AlbumAI — Privacy Policy

Effective Date: 2025.07.01
Data Controller: AlbumAI
Contact: service@albumai.net

1. Overview and Scope

This Privacy Policy constitutes a legally binding agreement between you and AlbumAI. It governs the collection, processing, storage, and protection of personal data and User Content when utilizing our services. We are committed to maintaining the highest standards of data integrity and transparency.

2. Categories of Data Collected

We collect and process the following categories of information to provide and improve our services:

2.1 User-Generated Content and Metadata

  • Original Assets: High-resolution photos, images, and their associated EXIF/metadata.
  • AI-Derived Data: Textual descriptions, captions, stories, and metadata generated by our Artificial Intelligence models based on your uploaded photos.

2.2 Account and Authentication Information

  • Identification Data: Email addresses and usernames.
  • Subscription Details: Current subscription tier and payment transaction records.
  • Authentication Methods: Secure login credentials and third-party authentication tokens derived from Google Sign-In or Apple Sign-In.

2.3 Technical and Usage Data

  • Device Telemetry: Device hardware type, operating system version, and application build version.
  • Network Information: IP addresses processed at a general regional level.
  • Engagement Metrics: Granular logs of feature interactions, session duration, and frequency of use.
  • Diagnostic Data: Technical crash reports and system performance logs.

2.4 Communication Data

  • Correspondence: Customer support inquiries, feedback, and related documentation.

3. Specialized AI Content Processing

AlbumAI utilizes advanced machine learning to provide automated indexing and memory discovery.

  • Processing Workflow: User photos are securely transmitted via SSL/TLS to OpenAI’s infrastructure for analysis.
  • Analysis: OpenAI processes the visual data using the gpt-4o-mini model to generate natural language descriptions and stories.
  • Storage and Sync: The resulting text is cached locally on your device and synchronized with our Supabase cloud database.
  • Asset Security: Original photos are stored with industry-standard encryption within Amazon S3 cloud storage.

Crucial Protection: Your photos are processed via API for real-time analysis only; they are NOT utilized to train or improve OpenAI’s foundational models.

4. Legal Basis for Processing (GDPR Compliance)

In accordance with the General Data Protection Regulation (GDPR), we process data based on the following pillars:

  • Explicit Consent: Obtained when you create an account, and specifically when you upload photos and request AI analysis.
  • Contractual Necessity: Processing required to deliver the features of AlbumAI as defined in our terms.
  • Legitimate Interests: Processing for service optimization, security audits, and technical support.
  • Legal Obligations: Adherence to statutory obligations or lawful government requests.

5. Third-Party Data Disclosures

We do not sell or rent your personal data to third parties. Data is shared only with the following essential sub-processors under strict confidentiality agreements for service delivery:

Supabase Inc. acts as our primary cloud database and backend provider, managing user profiles, stories, and metadata. OpenAI Inc. provides the AI infrastructure required for content generation via the gpt-4o-mini model. Amazon Web Services (AWS) provides the underlying encrypted storage for all photos and backups. Additionally, Apple Inc. and Google LLC provide authentication and payment processing services. We also utilize third-party SDKs, including Lottie, for rendering UI animations.

6. International Data Transfers and Security

  • Transfers: If data is stored or processed outside your jurisdiction, we ensure protection through Standard Contractual Clauses (SCCs) and Data Protection Addendums (DPAs).
  • Security Measures: We employ industry-standard technical measures, including JWT (JSON Web Tokens) for session security, SSL/TLS for data in transit, and robust encryption for data at rest.

7. Data Retention and User Rights

We retain personal data only for the duration necessary to fulfill service delivery.

  • Account Deletion: You may trigger a permanent deletion of your account and all associated content by contacting us at service@albumai.net.
  • Your Rights: Pursuant to applicable laws (GDPR/CCPA), you maintain the right to Access, Rectify, Erase (the "Right to be Forgotten"), Restrict Processing, and Portability of your data.
  • CCPA Opt-Out: While AlbumAI does not engage in the sale of data, California residents retain the right to opt-out of any future "sale" as defined by law.

8. Children’s Privacy

AlbumAI is restricted to individuals aged 13 or older. We do not knowingly collect data from minors; any such data discovered will be summarily deleted.

9. Amendments

We reserve the right to modify this policy periodically. Material changes will be communicated via the service or via email. Continued use of the platform after such notifications constitutes legal acceptance of the revised terms.

Contact Authority

For questions or privacy concerns, please contact: service@albumai.net