Privacy Policy
Effective Date: March 8, 2026
EternalFrame ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and related services.
Information We Collect
Account Information
When you create an account, we collect your email address and, optionally, your display name. If you sign in via Apple or Google, we receive a unique identifier and, if you authorize it, your name and email from your authentication provider.
Photos
We collect photos that you voluntarily upload for transformation. These photos are stored in encrypted, private storage buckets with strict per-user access controls.
Transaction Data
When you make purchases, we receive transaction records including purchase history, credit balance, and subscription status. Payments are processed by Apple, Google, and RevenueCat. We do not store credit card numbers or payment credentials.
Usage Data
We collect anonymized data about how you interact with the app, including features used, transformation styles selected, and session duration. We also collect crash reports to improve app stability.
Device Information
We collect basic device information including device type, operating system version, and app version to ensure compatibility and diagnose technical issues.
How We Use Your Information
- Process photo transformations using our AI engine (Google Gemini API)
- Manage your account, credit balance, and subscription status
- Improve app performance, fix bugs, and develop new features
- Send transactional communications such as purchase receipts and account change notifications
- Analyze aggregate, anonymized usage patterns to improve the service
We do NOT sell your personal data to third parties.
We do NOT use your photos for AI model training.
Photo Privacy
We take the privacy of your photos extremely seriously. Many of our users entrust us with precious family memories, and we honor that trust.
- All photos are stored in private, encrypted storage buckets with per-user isolation
- Photo access is only granted via time-limited signed URLs that expire after 1 hour
- Input photos are automatically deleted after 7 days
- Output portraits are retained for 30 days (free tier) or 90 days (paid tier)
- Photos are sent to Google's Gemini API solely for processing. Per Google's API terms, data submitted via the paid API tier is not used for model training
Face Data
EternalFrame uses facial detection as part of the photo transformation process. Here is how we handle face data:
- What we collect: When you upload a photo, we send it to the Google Gemini API to detect whether a human face is present. We do not extract, store, or create facial geometry, faceprints, or biometric identifiers.
- How we use it: Face detection is used solely to verify that a submitted photo contains a face before processing a transformation. No facial recognition or identification is performed.
- Third-party sharing: Photos are sent to the Google Gemini API for face detection and portrait transformation. Per Google's API terms, data submitted via the paid API tier is not used for model training and is not retained after processing.
- Storage: We do not store face data separately from your photos. Photos are stored in encrypted Supabase Storage with per-user isolation.
- Retention: Input photos are automatically deleted after 7 days. Output portraits are retained for 30 days (free tier) or 90 days (paid tier). No face data persists beyond these periods.
Data Sharing
We share your data only with the following service providers, and only to the extent necessary to operate our service:
- Google Gemini API — Photos are sent for AI-powered transformation. Images are processed and not stored or used for training.
- RevenueCat — Manages payment processing and subscription lifecycle. Receives transaction identifiers only.
- Sentry — Receives crash reports and error diagnostics. No photos or personally identifiable information are included in crash reports.
- Mixpanel — Receives anonymized usage analytics to help us understand feature adoption and app performance.
We never sell, rent, or share your personal data for advertising purposes.
Your Rights
- Access — You may request a copy of all personal data we hold about you at any time.
- Deletion — You may delete your account and all associated data. Deletion is completed within 30 days, in compliance with CCPA and GDPR requirements.
- Portability — You may download your transformed portraits at any time while they are available in your account.
Children's Privacy
EternalFrame is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete that information. This policy is in compliance with the Children's Online Privacy Protection Act (COPPA).
Data Security
- All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
- Authentication is handled via industry-standard protocols through Supabase Auth
- Per-user data isolation is enforced at the database level via Row Level Security (RLS) policies
- API keys and secrets are stored in secure, server-side environments and are never included in the client application
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you via email or through an in-app notification at least 14 days before the changes take effect. Your continued use of EternalFrame after the effective date constitutes acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: