PRIVACY POLICY – Vintage AI

Last Updated: September 18, 2025

IMPORTANT: This Privacy Policy explains how Vintage AI (the “App”), owned and operated by ERAY YAVUZ (“we”, “us”, or “our”), collects, uses, discloses, and protects information when you use the App. By downloading, accessing, or using the App, you consent to the practices described here. If you do not agree, please discontinue use.

  1. WHO WE ARE AND HOW TO CONTACT US

    1.1. Controller. For the purposes of data protection laws, the controller of your personal data is ERAY YAVUZ.

    1.2. Contact. For privacy inquiries or requests, contact: [email protected].

    1.3. Scope. This policy applies to the App and any support channels or websites that link to it. If you obtained the App via Apple’s App Store, Apple’s terms and the Apple Privacy Policy also apply to your App Store account and payments.

  2. INFORMATION WE COLLECT

    2.1. Information You Provide Directly.

    (a) Uploaded Photos. Images you choose to upload to generate a combined Vintage style image. These may include faces or other personal data.

    (b) Account and Authentication. If the App uses anonymous authentication, we may receive a device generated identifier. If you sign in through a provider, we may receive limited profile data as permitted by that provider.

    (c) Purchases. Information about your subscription status and in app purchases as provided by Apple and our subscription provider (for example, RevenueCat), such as active entitlement, product identifiers, and renewal state. We do not receive your full payment card details.

    (d) Support. Information you include in emails or support requests.

2.2. Information Collected Automatically.

(a) Device and Usage. Device model, operating system version, language, time zone, and general usage events such as app opens, feature usage, and error logs.

(b) Identifiers. App specific identifiers used to maintain sessions, manage credits and weekly allowances, and prevent fraud or abuse.

(c) Network and Diagnostics. IP address at the time of a request, timestamps, crash and performance metrics.

2.3. Information from Third Parties.

(a) Apple. App Store purchase receipts, subscription status, and other information necessary to deliver paid features.

(b) RevenueCat. Entitlement state and product information to manage subscriptions and consumable credits.

(c) Firebase. Authentication state, Firestore documents for user credits and history, and Storage object metadata for uploads and outputs.

(d) AI Processing Providers. Status and result metadata from third party AI endpoints that process your images.

  1. HOW WE USE INFORMATION

    3.1. Provide the Service. To operate the App, authenticate users, process uploads, perform AI based generations, maintain your history, and deliver paid features.

    3.2. Improve the App. To monitor performance, fix bugs, and enhance reliability and user experience.

    3.3. Purchases and Entitlements. To verify purchases, manage weekly allowances and credit packs, and handle subscription renewals and restorations.

    3.4. Safety and Integrity. To protect against misuse, fraud, or violations of our Terms, and to enforce policies.

    3.5. Legal Compliance. To comply with applicable laws, tax and accounting requirements, or to respond to lawful requests.

    3.6. Communication. To respond to your support requests and provide important notices about changes to the App or this policy.

  2. LEGAL BASES FOR PROCESSING (EEA, UK, AND SIMILAR JURISDICTIONS)

    4.1. Contract. Processing necessary to perform our contract with you, such as providing generations or subscriptions.

    4.2. Legitimate Interests. Processing to improve the App, maintain security, prevent abuse, and measure performance, provided these interests are not overridden by your rights.

    4.3. Consent. Where required by law, for example when you upload photos or where analytics needs consent. You may withdraw consent at any time by discontinuing the specific feature or contacting us.

    4.4. Legal Obligation. Processing necessary to comply with legal obligations, such as maintaining transaction records.

  3. SHARING AND DISCLOSURE OF INFORMATION

    5.1. Service Providers. We share information with vendors who help us operate the App, including:

    (a) Cloud Hosting and Databases, such as Firebase Auth, Firestore, and Storage, to store accounts, credits, and uploads or outputs.

    (b) Subscription Infrastructure, such as RevenueCat, to manage products and entitlements.

    (c) AI Processing Providers, to transform your images and return outputs.

    (d) Analytics and Diagnostics, to collect performance and crash data.

    5.2. Apple. Purchases and subscriptions are processed by Apple. We receive limited purchase and entitlement information from Apple or via RevenueCat. Your relationship with Apple is governed by Apple’s terms and policies.

    5.3. Legal Requirements. We may disclose information if required by law, regulation, legal process, or governmental request, or to enforce our Terms, protect our rights, or investigate potential violations or security issues.

    5.4. Business Transfers. If we are involved in a merger, acquisition, reorganization, or asset sale, information may be transferred as part of that transaction, subject to this policy.

    5.5. Aggregated and De Identified Data. We may share aggregated or de identified information that cannot reasonably be used to identify you.

  4. DATA RETENTION

    6.1. General Rule. We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including providing the App, complying with legal obligations, and resolving disputes.

    6.2. Uploaded Photos and Outputs. Uploads and outputs may be stored for a limited period to support your History feature and to improve reliability. The App is not a permanent storage service and we may delete content after a reasonable retention window. You can delete local items on your device; server side deletion may occur through in app tools where available or upon request, subject to technical and legal limitations.

    6.3. Purchase and Entitlement Data. Retained as required by law and for financial recordkeeping.

    6.4. Logs and Diagnostics. Retained for a limited duration to improve performance and investigate issues.

  5. SECURITY

    7.1. Measures. We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No system is completely secure and we cannot guarantee absolute security.

    7.2. Your Responsibilities. Keep your device secure and up to date. Do not share account credentials. Use strong device passcodes.

  6. INTERNATIONAL TRANSFERS

    8.1. Global Infrastructure. We may process and store information in multiple countries where our providers operate. These locations may have data protection laws that differ from your jurisdiction.

    8.2. Safeguards. Where required, we use appropriate safeguards for cross border transfers, such as standard contractual clauses, and rely on vendor certifications and contractual commitments.