Privacy Policy

PostAi — AI Photo Generator

We believe your data should remain yours. This document outlines how we protect your privacy.

Last Updated: April 27, 2026

At a Glance

No personal information collected — fully anonymous

Photos used only for AI image generation

Face detection runs entirely on your device

No location tracking, no data selling, anonymous by default

You can delete your data at any time

Data Collection

Photos You Provide

Photos you upload are used only to generate the video or image you request. We share them with named third-party AI providers (Wiro AI, Replicate, and Google Gemini) only after you tap “I Accept” in the in-app AI Data Sharing consent.

What we send: temporary signed URLs to the photos you select, plus the effect identifier and the model parameters you choose.

What we don’t send: your account ID, email, device identifier, photos you didn’t select, or any face landmarks / biometric template.

How we collect: only when you explicitly pick photos from your library or capture them with the camera and tap Generate. No photo is collected without your direct action.

How we use: the AI provider returns the generated output to our backend. The output is stored in your PostAi account on Firebase Storage so you can access it from your library. Inputs and outputs are not used for advertising or model training.

Retention: Wiro, Replicate, and Google Gemini process inputs in-memory for the request and do not retain them long-term (see their policies linked below). Generated outputs remain in your PostAi library until you delete them or delete your account from Settings. Temporary upload files are auto-deleted after 24 hours.

Consent: You can revoke consent any time at Settings → AI Data Sharing. Closing the in-app consent popup without accepting cancels the current generation.

Anonymous Account

No name, email, or personal info collected. A unique anonymous ID links your data.

The app uses anonymous authentication without collecting identification data. A unique identifier links photos, images, and credits without personal identification.

Face Detection (On-Device Only)

The App uses Apple’s on-device Vision framework (VNDetectFaceRectanglesRequest) to determine whether an uploaded photo contains a face.

The detection result is the bounding rectangle of a face. We do not generate, store, or transmit face landmarks, embeddings, FaceID data, depth maps, or any biometric template.

The check runs entirely on your device. The result lives only in memory for the duration of the validation and is discarded immediately afterwards. Face data is never sent to our servers, Wiro, Replicate, Google Gemini, or any other party.

Retention: zero. Nothing is persisted.

Purchases & Payments

If you make in-app purchases (credits or subscriptions), transaction records are managed by Apple and our payment processor.

We do not have access to your payment details such as credit card numbers. We only receive confirmation of purchase status and your credit balance.

Third-Party Services

Google Cloud Services

Account management, cloud storage, database, push notifications, analytics, crash reporting, and performance monitoring.

Wiro AI (Third-Party AI Generation)

Operated by Wiro Bilişim ve Yazılım A.Ş. (api.wiro.ai). When you tap Generate, we send temporary URLs of the photos you selected and the effect parameters you chose. Wiro processes them on their servers and returns the generated output. Wiro does not retain inputs long-term. We confirm Wiro provides privacy commitments comparable to ours. See their policy: wiro.ai/privacy.

Replicate (Third-Party AI Generation)

Operated by Replicate, Inc. (replicate.com). When you tap Generate on an effect routed to Replicate, we send temporary URLs of the photos you selected and the model parameters you chose. Replicate processes them on their servers and returns the generated output. Replicate does not retain inputs long-term. We confirm Replicate provides privacy commitments comparable to ours. See their policy: replicate.com/privacy.

Google Gemini (Third-Party AI Generation)

Operated by Google LLC (generativelanguage.googleapis.com). When you tap Generate on an effect routed to Google Gemini, we send temporary URLs of the photos you selected and the model parameters you chose. Google processes them on their servers and returns the generated output. Google states that data submitted through the Gemini API is not used to train their models. We confirm Google provides privacy commitments comparable to ours. See their policy: policies.google.com/privacy.

Payment Processor

In-app purchase and subscription management.

Apple

App Store purchases and device-level services.

Amplitude (Product Analytics)

In the iOS app, we use Amplitude to understand anonymous product usage and improve features. Only event-level data tied to an anonymous device ID is sent — no personal information, no advertising identifiers (IDFA), and no cross-app tracking.

Google AdMob (Rewarded Ads)

The iOS app offers an optional rewarded-video flow via Google AdMob so users can earn free generation credits by watching short ads (capped at 3 per day, enforced server-side). If you grant iOS App Tracking Transparency permission, AdMob may use your Advertising Identifier (IDFA) to personalize ads; if you decline, only non-personalized contextual ads are shown. Coarse location may be derived from your IP for ad context. You may decline to watch ads at any time — credit packs and a subscription remain available.

Website Analytics (Google Analytics 4)

On postai.app, we use Google Analytics 4 with Consent Mode v2 to measure traffic and referrers (e.g. search engines, ad campaigns). No analytics cookies are set until you accept the cookie banner. If you decline, only cookieless pings are sent for aggregate traffic modeling. IP addresses are anonymized. This applies to the website only — the iOS app does not use GA4.

Security & Storage

Photos and generated images are stored on:

📱
Your Device
In the App's private storage
Cloud Storage
Encrypted at rest and in transit

We use industry-standard security measures to protect your data. However, no method of electronic storage is 100% secure.

Technical & Crash Data

We collect anonymous technical data to improve app stability and performance:

  • Crash reports (device model, OS version, crash logs)
  • Performance metrics (app launch time, network latency)

This data is collected through crash reporting and performance monitoring tools. It does not contain any personal information or photos.

Your Rights

What We Do Not Collect

No name, email, or contact info
No direct camera access
No location data
No cross-app tracking unless you opt in via iOS ATT
We do not sell your data to third parties

Data Retention & Deletion

You can delete your photos at any time from the App's Settings. Generated images can be removed from the Gallery.

Temporary files are automatically deleted after 24 hours. If you stop using the App, your cloud-stored data may be periodically cleaned up after an extended period of inactivity.

Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect information from children under 13.

If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App.

Continued use of the App after changes constitutes acceptance of the updated policy.

Regulatory Compliance

PostAi is designed to comply with applicable data protection regulations. While the App collects minimal data and operates anonymously, we recognize and respect user rights under the following frameworks:

GDPR (EU/EEA) — Under the General Data Protection Regulation, users in the European Union have the right to access, rectify, delete, and port their data. Since PostAi does not collect personal identification data, most GDPR rights are inherently satisfied. You can delete all your data at any time from the App's Settings.

KVKK (Turkey) — Under Turkey's Personal Data Protection Law (KVKK), users have the right to learn whether their personal data is processed, request deletion, and object to automated decisions. PostAi processes only anonymous identifiers and user-uploaded photos. No personal identification data is collected or stored.

For data protection inquiries or to exercise your rights, contact us at support@trypostai.com.

Frequently Asked Questions

Are my photos shared with anyone?

Your photos are only sent to our AI processing service to generate styled images. They are not shared publicly, sold, or used for any other purpose. No other users can see your photos.

Do I need to create an account?

No. The App uses fully anonymous authentication. You do not need to provide an email, name, or any personal information. Everything works automatically.

Does the App use facial recognition?

The App uses Apple's on-device face detection only to check that your photo contains a face. This is not facial recognition — it does not identify who you are. The processing happens entirely on your iPhone, and no facial data leaves your device.

How can I delete my data?

You can delete your photos from Settings > My Photos in the App. Generated images can be removed from the Gallery. If you uninstall the App, cloud data will be automatically cleaned up after a period of inactivity.

Does the App track my location?

No. The App does not request or collect any location data. It also does not use advertising identifiers (IDFA) or track you across other apps.

What happens to my data if I delete the App?

Local data on your device is immediately removed when you delete the App. Cloud-stored data (uploaded photos and generated images) will be automatically cleaned up after an extended period of inactivity.

Is my payment information stored by the App?

No. All payments are processed by Apple through the App Store. We never see or store your credit card number, billing address, or other payment details.

Have questions about our privacy practices?

support@trypostai.com