Privacy Policy

starryai, Inc.

Privacy Policy

Effective: 15 March 2022 | Last Updated: 26 February 2026

1. Introduction

Your privacy is important to us. It is starryai, Inc.’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including via our app, starryai, and its associated services.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use an app or online service.

In the event our app contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our app.

2. Information We Collect

Information we collect falls into one of two categories: “Voluntarily provided” information and “Automatically collected” information. “Voluntarily provided” information refers to any information you knowingly and actively provide us when using our app and its associated services. “Automatically collected” information refers to any information automatically sent by your device in the course of accessing our app and its associated services.

2.1 Personal Information

We may ask for or collect personal information — for example, when you create an account, submit content, use app features, or contact us — which may include one or more of the following:

Name
Email address
Profile photo
Social media profiles
Billing address
Payment information (processed securely through our third-party payment provider, Stripe)
Face data, including facial geometry, landmark data, photographs containing your face, and processed facial feature data (collected only when you use face-related features and with your explicit permission — see Section 3 for full details)
Images, text prompts, and other content you upload or create within the app

2.2 Log Data

When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage. Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

2.3 Device and Technical Information

We may automatically collect certain information about the device you use to access our app, including your device type, operating system and version, unique device identifiers (such as IDFA or GAID), and mobile network information. This information is used to ensure compatibility, improve app performance, and support analytics and attribution efforts.

2.4 In-App Activity

We collect information related to your activity within the app, including prompts and inputs you provide to generate images, images you create or save, credits usage and purchase history, and subscription and transaction history. This information is used to provide and improve our services and to personalize your experience.

2.5 Third-Party Authentication

If you choose to sign in using a third-party service such as Sign in with Apple or Google, we may receive certain information from those providers, such as your name and email address, in accordance with your privacy settings on those platforms.

2.6 Analytics and Attribution Data

We use third-party analytics and attribution tools (such as Facebook SDK and AppsFlyer) to help us understand how users interact with our app and to measure the effectiveness of our marketing. These tools may collect device identifiers, usage data, and other behavioral information. Please refer to the respective privacy policies of these third-party providers for more information on their data practices.

2.7 User-Generated Content

We consider “user-generated content” to be materials (text, image, and/or video content) voluntarily supplied to us by our users for the purpose of publication on our platform, website, or re-publishing on our social media channels. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be public after posting (and subsequent review or vetting process). Once published, it may be accessible to third parties not covered under this privacy policy.

3. Face Data Collection and Use

starryai, Inc. collects and uses face data as part of certain features within the app. This section explains in full what face data we collect, how we use it, our reasons for storing it, whether it is shared with third parties, where it is stored, and how long it is retained. Before using any feature that collects or processes face data, the app will request your explicit permission. You may choose not to use these features, in which case no face data will be collected.

3.1 What Face Data We Collect

When you use face-related features in the app (such as generating AI images based on your likeness), we may collect the following:

Facial geometry and landmark data derived from images you upload or capture within the app
Photographs or images containing your face that you voluntarily submit
Processed facial feature data generated by our systems for the purpose of image generation

3.2 How We Use Face Data

We use your face data solely for the following purposes:

To enable AI-powered image generation features that incorporate or are based on your likeness
To improve the accuracy and quality of our image generation models

We do not use face data to identify you by name in public, to track your movements, or for any advertising or marketing profiling purposes.

3.3 Reasons for Storing Face Data

We store face data for the following reasons:

To process your AI image generation requests, which requires temporary storage of your uploaded images and derived facial feature data during and after model execution
To deliver the generated output to you and allow you to access your results within the app
To allow you to re-use previously uploaded face data for additional image generation requests without needing to re-upload, improving your experience and reducing processing time
To maintain the integrity of your saved content and account data for as long as your account is active
To comply with legal obligations that may require retention of certain records

3.4 Sharing of Face Data with Third Parties

We do not sell your face data. Face data may be disclosed to third parties only in the following limited circumstances:

To third-party service providers who process data on our behalf (such as cloud computing, storage, and AI model execution providers) and who are contractually prohibited from using it for any other purpose
To comply with a legal obligation, court order, or lawful government request
In the event of a merger, acquisition, or sale of substantially all of our assets, as described in the “Business Transfers” section of this policy

All third-party providers who handle face data are required to apply appropriate security measures consistent with this policy and to provide the same or equal level of protection for face data as described herein.

‍

3.5 Third-Party Processors of Face Data and Their Privacy Practices

To provide AI image generation features, certain data (including images that may contain a user’s face or derived facial feature data) may be processed by the following trusted third-party infrastructure providers. Each provider’s face data storage practices are described below:

Replicate — Used to run machine learning models that generate images based on user inputs and uploaded images. Images or derived feature data may be temporarily processed by Replicate during model execution. Replicate processes images only during model execution and does not retain them after the job completes. Replicate does not store face data beyond the time required to complete the processing request. Face data is processed solely to execute the AI model and return the generated output. Replicate is contractually restricted from using the data for any other purpose.

Data retention: https://replicate.com/docs/topics/predictions/data-retention

Amazon Web Services (AWS) — Used for cloud infrastructure and secure storage required to process user requests and deliver generated images. Images uploaded by users, including images that may contain faces, are stored on servers hosted on AWS. AWS stores face data on our behalf as a cloud infrastructure provider. The data is stored for the duration necessary to process requests and deliver results, and is subject to the retention periods described in Section 3.7 below. AWS stores this data because it provides the underlying server infrastructure on which our application operates. AWS is contractually restricted from using the data for its own purposes.

Cloudflare — Used as a content delivery and performance optimization service. Cloudflare may temporarily cache generated images or processed outputs in order to securely deliver them to the user. Cached content is automatically purged according to Cloudflare’s caching policies, typically within hours to days depending on configuration. Cloudflare temporarily stores this data solely to enable secure and efficient delivery of generated content to the user. Cloudflare is contractually restricted from using the data for identification, advertising, or profiling purposes.

OpenAI — Used as AI infrastructure for certain AI generation features. Prompts, images, and related input data may be transmitted to OpenAI in order to generate AI outputs requested by the user. According to OpenAI’s API data usage policy, data submitted through the API is not used to train models and is retained for up to 30 days for abuse monitoring purposes before being deleted. OpenAI stores this data temporarily for the purposes of processing the request and for abuse and misuse monitoring as described in their privacy policy.

API data controls: https://developers.openai.com/api/docs/guides/your-data/

We do not permit any third-party processor to use face data for identification, advertising, or profiling purposes. All third-party providers are contractually required to provide the same or equal level of protection for face data as described in this policy.

3.6 Storage of Face Data

Face data is stored on secure servers located in the United States and the European Union. We apply industry-standard encryption and access controls to protect face data from unauthorized access, disclosure, or misuse. Access is restricted to personnel who require it to perform their job functions.

3.7 Retention of Face Data

We retain face data only for as long as necessary to fulfill the purposes described above:

Uploaded images containing faces are retained for no longer than 7 days following delivery of the generated output and are then automatically deleted, unless you have saved them to your account
Raw images containing your face that are saved to your account are deleted within 30 days of processing if not actively saved by you
Processed facial feature data is deleted when you remove the relevant content or close your account
Upon account deletion, all face data is permanently deleted within 90 days

It may take up to 90 days to fully complete the deletion process. During this time, your data will not be accessible to other users. Some copies may remain in backup storage and will be cleared in due course. We may also retain certain information where required for legal obligations or harm prevention.

You may request deletion of your face data at any time by contacting us via the “Contact Us” section below.

4. AI Service Data Sharing and User Consent

When you use AI image generation features in the app, the following data may be transmitted to AI infrastructure providers to process your request:

Images uploaded by you
Text prompts entered by you
Derived image features necessary to generate the requested output

This data is transmitted securely and used only to generate the requested output. It is not used to identify individuals or build biometric profiles.

4.1 Disclosure and Consent

Before using features that process images containing faces or other personal data, the app clearly discloses what data will be collected and transmitted, and to whom. The app requests your explicit permission before sending any such data to third-party providers. By choosing to proceed with these features, you consent to the processing of your uploaded images and related data by our AI infrastructure providers for the purpose of generating the requested results. You may decline to use these features at any time, in which case no face data or personal images will be transmitted.

4.2 Third-Party Data Protection Standards

All third-party providers with whom we share personal data, including face data, are contractually required to provide the same or equal level of protection for that data as described in this privacy policy. These providers are prohibited from using the data for any purpose other than performing the services we have engaged them to provide.

5. How We Use Your Information

We only collect and use your personal information when we have a legitimate reason for doing so. We only collect personal information that is reasonably necessary to provide our services to you. We may collect personal information from you when you do any of the following:

Register for an account
Enter any of our competitions, contests, sweepstakes, and surveys
Use a mobile device or web browser to access our content
Contact us via email, social media, or on any similar technologies
When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

To provide you with our app and platform’s core features and services
To enable you to access and use our app, associated platforms, and associated social media channels
To run competitions, sweepstakes, and/or offer additional benefits to you

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources to provide you with an enhanced experience of our app and services.

6. Third-Party Services We Use

We use the following third-party services that may process personal information depending on how you use the app. Each provider processes data only as necessary to perform their services and is contractually restricted from using the data for their own purposes. We confirm that each third-party provider is required to provide the same or equal level of protection for your data as described in this policy.

Amazon Web Services (AWS) — Cloud infrastructure and storage. Privacy policy: https://aws.amazon.com/privacy/
Cloudflare — Security, performance, and content delivery. Privacy policy: https://www.cloudflare.com/privacypolicy/
Google Cloud — Authentication and cloud infrastructure. Privacy policy: https://cloud.google.com/terms/cloud-privacy-notice
OpenAI — AI model infrastructure. Privacy policy: https://openai.com/policies/row-privacy-policy/
Replicate — ML model execution. Privacy policy: https://replicate.com/privacy
Mixpanel — Product analytics. Privacy policy: https://mixpanel.com/legal/app-store-privacy-details/
AppsFlyer — Mobile attribution and marketing analytics. Privacy policy: https://www.appsflyer.com/legal/services-privacy-policy/
Intercom — Customer support and communications. Privacy policy: https://www.intercom.com/legal/data-processing-agreement
Stripe — Payment processing. Privacy policy: https://stripe.com/privacy

We encourage you to review the privacy policies of these third-party providers to understand how they handle your personal information.

7. Disclosure of Personal Information to Third Parties

Service Providers and Business Partners: We share personal information with third-party service providers who assist us in operating our app and delivering our services. This includes IT and infrastructure providers, cloud hosting and storage providers, payment processors, analytics and attribution platforms, error tracking and monitoring tools, marketing and advertising partners, and professional advisors such as lawyers and accountants.

Corporate Transactions: In the event of a merger, acquisition, asset sale, or similar transaction, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Legal and Compliance: We may disclose your information to courts, regulatory authorities, law enforcement agencies, or other third parties where required by law, or where necessary to establish, exercise, or defend our legal rights or those of others.

Affiliates and Related Entities: We may share your information with our parent company, subsidiaries, affiliates, employees, contractors, agents, and business partners where necessary to provide our services or manage our business.

Promotions: If you participate in any competition, sweepstakes, or promotion we run, relevant personal information may be shared with the sponsors or promoters of that promotion.

7.1 We Do Not Sell Your Personal Information

starryai, Inc. does not sell your personal information, including face data, biometric data, or any other category of personal information, to any third party for monetary or other valuable consideration. This applies to all users regardless of location.

8. Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

9. How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

10. International Transfers of Personal Information

The personal information we collect is stored and/or processed in the United States and the European Union, or where we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

11. Use of Cookies

Our privacy policy covers the use of cookies between your device and our servers. A cookie is a small piece of data that an app may store on your device, typically containing a unique identifier that allows the app servers to recognize your device when you use the app, information about your account, session and/or device, additional data that serves the purpose of the cookie, and any self-maintenance information about the cookie itself.

We use cookies to give your device access to core features of our app, to track app usage and performance on your device, to tailor your experience of our app based on your preferences, and to serve advertising to your device. Any communication of cookie data between your device and our servers occurs within a secure environment. Please refer to our Cookie Policy for more information.

12. Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.

13. Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us; however, if you do not, it may affect your use of our app or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you in writing. You also have the right to contact a regulatory body or data protection authority.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication.

14. Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

15. Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here and on our website. If the changes are significant, or if required by applicable law, we will contact you and all our registered users with the new details and links to the updated or changed policy. If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

16. Additional Disclosures for Australian Privacy Act Compliance (AU)

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles. If any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

17. Additional Disclosures for GDPR Compliance (EU)

We, starryai, Inc., are a Data Controller with respect to the personal information you provide to us. We will only collect and use your personal information when we have a legal right to do so, on the following grounds:

Consent: Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time; however, this will not affect any use of your information that has already taken place.
Performance of a Contract: Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to entering into a contract or transaction with you.
Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as to provide, operate, improve, and communicate our services, including research and development, understanding our audience, marketing analysis, and measures taken to protect our legal rights.
Compliance with Law: Where we have a legal obligation to use or keep your personal information, such as court orders, criminal investigations, government requests, and regulatory obligations.

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Under the GDPR, you have the right to: restrict processing of your personal information; object to processing based on our legitimate interests; request a portable copy of your personal information; and request deletion of your personal information. If you terminate or delete your account, we will delete your personal information within 14 days. To exercise any of these rights, please contact us using the details below.

18. Additional Disclosures for California Compliance (US)

In the past 12 months, we have collected the following categories of personal information under the California Consumer Privacy Act (CCPA):

Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account
Audio or visual data, such as photos or videos you share with us or post on the service
Biometric data, such as facial geometry derived from images you submit when using face-related features of the app

If you are a California resident, you have the right to request details about the categories and specific pieces of personal information we have collected, the sources and purposes of collection, the categories of third parties we have shared it with, and whether it was sold or disclosed for a business purpose. You also have the right to request deletion of your personal information. To exercise these rights, please contact us using the details below.

We do not respond to browser “Do Not Track” signals at this time. We may offer financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for our services. Any such incentive will reasonably relate to the value of your personal information and requires your prior opt-in consent, which you may revoke at any time.

If you are a California resident, you also have the right under California’s “Shine the Light” law to request information regarding the manner in which we share certain personal information with third parties for their direct marketing purposes. To make such a request, please include “California Privacy Rights Request” in the first line of your message along with your name and mailing address.

19. Biometric Information Privacy

Certain jurisdictions, including Illinois (under the Biometric Information Privacy Act, or BIPA), Texas (under the Capture or Use of Biometric Identifier Act, or CUBI), and Washington (under its biometric identifier law), impose specific requirements on the collection, use, and storage of biometric data. This section provides additional disclosures to comply with those requirements.

When you use face-related features in the app, we may collect biometric identifiers and biometric information, including facial geometry and landmark data derived from images you upload. We collect this data solely to provide AI-powered image generation features, as described in Section 3 of this policy.

We will not collect, capture, or otherwise obtain your biometric data without first providing you with written notice (including through this policy and in-app disclosures) and obtaining your informed, affirmative consent. By choosing to use face-related features in the app after being presented with these disclosures, you consent to our collection and use of your biometric data as described in this policy.

We do not sell, lease, trade, or otherwise profit from your biometric data. Biometric data may be disclosed only to third-party service providers who process it on our behalf to deliver the requested functionality, as described in Section 3.5, and who are contractually required to protect it in accordance with this policy.

Biometric data is retained only for as long as necessary to fulfill the purposes for which it was collected, as described in Section 3.7. Uploaded images containing biometric data are automatically deleted within 7 days of delivering the generated output, and all biometric data is permanently destroyed within 90 days of account deletion.

You may request deletion of your biometric data at any time by contacting us via the “Contact Us” section below.

20. Limits of Our Policy

Our app may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

21. Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

Mo Khan
https://www.starryai.com/contact

‍