Privacy Policy

Last Updated: November 11, 2025

Phovate AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Phovate AI mobile application (the "App"), which enables businesses to generate creative, professional product photos using artificial intelligence.

        Key Principle: We do not store your uploaded product images or any generated photos after the session ends. No user accounts are required, and no personal data is retained on our servers.
    

1. Information We Collect

We collect only the minimum data required to deliver our AI-powered product photo generation service:

Uploaded Product Images: When you use the App, you upload images of products you wish to feature. These are processed in real-time and deleted immediately after generation.
Generated Output Images: AI-generated product photos are temporarily held in memory during your session and are not stored on our servers or any third-party system.
Device Identifier (Local Only): A unique, anonymous identifier is stored locally on your device to manage credit balance. This is never transmitted to our servers.
Purchase Receipts (via RevenueCat & Apple/Google): In-app purchase data is handled exclusively by Apple App Store or Google Play through RevenueCat. We do not receive or store payment details.

We do NOT collect: names, email addresses, phone numbers, payment information, location data, or any personally identifiable information (PII).

2. How We Use Your Information

The sole purpose of data processing is to generate high-quality product photos:

Images are sent securely to Fal AI for inference using advanced diffusion models.
Workflow orchestration is managed via Supabase Edge Functions and automated through secure pipelines.
Credit consumption is tracked locally on your device; no usage logs are sent to us.
All processing occurs within a secure, ephemeral environment. Data is purged within 5 seconds of job completion.

3. Third-Party Services

Phovate AI integrates with trusted third-party providers under strict data processing agreements:

Fal AI – Provides GPU-accelerated image generation.
fal.ai/privacy
Supabase – Hosts backend functions and authentication-free workflows.
supabase.com/privacy
RevenueCat – Manages in-app subscriptions and purchase validation.
revenuecat.com/privacy

Contractual Obligation: All third parties are required to delete any transmitted data immediately after processing and are prohibited from using it for training or any other purpose.

4. In-App Purchases & Credits

Phovate AI offers credit packs (10, 50, 200, or custom enterprise bundles) via in-app purchase:

Purchases are processed securely by Apple App Store or Google Play.
We never access your payment method, card details, or billing address.
RevenueCat validates receipts server-side but does not share personal data with us.
Use the “Restore Purchases” button to recover credits on a new device.

5. Data Security & Retention

We employ enterprise-grade security measures:

End-to-End Encryption: Images are encrypted in transit (TLS 1.3) and at rest (if temporarily cached).
Zero Retention Policy: No image data persists beyond the active session.
Secure Backend: Supabase Postgres with Row Level Security (RLS); no direct database access.
Regular Audits: Penetration testing and dependency scanning via GitHub Actions.

In the unlikely event of a security incident, we will notify affected users within 72 hours as required by GDPR and CCPA.

6. Your Rights (GDPR, CCPA, and Beyond)

Even with minimal data collection, you retain full control:

Right to Access: Request confirmation of processing (we’ll confirm none is stored).
Right to Deletion: Not applicable — data is auto-deleted.
Right to Opt-Out: Stop using the App at any time.
Non-Discrimination: No penalty for exercising privacy rights.

7. Children’s Privacy (COPPA Compliance)

Phovate AI is intended for business use and not directed to children under 13. We do not knowingly collect data from minors. Any such data discovered will be deleted immediately.

8. International Data Transfers

Data processing may involve transfers to the United States (Fal AI, Supabase). We ensure compliance with:

EU-US Data Privacy Framework (DPF)
Standard Contractual Clauses (SCCs)
Turkish KVKK (Law No. 6698) adequacy requirements

9. Changes to This Policy

We may update this policy to reflect new features or legal requirements. Material changes will be:

Displayed via in-app banner
Sent to your device if email is optionally provided

Continued use after changes constitutes acceptance.

10. Contact Us

For questions, concerns, or support:

Email: tugberktabak@yahoo.com
Response Time: Within 48 hours
Data Protection Officer: Tuğberk Tabak