, such as account sharing with non-family members or unauthorized access.
To comply with legal obligations: Respond to requests from regulatory authorities or comply with applicable laws and regulations.

We will not use your information for any purposes not stated in this Policy without your prior explicit consent.

4. Data Storage and Protection

4.1 Storage Period

We do NOT retain any user data. All collected information is temporarily stored only for the shortest period necessary to achieve the purposes stated in this Policy:

Subscription and usage information is temporarily retained only during your membership period and will be immediately cleared upon termination of your subscription (retained for a maximum of 30 days in special cases to handle refund disputes or legal inquiries).
Anonymous identifiers (such as IDFA) will be immediately deleted if you disable tracking permissions on your device.

4.2 Storage Security

We adopt industry-standard security measures to protect your information from unauthorized access, use, disclosure, modification or destruction, including but not limited to data encryption, access control, and regular security audits.
All temporarily stored information is stored on secure servers that comply with GDPR and CCPA data protection requirements, with access restricted to authorized personnel only.

4.3 Image Data Handling

All image data is only temporarily cached in the local memory of your iOS device during AI processing and will be automatically cleared within 5 minutes after processing is completed.
No image data will be uploaded to our servers, third-party cloud storage, or any other remote location. You have full control over whether to save AI-generated results to your device's local photo album.

5. Data Transfer

5.1 Cross-Border Data Transfer

If it is necessary to transfer information of European Economic Area (EEA) users to countries outside the EU, we will ensure compliance with GDPR Article 48 through the following methods:

Using data centers located in countries/regions recognized by the European Commission as having an "adequacy decision" (e.g., regions certified under the EU-U.S. Data Privacy Framework, Canada).
Signing Standard Contractual Clauses (SCCs) approved by the European Commission with third-party service providers involved in data processing.
Implementing end-to-end encryption for cross-border data transmission and maintaining complete transmission logs to ensure traceability.

5.2 Transfer to Third Parties

We may share your information with the following third parties solely for the purpose of providing Services and in compliance with relevant laws:

Apple Inc.: To process payments through Apple IAP and verify subscription status, in accordance with the Apple Developer Program License Agreement.
Third-party technical service providers: Such as cloud server providers and AI algorithm optimization partners, who are prohibited from using your information for any purposes other than providing technical support to us and are not allowed to retain such information long-term.

We will conduct strict due diligence on third parties and sign data processing agreements to ensure they implement equivalent data protection measures.

6. Your Data Rights

In accordance with GDPR, CCPA, CPRA and other applicable regulations, you have the following rights regarding your information:

6.1 Right to Access

You have the right to request access to the information we temporarily hold about you, including your subscription records and usage statistics. You can submit a request through "Me - Contact Us" in the app. We will provide relevant information in machine-readable formats such as CSV or JSON within one month of receiving your request.

6.2 Right to Correction

If you find that the information we hold is inaccurate or incomplete, you have the right to request correction. Please contact our customer service through "Me - Contact Us" in the app to submit a correction request.

6.3 Right to Erasure ("Right to be Forgotten")

We do NOT retain any user data. If you need to exercise your right to erasure, please initiate a request through "Me - Contact Us" in the app. We will complete the relevant operations within 7 working days of receiving a valid request, except where retention is required by law.

6.4 Right to Object

You have the right to object to the use of your information for AI model training. If you exercise this right, we will immediately stop using your information for such purposes and isolate the relevant data. You can submit an objection request through "Me - Contact Us" in the app.

6.5 Right to Opt-Out of Tracking

You can disable the "Allow Nofilt to Track" permission in your iOS device settings (Settings - Privacy & Security - Tracking), which will prevent us from collecting IDFA or other anonymous identifiers for user behavior analysis. Disabling tracking will not affect your ability to use core Services.

7. Third-Party Services

Our app may contain links to third-party websites or services (such as Apple's Family Sharing). This Policy does not apply to third-party services, and we are not responsible for the privacy practices or content of such third parties. We recommend that you review the privacy policies of these third parties before using their services.

8. Changes to This Policy

We may update this Policy from time to time to reflect changes in laws, regulations, or our service practices. For any material changes, we will notify you through in-app announcements, push notifications, or other reasonable channels at least 14 days in advance. Your continued use of our Services after the updated Policy takes effect will constitute your acceptance of the revised terms.

9. Contact Information

If you have any questions, complaints, or requests regarding this Policy or the processing of your information, please contact us through the following channels:

In-App Customer Service: "Me - Contact Us" (working hours: UTC+1 9:00-18:00 on workdays)
Email: [email protected]

For EU users, you also have the right to lodge a complaint with the relevant data protection authority in your country/region if you believe that our processing of your information violates GDPR.