Privacy Policy
Last updated:
Effective Date: March 7, 2026
Controller: Onat Cipli, trading as App House (“we,” “our,” or “us”)
This Privacy Policy describes how we collect, use, disclose, and protect your information when you use any of our mobile applications (collectively, the “Apps”) and our website at apphouse.co (the “Website”). If anything here conflicts with an in-app notice for a specific feature, the in-app notice controls for that feature.
This policy covers all apps published under the App House name on the Apple App Store, including but not limited to: WaveMix, Progress Snapshot, Zuppo, ReviewCat, Hashtag AI, Days Countdown, Chat Video, AI Tattoo Generator, WhatsAnalyzer, AI Homework, Scratch It, and FutureMinds, as well as any future apps we publish.
1. Information We Collect
1.1 Information You Provide
- User-generated content: Photos, images, text, files, or other content you provide within our Apps for processing (e.g., photos for AI tattoo generation, chat exports for analysis, homework questions for solving). Files may contain faces.
- Contact information: If you contact us via email or support channels.
- Account data: If an App requires sign-in, we may collect your email address and authentication tokens.
1.2 Information Collected Automatically
- Usage data: Feature interactions, session events, and anonymous app usage data via Firebase Analytics.
- Technical data: Device model, operating system version, language, region settings, IP address, and device identifiers.
- Crash reports: Device state, stack traces, and diagnostic data via Firebase Crashlytics to identify and fix bugs. We do not log raw image files in crash reports.
- Approximate location: City/country level via IP address for service optimization and fraud prevention.
- Subscription data: Purchase history and subscription status, managed through RevenueCat.
- Aggregated/de-identified data: We may aggregate or de-identify data for analytics and product improvement.
1.3 Information We Do NOT Collect
- We do not collect or store your precise GPS location.
- We do not collect contacts, call logs, or browsing history.
- We do not sell your personal data to anyone.
2. How We Use Your Information
- Provide, maintain, and improve our Apps and their features.
- Process your requests (e.g., generating AI content, analyzing data, creating soundscapes).
- Manage subscriptions and in-app purchases.
- Diagnose crashes and technical issues.
- Understand how our Apps are used and improve user experience.
- Respond to your inquiries and provide support.
- Secure, debug, and prevent abuse.
- Comply with legal obligations and enforce our terms.
Commitments
- We do not sell personal information.
- We do not use your content to train AI models without your separate, explicit opt-in.
- We do not create biometric identifiers or templates for identification purposes.
3. Legal Bases (EEA/UK)
If you are in the EEA or UK, we process your data on the following legal bases:
- Contract: To deliver the features and services you request.
- Legitimate Interests: Service integrity, security, de-identified analytics, and crash reporting to improve our Apps. Not used for advertising.
- Consent: Required for advertising personalization and non-essential measurement SDKs. Processing starts only after consent and can be withdrawn anytime in your device or app settings.
- Legal Obligation: When required by applicable law.
4. Face Data and Images
4.1 Definition and Approach
“Face Data” includes images or video containing a face and any transient facial landmarks inferred only to place effects or process your request. We do not create, store, or retain biometric identifiers or templates for identification purposes.
4.2 Which Apps Process Face Data
- AI Tattoo Generator: Uses Apple’s on-device Vision framework for face/body detection, then sends images to AI providers for tattoo generation.
- Progress Snapshot: Stores body progress photos locally on your device. Photos may contain faces but are not analyzed for facial features.
- Chat Video: Accesses your camera for video functionality. Video is not stored on our servers.
- Hashtag AI: May process images containing faces to generate relevant hashtags.
4.3 Processing, Storage, and Access
- Purpose: Provide the features you request (e.g., tattoo placement, sticker generation).
- On-device processing: Where possible, face detection and landmark analysis are performed entirely on your device using Apple’s Vision framework. No face data leaves your device for these operations.
- Cloud processing: When an AI-powered feature requires cloud processing, images (which may contain faces) are sent to AI providers only when you actively trigger the feature. See Section 5 for details.
- Storage: Some Apps store user images in Firebase Storage under our control; access is protected by authentication and security rules. Other Apps store images only on your device.
- Internal access: Limited to authorized personnel to resolve support requests you initiate or to comply with law.
4.4 Processing Duration for Landmarks
Facial landmarks (if any) are computed during active processing and immediately discarded once processing completes. No face templates are created or retained.
5. AI and Machine Learning Services
Several of our Apps use third-party AI and machine learning services to provide their core functionality. When you use an AI-powered feature, the input you provide (such as text, images, or prompts) may be sent to external AI providers for processing.
AI Service Providers
| Provider | Purpose | Data Sent |
|---|---|---|
| OpenAI | Text generation, chat, image processing | Text prompts, images (when using vision features) |
| Google AI (Gemini / Vertex AI) | Text generation, image analysis | Text prompts, images |
| Replicate | Image generation, AI model inference | Text prompts, images |
| fal.ai | Image generation, AI model inference | Text prompts, images |
| Anthropic (Claude) | Text generation, analysis, conversation | Text prompts, images (when using vision features) |
Important Notes About AI Processing
- Data is sent to AI providers only when you actively use an AI-powered feature.
- We use API access only. AI providers process your data to return results and do not use your inputs to train their models under their API terms.
- We do not store the content you send to AI providers on our servers. Data is transmitted, processed, and returned in real-time.
- AI providers may temporarily retain request and response data for up to 30 days for abuse monitoring, after which it is deleted.
- We transmit only the minimum data necessary and never share personal information such as names or emails with AI providers.
- Each AI provider has its own privacy policy: OpenAI, Google, Replicate, fal.ai, Anthropic.
6. On-Device Processing
Where possible, our Apps process data entirely on your device:
- WhatsAnalyzer: Chat file analysis is performed entirely on your device. Your chat data is never sent to our servers or any third party.
- WaveMix: Audio mixing and playback happen locally on your device.
- Progress Snapshot: Photos and progress data are stored locally on your device.
- Days Countdown: All countdown data is stored locally on your device.
- AI Tattoo Generator: Face/body detection uses Apple’s on-device Vision framework before any cloud AI processing.
When a feature requires cloud processing (such as AI-powered features), we clearly indicate this within the App, and data is only transmitted when you initiate the action.
7. Third-Party Services
Our Apps use the following third-party services:
| Service | Provider | Purpose | Data Collected |
|---|---|---|---|
| Firebase Analytics | Usage analytics | Anonymous usage data, device info, app events | |
| Firebase Crashlytics | Crash reporting | Crash logs, device state, stack traces (no raw images) | |
| Firebase Auth | User authentication | Email address, authentication tokens | |
| Firebase Firestore | Cloud data storage | App-specific user data (varies by App) | |
| Firebase Storage | File storage | User-uploaded images (select Apps only) | |
| Firebase Cloud Messaging | Push notifications | Device token, notification preferences | |
| RevenueCat | RevenueCat Inc. | Subscription management | Anonymous app user ID, purchase history, subscription status |
| Cloudflare Web Analytics | Cloudflare | Website analytics | Page views, referrers (no cookies, no personal data) |
These services have their own privacy policies: Firebase, RevenueCat, Cloudflare.
8. Advertising and Tracking
8.1 General
Some of our Apps may display advertisements or use tracking technologies to measure the effectiveness of advertising campaigns. When applicable, we may work with the following partners:
| Partner | Purpose | Data Collected |
|---|---|---|
| Google Ads / AdMob | Advertising, attribution | Device identifiers, ad interaction data, conversion events |
| Meta (Facebook/Instagram) Ads | Advertising, attribution | Device identifiers, ad interaction data, conversion events |
| TikTok Ads | Advertising, attribution | Device identifiers, ad interaction data, conversion events |
| Apple Search Ads | Attribution | Attribution token (no personal data shared) |
8.2 EEA/UK Consent
For users in the EEA/UK:
- Advertising and measurement SDKs are disabled by default until you give consent.
- If you do not consent, only strictly necessary processing occurs and any ads shown are non-personalized.
- You can change your consent choices at any time in the App’s settings.
8.3 SDK-Specific Details
- Google Ads / AdMob: May collect device type, operating system, language, and ad-display timestamps. Personalized advertising is disabled until you consent.
- Meta (Facebook) SDK: May receive information about app usage for ad effectiveness. Not initialized until you consent in the EEA/UK.
- TikTok Ads SDK: May collect device identifiers, IP address, coarse location, and app event metadata. Not active until you consent in the EEA/UK.
Some SDK providers may act as independent controllers for advertising/measurement. Review their privacy policies for details.
8.4 App Tracking Transparency (iOS)
On iOS 14.5 and later, Apps that track your activity across other companies’ apps and websites will request your permission through Apple’s App Tracking Transparency framework before doing so. If you decline, we do not enable personalized advertising or related device identifiers. Core app functionality is never affected by your tracking choice.
You can change your tracking preferences at any time in Settings > Privacy & Security > Tracking.
9. Camera and Photo Access
Some Apps request access to your camera or photo library. This access is used solely for the App’s core functionality (e.g., taking photos for AI processing, scanning homework questions, tracking body progress). Photos and images are:
- Processed on-device when possible.
- Sent to AI providers only when you actively trigger an AI feature, as described in Section 5.
- Never collected, stored, or shared by us for any other purpose beyond the feature you requested.
10. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may share information only in these circumstances:
- With third-party service providers as described in Sections 5 and 7, solely to provide App functionality.
- To comply with legal obligations such as a court order, subpoena, or regulatory request.
- To protect rights and safety when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business transfers: In a merger, acquisition, or asset sale, data may transfer subject to this Policy.
We do not allow providers to use your images for biometric identification or targeted advertising unrelated to your choices.
11. Data Retention
We retain data based on the following guidelines:
| Data Type | Retention Period |
|---|---|
| On-device data | Stored on your device; deleted when you delete the App or clear its data |
| User-uploaded images (cloud) | Retained until you request deletion; backups purge within 30 days |
| Anonymous account ID & essential logs | Retained while your account exists and as required for security/compliance |
| Analytics data | Up to 14 months in Firebase (anonymized/aggregated) |
| Crash reports & diagnostics | Up to 90 days (no raw images) |
| AI processing data | Not retained by us; AI providers may temporarily cache for up to 30 days |
| Support communications | Up to 24 months after resolution, unless law requires longer |
| Aggregated/de-identified analytics | Up to 5 years |
To request deletion of any personal data we hold, contact us at hello@apphouse.co with “Privacy Request” in the subject line. We will respond within 30 days.
12. Your Rights
12.1 For All Users
- Access, correct, or delete your personal data.
- Opt out of analytics by disabling analytics in your device settings.
- Delete your account and associated data (where applicable).
12.2 Identity Verification
To protect user data, we verify all data-subject requests before acting. We may ask for your account information or reasonable additional details to confirm your identity.
12.3 European Economic Area / UK (GDPR)
If you are in the EEA or UK, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Request erasure of your data (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time without affecting lawfulness of processing before withdrawal
- Lodge a complaint with your local Data Protection Authority
Our legal basis for processing is your consent (when you use AI features or opt into advertising) and legitimate interest (analytics and crash reporting to improve our Apps).
12.4 California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the sale of personal information. We do not sell your personal information.
- Non-discrimination for exercising your rights.
12.5 Turkiye (KVKK)
For users subject to Law No. 6698 on Personal Data Protection (KVKK), the data controller is Onat Cipli, trading as App House. You may exercise your KVKK rights (access, correction, deletion, restriction, objection, portability where applicable) by contacting hello@apphouse.co. Requests will be evaluated and answered within the legal time limits set by the KVKK.
13. Children’s Privacy
Our Apps are not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hello@apphouse.co and we will promptly delete it.
14. Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS) and at rest, secure API authentication, access controls, and routine security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
15. Personal Data Breach Notification
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected users without undue delay. The notification will include information on the nature of the breach, likely consequences, and measures taken to address it.
16. International Data Transfers
Your data may be processed in countries other than your own, including the United States, where our third-party service providers operate. Where required, we use appropriate safeguards, including EU Standard Contractual Clauses.
17. Automated Processing and Profiling
Some Apps may generate dynamic, in-session suggestions based on your inputs (e.g., AI-generated recommendations). This processing is limited to providing the requested feature in that session and is not used to build a profile about you or to make decisions producing legal or similarly significant effects. These signals are not used for advertising or shared with third parties for advertising.
18. Cookies (Website)
Our website at apphouse.co uses Cloudflare Web Analytics, which does not use cookies and does not collect personal data. If we introduce cookies in the future, we will update this section and provide appropriate consent mechanisms where required.
19. Changes to This Policy
We may update this Privacy Policy to reflect changes to our practices or legal requirements. Material changes will be notified via in-app notice or website posting. The “Effective Date” above shows the latest revision. Your continued use of our Apps after changes constitutes acceptance of the updated Policy.
20. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: hello@apphouse.co
- Website: apphouse.co/contact
For data subject requests, please include “Privacy Request” in the subject line.