Privacy policy.

1. Information We Collect

Information You Provide Directly

• Account Data: When you first use InkCraft, we create an anonymous account using Firebase Authentication. We do not require your name, email address, or phone number to use the app. Your account is identified by a unique anonymous identifier.
• Profile Information: You may optionally set a display nickname, short bio, gender, and profile avatar image. This information is stored on our servers and associated with your anonymous account.
• Photos and Images: You may upload photos of yourself, reference images, and tattoo designs for AI-powered generation features. These images are transmitted to third-party AI service providers for processing.
• Text Input: You may provide text descriptions, prompts, and messages when using the AI generation features and AI chat assistant.
• Voice Input: If you use the voice input feature in the AI chat, your speech is processed on-device using Apple's Speech Recognition framework to convert it to text. The audio itself is processed locally and is not transmitted to our servers.
• Purchase Information: Subscription and credit purchase transactions are processed exclusively through Apple's In-App Purchase system. We do not directly collect or store your payment card details, billing address, or financial account information. We receive transaction confirmations from Apple to credit your account.

Information Collected Automatically

• Usage Data: We collect information about how you interact with the app, including which features you use, generation history (prompts, settings, results), and timestamps of activity.
• Device Information: We may collect device type, operating system version, app version, and device integrity status for security and service improvement purposes.

Information We Do NOT Collect

• We do not collect your real name, email address, phone number, or physical address
• We do not collect location data
• We do not collect contacts or address book information
• We do not use advertising identifiers or serve targeted ads
• We do not use third-party analytics SDKs (such as Google Analytics, Firebase Analytics, or similar)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and deliver the AI generation services (tattoo visualization, image generation, video generation, face editing, AI chat)
• Process your uploaded images and text prompts through AI generation providers to produce results
• Store your generation history so you can review, save, and manage past results
• Manage your account, credit balance, and subscription status
• Validate uploaded images for safety and compliance with our content policies
• Improve, optimize, and develop new features for the Services
• Ensure security, prevent fraud, and detect abuse
• Enforce our Terms of Use and content policies

3. AI Image and Content Processing

We use automated image validation powered by AI to screen uploaded images for safety and content policy compliance before processing. Images that violate our policies are rejected.

We do not use your personal images or prompts to train, fine-tune, or improve AI models. Your content is processed solely to deliver the generation results you request.

4. Data Storage and Retention

Cloud Storage

• Profile Data: Your anonymous user ID, nickname, bio, gender, avatar, credit balance, subscription status, and generation statistics are stored in Google Firebase Cloud Firestore.
• Generation Results: Generated images are stored in Google Firebase Cloud Storage. Generated videos may be stored temporarily for retrieval.
• Generation History: Metadata about your generations (prompts, settings, timestamps, result URLs) is stored in Cloud Firestore.

Local Storage

• Secure Storage: Sensitive data (user ID, credit balance, subscription status) is stored in the iOS Keychain, which provides hardware-level encryption.
• App Storage: Cached images, generation history thumbnails, AI chat conversation history, and app preferences are stored locally within the app sandbox on your device.
• Chat Messages: AI chat conversation history is stored only on your device and is not transmitted to or stored on our servers.

Data Retention

Your data is retained for as long as your account is active. You may delete individual generation history items at any time through the app. You may delete your entire account through the app's settings, which will remove your profile data and generation history from our servers. Locally cached data is removed when you uninstall the app.

5. Third-Party Services

We use the following categories of third-party services to operate the app:

• Google Firebase: Anonymous authentication, Cloud Firestore database, and Cloud Storage for files. Firebase processes your anonymous account data, profile information, and stored generation results. Firebase Privacy Information
• Apple StoreKit: Processes all In-App Purchases and subscription transactions. Apple handles all payment processing. Apple Privacy Policy
• AI Generation Providers: Third-party AI services process your uploaded images and text prompts to generate tattoo previews, images, videos, and chat responses. These providers receive only the content necessary to perform the generation and are contractually required to process data solely for the purpose of delivering results.
• Cloudflare: Hosts our backend API infrastructure and provides security, rate limiting, and DDoS protection. Cloudflare Privacy Policy
• Apple Speech Recognition: Voice input is processed on-device using Apple's Speech framework. Audio data is handled by Apple's on-device speech recognition and is subject to Apple's Privacy Policy.
• Pinterest (Marketing Use Only): InkCraft operates a single, first-party Pinterest business account that publishes tattoo-design pins linking back to inkcraftapp.com. This integration uses Pinterest's official Content Publishing API (v5) via OAuth 2.0 with the "boards:read", "boards:write", "pins:read", "pins:write", and "user_accounts:read" scopes — authorising only our own Pinterest account. OAuth access and refresh tokens are stored server-side in environment variables on infrastructure we operate; we do not collect, store, or transmit any other Pinterest user's data, credentials, or session information. No iOS app user data is shared with Pinterest. Pinterest Privacy Policy

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

• AI Processing: Your uploaded images and text prompts are shared with AI service providers solely for the purpose of generating the content you request.
• Service Providers: We share data with infrastructure providers (Firebase, Cloudflare) solely for the purpose of operating the Services.
• Legal Requirements: We may disclose your information if required by law, legal process, court order, or governmental request.
• Safety: We may share information to protect the safety, rights, or property of InkCraft, our users, or the public, including to detect and prevent fraud or abuse.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify users of any such change.

7. Your Rights and Choices

All Users

• Delete Generation History: You can delete individual generation results at any time through the app.
• Delete Your Account: You can permanently delete your account and all associated data through the app's Settings screen. This action is irreversible.
• Manage Subscriptions: You can manage or cancel subscriptions through your Apple ID Account Settings.
• Clear Chat History: You can clear your AI chat conversation history at any time within the app.

European Economic Area (EEA) / UK Residents — GDPR Rights

If you are located in the EEA or UK, you have the following additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data (also available via in-app account deletion).
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to our processing of your personal data.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Our legal bases for processing your data include: performance of a contract (providing the Services), legitimate interests (security, fraud prevention, service improvement), and consent (where applicable).

California Residents — CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information we collect: identifiers (anonymous user ID), internet activity (usage data, generation history), and audio/visual information (uploaded images). We do not collect Social Security numbers, financial account numbers, or precise geolocation.

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within 30 days (or as required by applicable law).

8. Children's Privacy

The Services are not intended for children under the age of 13 (or the applicable minimum age of digital consent in your jurisdiction, such as 16 in some EU member states). We do not knowingly collect personal information from children under these age thresholds.

If we become aware that we have collected personal information from a child below the applicable age, we will take prompt steps to delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• All data transmission is encrypted using HTTPS/TLS
• Sensitive local data is stored in the iOS Keychain with hardware-level encryption
• Cloud storage is protected by Firebase's built-in access controls and security rules
• Our backend API uses authentication tokens, rate limiting, and request validation
• Device integrity verification (Apple DeviceCheck) is used to prevent abuse

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws that differ from those in your country.

Where required by law (such as for transfers from the EEA), we rely on appropriate safeguards including standard contractual clauses and adequacy decisions to ensure your data is protected.

By using the Services, you acknowledge and consent to the transfer of your information to these countries.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this policy and, where appropriate, by providing notice within the app. Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:

InkCraft
Email: [email protected]