SwitchUp Privacy Policy

Last updated: 2025-11-13

SwitchUp (“the App,” “we,” or “us”) is developed and operated by the individual developer opaic. We provide AI hairstyle generation, personalized hairstyle libraries, history and favorites management, subscription memberships, notifications, and related features. This Policy explains how we collect, use, store, share, and protect your personal information, and the rights you have when using the App. Please read this Policy carefully before using the App.

If you do not agree with any part of this Policy, stop using the App immediately. By accessing or continuing to use the App, you acknowledge that you have read, understood, and accepted this Policy.

1. Scope and Core Features

AI hairstyle try-on and generation: Upload or capture a front-facing photo, choose a reference hairstyle or input prompts, and receive new hairstyle images from our cloud AI services (e.g., fal.ai/flux models).
Asset management and history: Sync generated records, favorites, and downloaded assets locally and to the cloud for multi-device viewing and recovery.
Subscriptions and memberships: In-app subscriptions via App Store / Google Play to unlock premium features and manage orders/credits.
Notifications and settings: Push/email notifications, privacy and general settings, theme and language options.
Support and help: Access support channels or submit feedback in “Help Center” or “About.”

This Policy applies to the above features and any future privacy-related capabilities added to the App. If new features require additional data, we will obtain your explicit consent before launch.

2. Information We Collect

We only collect information necessary for legitimate, lawful business purposes.

2.1 Information You Provide

Account and authentication: Anonymized user ID, auth token, refresh token, token expiry—stored in the device’s secure storage, used only to maintain login state.
Membership/subscription data: Order ID, product ID, receipt (with platform signature), subscription validity, refund status, etc., received via platform APIs to verify with our backend.
User content: Front-facing photos, reference hairstyles, prompts, favorite names, rename records uploaded or captured in the home or preview pages. Unless you save to history or favorites, original photos are only used for the generation flow.
Support/feedback: Contact details (e.g., email, phone, social account) and issue descriptions when you submit requests in Help Center.

2.2 Automatically Collected Information

Device and logs: Device model, OS version, device identifier (provided by the OS), app version, language, network type, crash logs, and API debug info (debug builds only visible locally).
Usage data: Feature clicks, hairstyle popularity, history access counts, etc., used for anonymous statistics. If you disable “Data Analysis” in Settings > Privacy, we stop sending such analytics.

2.3 Local Storage Data

Local database: Favorite hairstyle IDs, timestamps, local hairstyle names, original/thumbnail paths, created/updated time—stored only in the app’s local database.
Cache files: Generated or downloaded hairstyle images cached in the app sandbox for offline viewing; you can delete them in history/favorites or via system app data clearing.

2.4 Third-Party Sources

App Store / Google Play: Subscription receipts, order status.
AI generation providers: Task IDs, generation status, generated asset IDs/URLs.
Crash collection provider (Firebase): Crash logs, device model, OS version, app version, basic device identifiers (provided by the OS) required for stability analysis; does not include your photos, prompts, favorites, or other business data.

We do not actively collect personal sensitive data unrelated to the App’s functions (e.g., contacts, SMS, precise location).

2.5 Face Information Handling

We do not collect, extract, or store biometric identifiers, facial recognition data, facial landmarks, or face embeddings. User photos that may contain faces are treated as general user-generated content for the hairstyle generation feature only.
Photos are not used to build or train face recognition models, perform identity verification, profiling, advertising, tracking, analytics, or any unrelated purposes.
We apply data minimization and process only what is necessary to fulfill the hairstyle generation request initiated by the user.

3. How We Use Information

Provide core features: Authentication, hairstyle generation, history/favorites management, asset sync, subscription entitlement checks.
Improve product experience: Enhance UI, recommendations, compression/download flows using anonymized usage data.
Security and risk control: Detect abnormal logins, interface abuse, repeated refunds, etc., and mitigate risks using device info.
Customer support: Communicate progress on your requests and assist with subscription, data, or permissions issues.
Legal compliance: Retain/disclose required logs per regulatory or judicial requests and assist with complaints.

3.1 Image Processing

Photos are transmitted over HTTPS/TLS to our backend and to our AI processor (e.g., Fal.ai) only to generate the hairstyle preview you requested. They are not reused for analytics, advertising, tracking, unrelated AI tasks, or model training.
Processing is user-initiated and task-bound; once the generation task completes, no further processing of the photo occurs.

We do not use your personal information for purposes not stated in this Policy. If purposes change, we will seek your explicit consent again.

4. Sharing, Transfer, and Disclosure

We do not transfer or disclose your personal information to third parties except in these cases:

With your explicit consent.
As required by laws, courts, or regulators.
Necessary sharing/commissioned processing to deliver core services, mainly:
- AI generation providers (e.g., fal.ai): Receive photos, prompts, and generation parameters to create hairstyle images; suppliers commit to clearing temp files after tasks complete.
- Cloud asset/auth services: Store generated results, anonymized user IDs, download status for multi-device sync and recovery.
- Payment/subscription channels (Apple/Google): Verify transactions, process refunds, and support audits; we only obtain necessary fields and do not store your bank account details.
- Push notification channels (APNs/FCM): Process device push tokens when you enable notifications.
- Crash collection provider (Firebase): Collect/analyze crash logs and related device info to improve stability; does not access your photos, prompts, or history/favorites content.
As otherwise required by law (e.g., public safety).

4.1 Use of Third-Party Service Providers

Fal.ai (image processing) acts as our data processor solely to fulfill hairstyle generation requests. Photos are used only to render the requested hairstyle preview and are not retained for advertising, analytics, tracking, or model training. Temporary processing files are cleared by the provider after the task completes, typically within 24 hours or sooner.
No additional third parties receive user photos or face-related content beyond what is necessary to deliver the requested hairstyle generation.

If information must be transferred due to merger or reorganization, the new holder will remain bound by this Policy or we will seek your authorization again.

5. Permissions and Sensitive Capabilities

Permission/Capability	Use Case	Impact If Denied
Camera	Take front-facing photos in home/preview	Cannot capture instantly; can still pick from gallery
Photos/Media Library	Read selected photos; save generated images locally	Cannot upload/save images; AI generation unavailable
Local Storage (file read/write)	Cache generated images; store history/favorites DB	No offline viewing; history/favorites unavailable
Network Access	Upload photos, sync assets, verify subscriptions, download assets	Core services unavailable
Notifications	Send subscription expiry/generation completion reminders	No push received; features unaffected
Analytics/Crash Reporting Toggle	Optionally send anonymized logs and crash stacks	None

We never enable permissions in the background without your consent. You can manage permissions in system settings.

6. Data Storage and Security

Local security: Auth token, refresh token, receipts, and other sensitive fields are stored in secure storage provided by the OS; favorites/history are stored in the app’s private database, sandboxed from the system.
Transmission security: All external calls (including official APIs and AI generation gateways) use HTTPS/TLS with signatures and idempotency to prevent tampering or replay.
Access control: Server-side access is validated by tokens and device fingerprints; internal access is limited and logged.
Integrity checks: Downloads/syncs verify file integrity; corrupted files trigger redownload and cleanup.
Data minimization: Non-essential fields are not collected by default; debug logs are used only in dev builds or when you actively upload them.
Data hosting location: Servers and data hosting are primarily in the United States; if processing in other regions is needed, we will update this Policy or use in-app notices and seek your consent where legally required.

7. Data Retention and Deletion

Data Category	Retention Period	Deletion Method
Auth token/refresh token	Cleared upon logout, uninstall, or 30 days of inactivity	Logout in settings or request deletion
Uploaded original photos	Used only for generation; cleared by server within 24h after task completion; if saved to history, retained locally until you delete	Delete history or clear app data
Generated results and metadata	Kept for history, redownload, or cross-device recovery; no more than 30 days after account deletion	Delete in history/favorites or request backend deletion
Subscription receipts/orders	Retained 5 years or longer if legally required for audits	Delinked/obfuscated after expiry, or deleted per regulation
Logs and crash reports	Kept by default for 90 days	Disable “Crash Reporting” or contact support

Uninstalling the App removes local data but does not automatically delete server-side records tied to subscriptions. For full deletion, follow “Contact Us.”

8. Your Rights and How to Exercise Them

Access/Copy: View/export data in History/Favorites/Account; request a copy of your personal data via support.
Correct/Update: Rename hairstyles, modify profile, update notification preferences; for server-side corrections, provide details.
Delete: Delete history, favorites, cache in-app; request deletion of server-side data or delete after account termination.
Withdraw consent: Disable permissions or “Data Analysis/Crash Reporting,” which is treated as withdrawing that consent.
Account deletion: Request via support or settings; we process after identity verification within 15 business days.
Response time: We respond within 15 business days; if we cannot meet a request, we will explain and offer alternatives.

9. Children’s Privacy

The App is intended for adults. Users under 18 should use it only with guardian consent and guidance and must obtain explicit consent before submitting personal information. If we discover unauthorized collection of minors’ data, we will delete or de-identify it promptly.

10. Cross-Border Transfers

To deliver AI generation and cloud asset storage, your photos, generated results, and related metadata are primarily processed on servers located in the United States. If processing in other regions is needed, we will ensure equivalent protections and, where required, execute cross-border transfer agreements or conduct security assessments, and notify you.

11. Updates to This Policy

We may update this Policy due to business, legal, or regulatory needs. Material changes (e.g., data types, purposes, sharing parties) will be communicated via in-app pop-ups, messages, or website notices, and explicit consent will be obtained when required. Non-material changes take effect upon publication; continued use means you accept the updated content.

12. Contact Us

The App is maintained by an individual developer. For questions about this Policy, data processing, or your personal information rights, email no-reply@dressingmirror.ai. We will respond within 15 business days. Phone or in-person support is not available.