Privacy Policy

Your privacy is our priority

Last updated: October 2025

1. Controller

Dominik Reif
Waldstraße 14
91091 Großenseebach
Germany
📧 E-mail: support@dreif-ai.com

2. Purpose of this Privacy Policy

This Privacy Policy explains what personal data the GET AI PORTRAIT app ("App") collects, how it is used, and what rights you have under the General Data Protection Regulation (GDPR), the German Telecommunications-Telemedia Data Protection Act (TTDSG), and the EU AI Act (Regulation (EU) 2024/1689).

3. What Data We Process

a) Data Provided by Users

  • Photos: Selfies you upload for AI portrait generation (5-10 photos per session)
  • Biometric Data: Facial landmarks detected via Apple Vision Framework for artistic transformation
  • AI Portraits: Generated portraits saved to your gallery (with your consent)
  • App Settings: Style preferences, notification settings, language
  • Support Inquiries: Email communications for customer support

b) Automatically Collected Data

  • Device Information: Model, iOS version, app version
  • Anonymous Usage Statistics: Features used, session duration, portrait generation counts
  • Crash and Error Reports: Only with your consent via analytics prompt
  • Subscription Status: Premium unlock purchases, active subscriptions

c) Data NOT Collected

  • ❌ Facial recognition profiles or biometric templates
  • ❌ Personal identification from facial features
  • ❌ Location data or GPS coordinates
  • ❌ Contact lists or social media accounts
  • ❌ Browsing history or third-party app usage

4. Purposes and Legal Bases of Processing

PurposeLegal Basis
Provision of the app and AI portrait generationArt. 6(1)(b) GDPR – Contract Performance
Biometric data processing (facial features)Art. 9(2)(a) GDPR – Explicit Consent
Face detection for portrait framingArt. 6(1)(b) GDPR + Art. 9(2)(a) GDPR
Error analysis and crash reportingArt. 6(1)(a) GDPR – Consent
Usage analytics (anonymous)Art. 6(1)(a) GDPR – Consent
Subscription management (RevenueCat)Art. 6(1)(b) GDPR – Contract Performance
AI model improvement (anonymized)Art. 6(1)(f) GDPR – Legitimate Interest
Legal obligations (e.g. accounting, tax)Art. 6(1)(c) GDPR – Legal Obligation

You may withdraw your consent at any time with future effect in the app settings.

5. Third-Party Providers and Data Transfers

The app uses the following services for provision, processing, and analysis:

ServiceProviderPurposeLegal Basis / Safeguards
FirebaseGoogle LLC (USA)Backend functions, job queue, analyticsEU Standard Contractual Clauses + EU-US Data Privacy Framework
ReplicateReplicate Inc. (USA)AI portrait generation (FLUX 1.1 Pro model)Contract performance (Art. 6(1)(b) GDPR), SCC
OpenAIOpenAI Inc. (USA)AI portrait generation (GPT-Image-1 / DALL-E 3)Contract performance (Art. 6(1)(b) GDPR), SCC
Google Vertex AIGoogle LLC (USA)AI portrait generation (Gemini 2.5 Flash image models)Contract performance (Art. 6(1)(b) GDPR), SCC, no training on customer data
Google Cloud StorageGoogle LLC (USA)Temporary image storage during AI processingContract performance (Art. 6(1)(b) GDPR), SCC, EU region (europe-west1)
CloudKitApple Inc. (USA)Portrait gallery sync across devicesContract performance (Art. 6(1)(b) GDPR), Apple privacy
RevenueCatRevenueCat Inc. (USA)Subscription management, App Store integrationContract performance (Art. 6(1)(b) GDPR), SCC

All providers meet GDPR requirements; data transfers are based on Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework.

6. Biometric Data Processing (Art. 9 GDPR)

🔒 We want to be completely transparent about how we handle facial data:

What We Do:

  • ✅ Use Apple Vision Framework to detect faces in uploaded selfies
  • ✅ Extract facial landmarks (eyes, nose, mouth position) for artistic transformation
  • ✅ Process facial features to apply selected artistic styles
  • ✅ Generate AI portraits preserving your identity within artistic interpretation
  • ✅ Delete biometric data immediately after portrait generation completes

What We DON'T Do:

  • ❌ Create or store biometric templates for identification
  • ❌ Use facial recognition to identify individuals
  • ❌ Build facial recognition databases or profiles
  • ❌ Share biometric data with third parties (except AI model providers for processing)
  • ❌ Use facial data for any purpose other than portrait generation

Your Consent:

Before uploading photos, you will be asked to provide explicit consent for biometric data processing. You can withdraw consent at any time by deleting your account and all associated data.

Data Retention:

  • Uploaded selfies: Deleted within 24 hours after processing completes
  • Biometric landmarks: Deleted immediately after portrait generation
  • AI portraits: Stored in your gallery until you delete them

7. Storage and Deletion

  • Local Data: Portraits saved to your device remain exclusively on your device (or synced via CloudKit) until you delete them manually or uninstall the app.
  • Backend Jobs: Job metadata (style, submission time) stored for up to 7 days, then automatically deleted.
  • Uploaded Photos: Deleted from servers within 24 hours after processing completes.
  • Biometric Data: Deleted immediately after portrait generation (< 60 seconds).
  • Subscription Data: Retained as long as subscription is active, deleted 90 days after cancellation.
  • Analytics Data: Anonymized after 90 days at the latest.

You can request immediate deletion of all data at any time. See our Data Deletion page for instructions.

8. AI-Assisted Processing and Transparency (EU AI Act)

Use of AI:

GET AI PORTRAIT uses state-of-the-art AI models (FLUX 1.1 Pro, DALL-E 3, Gemini 2.5 Flash) to transform selfies into artistic portraits across 56+ styles.

Labeling:

All AI-generated portraits are clearly labeled as AI-generated in compliance with the EU AI Act. Watermarked previews include "AI Generated" labels. Full-resolution portraits include metadata indicating AI generation.

No Automated Decision-Making:

There is no profiling or automated scoring pursuant to Art. 22 GDPR. Portrait generation is user-initiated and artistic in nature, not for identification or decision-making.

Data Processing:

Photos are processed in pseudonymized form by AI model providers (Replicate, OpenAI). No permanent storage occurs without your consent. Providers delete processed images after generation completes.

Legal Notes:

  • AI portraits serve as artistic content and entertainment
  • Portraits are NOT suitable for official identification documents
  • You retain full ownership of generated portraits
  • We do not claim copyright over AI-generated content you create

9. Security

We implement industry-standard security measures:

  • TLS Encryption: All data transfers encrypted via HTTPS
  • Secure Storage: Photos encrypted at rest on Firebase Cloud Storage
  • Keychain: API tokens stored securely in iOS Keychain
  • Access Controls: Role-based access restrictions on backend
  • Audit Logs: Backend operations logged for security monitoring
  • Third-Party Audits: All providers meet ISO 27001 or SOC 2 standards

10. Your Rights (GDPR Art. 15-21)

You have the right to:

  • Access (Art. 15 GDPR): Request a copy of all personal data we hold about you
  • Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data
  • Erasure (Art. 17 GDPR): Delete your account and all associated data (see Data Deletion)
  • Restriction (Art. 18 GDPR): Limit processing of your data in certain circumstances
  • Data Portability (Art. 20 GDPR): Export your data in machine-readable format (JSON)
  • Object (Art. 21 GDPR): Object to processing based on legitimate interest
  • Withdraw Consent: Revoke biometric data processing consent at any time
  • Lodge Complaint (Art. 77 GDPR): File complaint with supervisory authority

The competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de

For detailed instructions on exercising your rights, visit our GDPR Rights page.

11. Minors

Age Restrictions:

  • The app is intended for users 18 years or older
  • We do not knowingly process data from minors under 16 (or 18 in certain jurisdictions)
  • We do not process biometric data of minors without explicit parental consent
  • If we discover underage use, we immediately delete all associated data

Parents or guardians who believe their child has provided us with personal information should contact us immediately at privacy@dreif-ai.com.

12. Changes to this Privacy Policy

We may update this Privacy Policy to comply with legal requirements or changes to the app's features. The current version is always available in the app and at getaiportrait.com/privacy.

Significant changes will be announced in-app or via email. Continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact

Questions about data protection or exercising your rights:

General Inquiries:
📧 support@dreif-ai.com

Privacy & Data Protection:
📧 privacy@dreif-ai.com

Data Protection Officer:
📧 dpo@dreif-ai.com

Postal Address:
Dominik Reif
Waldstraße 14
91091 Großenseebach
Germany

End of Privacy Policy

Legal compliance verified: GDPR / TTDSG / BGB / EU AI Act
Apple App Store Guidelines: 5.1.1 & 5.1.2 (Privacy)
Transparency, consent, and labeling requirements fulfilled