Privacy Policy
Last updated: October 24, 2025
This Privacy Policy describes how VAR TIM SOFTWARE SRL (“we”, “us”, or “our”) collects, uses, and protects personal information in connection with the mobile application Popshot (“App”).
We are committed to protecting your privacy and handling your data in compliance with applicable laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Apple App Store Review Guidelines.
1. Data Controller
VAR TIM SOFTWARE SRL
Registered Office: Timisoara, Romania
Contact: apps@vladr.com
For purposes of the GDPR, VAR TIM SOFTWARE SRL is the data controller of personal data processed through the App.
2. Information We Collect
We collect and process only the minimum data necessary to operate and improve Popshot.
| Category | Type of Data | Purpose | Storage / Retention |
|---|---|---|---|
| User Photos & Edits | Images uploaded for editing or remixing, prompts, style metadata | To perform AI-powered image editing and remixing features | Temporarily stored on secure cloud servers during processing, then deleted within 90 days of subscription expiry |
| Device & App Information | App version, device model, operating system, usage statistics | To maintain and improve app performance | Anonymous / aggregated |
| Analytics Data | Firebase Analytics, Apple App Store Analytics | To understand usage patterns and improve user experience | Aggregated, anonymized |
| Crash Data | Firebase Crashlytics error logs | To identify and fix app crashes or bugs | Anonymized logs retained for diagnostic purposes |
| Purchase Identifiers | RevenueCat-generated user ID | To manage in-app purchases and restore subscriptions | Retained for as long as necessary to manage billing and purchase history |
Face Data (Landmarks & Masks)
Face Data (Landmarks & Masks): During editing, Popshot may compute non-identifying facial landmarks and segmentation masks from user-provided photos to locate the face region (e.g., boundaries, keypoints) and apply edits precisely. Popshot does not collect or store biometric identifiers or “faceprints,” and does not perform facial recognition or identity verification. These derived data are ephemeral and are not retained after processing is complete.
3. How We Use Your Data
We use collected data to:
- Provide and operate Popshot’s editing and remixing features.
- Process images in the cloud using AI systems.
- Maintain app performance, detect crashes, and resolve bugs.
- Analyze aggregate usage trends through analytics tools.
- Handle in-app purchases and restore entitlements through RevenueCat.
We do not sell, rent, or share personal data with any third party for advertising or marketing purposes.
Face-aware Editing & Alignment
We use ephemeral facial landmarks and segmentation masks solely to: (i) apply edits limited to the face region (e.g., lighting, exposure, red-eye, skin retouch), (ii) generate subject-aware masks for background/scene changes and style remixes, and (iii) align templates/styles while preserving natural facial features. These data are not used for identification, authentication, advertising, profiling, or model training.
4. Cloud Processing
Popshot uses secure cloud-based servers to perform AI processing of images.
Images and related metadata may be temporarily stored during processing and are automatically deleted after the operation completes or within 90 days after a user’s subscription becomes inactive.
All transfers are encrypted in transit and at rest.
Face Data Handling
Popshot performs AI processing on secure cloud infrastructure. Facial landmarks and segmentation masks exist only in memory during processing and are discarded immediately after the operation completes. User photos may be temporarily stored on encrypted cloud storage solely to deliver the requested edit. All transfers and storage are encrypted in transit and at rest.
5. Data Retention
- Uploaded content: deleted within 90 days after subscription expiry.
- Crash and analytics data: retained as aggregate, non-identifiable statistics.
- Purchase and transaction records: retained for accounting and legal compliance as required by applicable law.
Face Data
Facial landmarks and segmentation masks are not retained after processing (typically seconds to minutes). User photos are stored only as needed for processing and are deleted in accordance with this Policy, including within 90 days after a subscription becomes inactive.
6. Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|---|
| Providing the App’s functionality | Performance of a contract (Art. 6(1)(b)) |
| Crash and analytics diagnostics | Legitimate interest (Art. 6(1)(f)) |
| Purchase management | Performance of a contract (Art. 6(1)(b)) |
| Data retention for compliance | Legal obligation (Art. 6(1)(c)) |
7. Data Sharing and Transfers
We may share limited technical data with trusted service providers solely to operate the App:
| Partner | Purpose | Data Shared |
|---|---|---|
| Firebase (Google LLC) | Analytics and crash diagnostics | Usage statistics, crash logs |
| RevenueCat | Subscription and purchase management | Anonymous user ID, transaction info |
| App Store (Apple) | Distribution and analytics | App engagement metrics |
All third-party providers comply with GDPR and process data under Data Processing Agreements (DPAs).
Face Data
Popshot does not sell or share face data (landmarks, masks) with third parties for advertising or marketing. Limited processing by cloud service providers occurs under data processing agreements strictly to operate the App’s features. Face data is not persisted by these providers beyond processing.
8. International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards.
9. User Rights (GDPR and CCPA)
Users have the following rights regarding their personal data:
- Access – Request a copy of your personal data.
- Rectification – Request correction of inaccurate data.
- Erasure – Request deletion of your data (“right to be forgotten”).
- Restriction – Limit processing in certain circumstances.
- Data Portability – Request transfer of your data to another service.
- Objection – Object to processing under legitimate interest.
To exercise these rights, contact us at apps@vladr.com.
We will respond within 30 days as required by GDPR.
10. Children’s Privacy
Popshot is intended for users aged 13 and older.
We do not knowingly collect personal data from children under 13.
If you believe a child has provided data without parental consent, contact us immediately to request deletion.
11. Security Measures
We implement technical and organizational safeguards to protect user data, including:
- HTTPS encryption for all network communication
- Encrypted storage for temporary cloud data
- Access control and data minimization
- Routine deletion of inactive data
While no system is perfectly secure, we take all reasonable steps to protect your information.
Face Data
We protect user photos and any ephemeral face-related processing with encryption in transit and at rest, strict access controls, and data minimization. Face-related derived data are ephemeral and discarded immediately after processing.
12. Changes to This Policy
We may update this Privacy Policy periodically.
The latest version will always be available within the App and at the provided contact email.
Substantive changes will be communicated through the App or via App Store update notes.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:
VAR TIM SOFTWARE SRL
Timisoara, Romania
📩 apps@vladr.com
Summary for App Store Privacy Section
| Data Type | Collected | Linked to User | Used for Tracking |
|---|---|---|---|
| Photos or Videos | ✅ Yes (temporary) | ❌ No | ❌ No |
| User Content / Edits | ✅ Yes (temporary) | ❌ No | ❌ No |
| Usage Data (analytics) | ✅ Yes | ❌ No | ❌ No |
| Diagnostics (crash logs) | ✅ Yes | ❌ No | ❌ No |
| Purchases (RevenueCat) | ✅ Yes | ❌ No | ❌ No |