PRIVACY POLICY

Last updated: October 17, 2024

This privacy notice for ReFaceAI ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Download and use our mobile application (ReFaceAI), or any other application of ours that links to this privacy notice
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@virtuslabs.lol.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
• Do we process any sensitive personal information? We do not process sensitive personal information.
• Do we collect any information from third parties? We do not collect any information from third parties.
• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
• In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.
• How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
• What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
• How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
• Want to learn more about what we do with any information we collect? Review the privacy notice in full.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
6. HOW LONG DO WE KEEP YOUR INFORMATION?
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
8. WHAT ARE YOUR PRIVACY RIGHTS?
9. CONTROLS FOR DO-NOT-TRACK FEATURES
10. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
11. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
12. DO WE MAKE UPDATES TO THIS NOTICE?
13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We do not collect personal information such as names, email addresses, usernames, or passwords.

We do not collect any personal information that can identify you, such as email addresses, usernames, or passwords. Our app uses Firebase Anonymous Authentication, which does not require users to provide any personal information.

Application Data

Face Data: We collect images you upload to our app for the purpose of AI expression editing. These images are processed to enhance or modify facial expressions as per your requests.

Image Data: Only the edited images are stored in your history within our system. The original images you upload are not stored or retained beyond the editing session.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with the law. We do not process any personal information unless we have a valid legal reason to do so.

Face Data Usage

We process the images you upload solely to provide the AI expression editing feature in our app. This includes analyzing and modifying facial expressions in your uploaded images to deliver the editing services you request.

Data Security: All processed images are securely stored in Google Firestore using encryption to protect your privacy and data integrity. We do not retain your original uploaded images once the editing process is complete.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

We rely on the following legal bases to process your personal information:

• Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations.
• Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We do not share your personal information with any third parties.

We do not share your face data or any other personal information with third parties. All image processing and storage occur within our secure servers to ensure your data remains private and protected.

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: We do not offer social media logins and do not collect any information through social media accounts.

Our Services do not provide the option to register or log in using social media accounts. Therefore, we do not have access to any social media profile information.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information only as long as necessary to provide our Services.

• Edited Images: Retained in your account history for as long as your account remains active. You have the option to delete your history at any time, which will remove all stored edited images from our servers.
• No Retention of Original Images: Original images uploaded for editing are not stored or retained beyond the editing session to ensure your privacy and data security.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you may have certain rights regarding your personal information.

You may have rights under certain data protection laws, including the right to:

• Request access to your personal information
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent to our processing of your personal information

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at info@virtuslabs.lol, or by referring to the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

10. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of certain states, you have additional rights regarding your personal information.

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

We have not collected any personal information from users, as our app utilizes Firebase Anonymous Authentication, which does not require users to provide identifiable information.

11. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, you may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act).

This privacy notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

• Offer you the products or services that you want
• Respond to or help with your requests
• Manage your account with us
• Confirm your identity and protect your account

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?" below.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?" below.

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

The Information Regulator (South Africa)
General enquiries: enquiries@inforegulator.org.za
Complaints (complete POPIA/PAIA form 5): PAIAComplaints@inforegulator.org.za & POPIAComplaints@inforegulator.org.za

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this privacy notice. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at info@virtuslabs.lol or contact us by post at:

ReFaceAI
Drujba 2
Sofia, Sofia 1000
Bulgaria

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

To request to review, update, or delete your personal information, please fill out and submit a data subject access request by contacting us at info@virtuslabs.lol.