Privacy Policy
Last updated: December 16, 2024
This Privacy Policy describes how Mend ("we", "us", or "our") collects, uses, and shares information about you when you use our mobile application Mend: AI Photo Editor ("App"). We are committed to protecting your privacy and ensuring transparency about our data practices.
Important Notice
We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Your photos and data are used solely to provide the AI photo editing service you requested.
Quick Summary
- We process your photos using third-party AI services to apply effects
- Photos are processed in real-time and not permanently stored on AI servers
- Your generated images are saved to your private gallery
- We do not sell your personal data
- You can delete your account and all data at any time
1. Data Controller
The data controller responsible for your personal data is:
- Name: Lukas Vaičiulis
- Location: Vilnius, Lithuania, European Union
- Email: support@usemend.app
- Website: https://usemend.app
For any questions or concerns regarding this Privacy Policy or our data practices, please contact us at the email address above.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign in with Apple or Google, we receive your email address and display name from these providers. You may also use the App without signing in (guest mode).
- Photos: Photos you select or capture within the App for AI processing.
- Prompts: Text prompts you enter when using certain AI effects (e.g., AI Pranks).
2.2 Information Collected Automatically
- Device Information: Device type, operating system version, and app version.
- Usage Data: Features used, effects applied, and general app interaction patterns.
- Crash Reports: Technical information about app crashes to improve stability.
2.3 Information from Third Parties
- Authentication Providers: Basic profile information from Apple or Google when you choose to sign in.
- Payment Providers: Subscription status from Apple App Store, Google Play Store, or RevenueCat (we do not receive or store your payment card details).
3. How We Use Your Information
We use your information to:
- Provide and operate the App's AI photo transformation features
- Process and deliver your generated images
- Manage your account and subscription
- Store your generated images in your private gallery
- Provide customer support
- Improve the App and develop new features
- Ensure security and prevent fraud or abuse
- Comply with legal obligations
3.1 Legal Basis for Processing (GDPR/LGPD)
We process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing AI photo editing services | Contract Performance - Necessary to provide the service you requested |
| Processing photos with third-party AI | Consent - You explicitly consent before your first AI generation |
| Managing subscriptions and payments | Contract Performance - Necessary to fulfill your subscription |
| Fraud prevention and security | Legitimate Interest - Protecting our service and users |
| Service improvements | Legitimate Interest - Improving user experience (anonymized data only) |
| Legal compliance | Legal Obligation - When required by applicable law |
You may withdraw your consent at any time by deleting your account or contacting us.
4. AI Photo Processing
Important Information About Photo Processing
When you use Mend to transform your photos, your images are sent to third-party AI services for processing. Here's what you need to know:
4.1 Third-Party AI Services
We use the following AI services to process your photos:
| Service | Purpose | Data Processed |
|---|---|---|
| Replicate | Image transformation | Your photos, effect parameters |
| OpenAI | Content moderation, prompt processing | Text prompts, image moderation |
4.2 How Processing Works
- Your photos are uploaded securely to our servers
- Photos are sent to AI services for real-time processing
- AI services process your images and return results
- Original photos are not permanently stored by AI providers
- Generated results are saved to your private Mend gallery
4.3 Content Moderation
We use automated systems to review content for safety. Photos or prompts that violate our guidelines may be rejected. This helps ensure a safe experience for all users.
4.4 Biometric Information
When you upload photos containing faces, this may include biometric data (facial geometry) which is classified as special category data under GDPR Article 9 and may be considered "biometric information" under laws like the Illinois Biometric Information Privacy Act (BIPA).
- Purpose: We process facial data solely to provide the AI photo editing service you requested (applying effects, transformations, etc.)
- Consent: Before your first AI generation, you provide explicit consent to this processing via our in-app consent modal
- Retention: Uploaded photos (including facial data) are automatically deleted within 24 hours. Generated images are retained until you delete them or your account
- Third-Party Processing: Facial data is processed by our AI service providers (Replicate, OpenAI) under data processing agreements
- No Sale: We do not sell, lease, or trade biometric information
By using Mend to process photos containing faces, you acknowledge and consent to this biometric data processing. You may withdraw consent at any time by deleting your account.
5. Data Storage and Retention
5.1 Where We Store Data
Your data is stored on secure servers provided by Supabase, with data centers in the European Union and United States. We implement appropriate security measures to protect your information.
5.2 How Long We Keep Data
| Data Type | Retention Period |
|---|---|
| Account Information | Until you delete your account |
| Generated Images | Until you delete them or your account |
| Original Uploaded Photos | Automatically deleted after 24 hours |
| Usage Analytics | Up to 24 months (anonymized) |
6. Third-Party Services
We work with the following third-party services:
- Supabase: Database, authentication, and file storage
- RevenueCat: Subscription and payment management
- Apple App Store / Google Play Store: App distribution and payments
- Replicate: AI image processing
- OpenAI: Content moderation and text processing
Each of these services has their own privacy policy governing their use of your data.
7. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request restriction of processing
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, please contact us at support@usemend.app.
7.1 Account Deletion
You can delete your account at any time through the App's Settings. This will permanently delete:
- Your account information
- All generated images in your gallery
- Your favorites and preferences
- Your usage history
Note: This will not automatically cancel any active subscription. You must cancel subscriptions through the App Store or Google Play.
8. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with our service providers
- Adequacy decisions where applicable
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments
- Secure cloud infrastructure
10. Age Requirement
Mend is intended for users 17 years of age and older. We chose this age restriction because AI-generated content can be unpredictable and may occasionally produce results unsuitable for younger audiences.
We do not knowingly collect personal information from anyone under 17 years of age. If you are a parent or guardian and believe your child under 17 has provided us with personal information, please contact us immediately at support@usemend.app, and we will delete such information from our systems.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. Your continued use of the App after changes become effective constitutes acceptance of the updated policy.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You can request deletion of your personal information (available via Settings → Delete Account).
- Right to Correct: You can request correction of inaccurate personal information.
- Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Sale of Personal Information
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising. Your photos and data are only shared with our service providers (Replicate, OpenAI) solely to provide the AI photo editing service you requested.
To exercise your California privacy rights, contact us at support@usemend.app or use the in-app account deletion feature.
13. Brazil Privacy Rights (LGPD)
If you are a resident of Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including:
- Confirmation of the existence of data processing
- Access to your data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary data
- Data portability to another service provider
- Deletion of personal data processed with consent
- Information about public and private entities with which we share data
- Information about the possibility of denying consent and the consequences
- Withdrawal of consent
To exercise your LGPD rights, contact us at support@usemend.app.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Data Controller: Lukas Vaičiulis
- Email: support@usemend.app
- Website: https://usemend.app
- Location: Vilnius, Lithuania, European Union
15. Supervisory Authority
If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.