Profylio
Privacy Policy
This Privacy Policy describes how Profylio ("Profylio," "we," "us," or "our") collects, uses, and shares information when you use our mobile application and related services (collectively, the "Service"). By using Profylio, you agree to the practices described in this Policy.
Profylio is operated by [YOUR FULL NAME OR BUSINESS NAME], based in Germany. If you have questions about this Policy or how your data is handled, contact us at profylio.app@gmail.com.
1. Information We Collect
1.1 Information You Provide
- Account information: email address, username, display name, date of birth confirmation (18+).
- Profile information: profile photo, bio, optional external link.
- Photos: face scan images you take or upload for AI analysis.
- User-generated content: posts, comments, direct messages, reports.
- Subscription information: Pro subscription status (handled by Apple In-App Purchase or Google Play Billing — we never see your payment details).
1.2 Information Collected Automatically
- Device information: device model, operating system version, language, time zone.
- Push notification tokens: if you enable notifications.
- Usage data: features used, scan count, app version, crash logs.
- Approximate IP-based region: for leaderboard regional filtering only — we do not store precise location.
1.3 Information from Third Parties
- Apple Sign-In: when you sign in with Apple, we receive your email and name (you can choose to hide your real email).
- Google Sign-In: when you sign in with Google, we receive your email and basic profile info.
2. How We Use Your Information
- To provide and operate the Service (account creation, scanning, leaderboards, messaging).
- To analyze your face scans using AI and return a score and tier.
- To send push notifications you opted into (e.g. streak reminders, social activity).
- To prevent fraud, abuse, and policy violations.
- To improve our AI models and Service quality (using anonymized aggregate data only — we do not train AI models on your individual photos).
- To comply with legal obligations.
3. AI Image Processing
When you take or upload a face scan, the photo is sent in encrypted form to OpenAI via their GPT-4o-mini Vision API for analysis. OpenAI processes the image to return facial harmony metrics and a score. Per OpenAI's API terms, your images are not used to train OpenAI's models and are deleted from OpenAI's servers within 30 days.
The resulting score and any photos you choose to keep are stored on our servers (Supabase). You can delete your scans and photos at any time from within the app.
4. Third-Party Services
We rely on the following third-party providers to operate Profylio. Each has its own privacy policy:
- OpenAI — AI image analysis. Privacy Policy
- Supabase — backend, authentication, and database. Privacy Policy
- Apple Inc. — Sign in with Apple, In-App Purchases. Privacy Policy
- Google LLC — Sign in with Google, Google Play Billing (Android). Privacy Policy
- RevenueCat — subscription management. Privacy Policy
- Expo — push notification delivery. Privacy Policy
5. How We Share Your Information
We do not sell your personal information. We share information only in these limited circumstances:
- With service providers listed above, strictly to operate the Service.
- With other users, when you choose to share publicly (your username, profile, scan posts, leaderboard rank).
- For legal reasons, when required by law, court order, or to protect the rights and safety of users.
- In a business transfer, if Profylio is acquired or merged, your data may be transferred to the new owner under the same protections.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required for legal, fraud prevention, or regulatory purposes (e.g. payment records).
Anonymized aggregate data (e.g. average tier distributions) may be retained indefinitely.
7. Your Rights
7.1 EU/UK Users (GDPR)
If you are in the EU or UK, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to or restrict processing.
- Data portability (receive your data in a structured format).
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
7.2 California Users (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, opt out of any "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising), and not be discriminated against for exercising these rights.
7.3 Exercising Your Rights
To exercise any of these rights, email profylio.app@gmail.com. We respond within 30 days.
8. Children's Privacy
Profylio is intended for users 18 years and older. We do not knowingly collect data from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will delete it.
9. Security
We use industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest, secure authentication, and access controls. However, no method of transmission or storage is 100% secure. You use Profylio at your own risk.
10. International Data Transfers
Your data may be processed in countries outside your home country, including the United States (where OpenAI, Supabase, and our other providers operate). Where required, we use standard contractual clauses and other appropriate safeguards.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. Continued use of Profylio after changes means you accept the updated Policy.
12. Contact Us
For privacy questions, requests, or complaints, email profylio.app@gmail.com.