Privacy Policy
Effective Date: May 13, 2026
Welcome to GradFlowLab. This Privacy Policy describes how GradFlowLab ("we," "us," or "our") collects, uses, and shares information about you when you use our mobile applications (the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
To provide and improve our Service, we collect the following information:
a) Information You Provide Directly
- Account Information: When you create an account, we collect your email address. This information is processed and stored by our backend provider, Supabase, for authentication purposes.
- User Content (Your Images): We collect the images you upload to the Service for the sole purpose of applying our AI-powered features.
b) Information Collected Automatically
- Transaction Information: When you purchase a subscription, our third-party subscription management service, RevenueCat, processes the transaction. RevenueCat provides us with anonymous subscription status information (e.g., whether you have an active "pro" entitlement) linked to an anonymous user ID. We do not collect or store your payment card details.
- Technical and Usage Data: We may collect anonymous data about your device and how you interact with our Service. This can include your device type, IP address, operating system, and usage statistics. This data is aggregated and used to improve the performance and user experience of our apps.
2. How We Use Your Information
- To Provide and Maintain the Service: To create and manage your account, process your images, and deliver results to you.
- To Process Transactions: To manage subscriptions and unlock premium features based on your purchase status via RevenueCat.
- To Improve the Service: To analyze usage patterns, identify bugs, and develop new features and improvements.
- To Communicate With You: To respond to your support requests or inquiries. We will only use your email for direct communication related to your account or support needs.
3. How We Process and Store Your Images
Your privacy regarding your images is our highest priority.
- Image Processing: Your uploaded image is sent to a third-party AI service provider to apply the selected processing. The provider for each app is named in the per-app section below.
- Image Storage: The original image you upload is not stored on our servers after AI processing is complete. Generated images are stored in your private, secure user account on our backend service (Supabase Storage) so that you can access them later. You have full control to delete these images from your history at any time.
- No Training on Your Data: We have instructed our AI service providers not to use your images to train their AI models.
3a. SkinLens — AI Skin Analysis
SkinLens sends the photo you capture to Anthropic, PBC (USA) to generate a triage result. No other personal identifiers are sent with the image. Anthropic does not use this data to train its models, and the photo is not stored on our servers after processing. You consent to this on a screen before the photo is sent. Anthropic's privacy policy: anthropic.com/legal/privacy.
SkinLens output is an informational triage aid, not a medical diagnosis.
3b. AnyFace — AI Face Swap
To create a swap, AnyFace sends the source face image and the target image/video to:
- Replicate, Inc. (USA) — to perform the swap. replicate.com/privacy
- OpenAI, L.L.C. (USA) — receives only the target image to screen for prohibited content. openai.com/policies/privacy-policy
Neither processor uses your media to train models. Uploaded media is auto-deleted from our servers within 24 hours; generated results within 7 days. Faces saved in the app stay on your device.
You consent to this on a screen before media is sent and can withdraw consent in Settings. AnyFace does not identify individuals or build face-recognition profiles.
3c. TalkFace — AI Talking-Photo Video
To generate a video, TalkFace sends the source photo to:
- fal.ai — Features and Labels, Inc. (USA), to generate the video. fal.ai/privacy-policy
- OpenAI, L.L.C. (USA) — to screen the photo for prohibited content. openai.com/policies/privacy-policy
If you use the optional script-suggestion feature, the text prompt you provide is sent to Anthropic, PBC (USA) to draft candidate scripts. No photo is sent to Anthropic. anthropic.com/legal/privacy
None of these processors use your data to train models. Uploaded photos are auto-deleted from our servers within 24 hours; generated videos within 30 days.
You consent to this on a screen before media is sent and can withdraw consent in Settings. TalkFace does not identify individuals or build face-recognition profiles.
Face data: TalkFace does not collect, store, or transmit biometric face data, face templates, embeddings, or recognition signatures. The app uses Apple's on-device Vision framework only as a UX check to confirm a face is present in the user-selected photo; the bounding box never leaves the device.
4. Your Data Rights and Choices
Depending on your location, you may have certain rights regarding your personal information, including:
- Right to Access: You can request a copy of the personal information we hold about you.
- Right to Deletion: You can delete your account and associated data, including your image history, from within the app's settings.
- Right to Correction: You can update your account information through the app.
To exercise these rights, please contact us at contact@gradflowlab.com.
5. Data Security
We use industry-standard technical and administrative security measures to protect your information. Our backend (Supabase) provides robust security features. However, please remember that no method of transmission over the Internet or electronic storage is 100% secure.
6. Children's Privacy
Our Service is not intended for use by children under the age of 13 (or a higher age if required by applicable law). We do not knowingly collect personally identifiable information from children. If we become aware that we have collected such information, we will take steps to delete it.
7. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.
8. Contact Us
If you have any questions about this Privacy Policy, please contact us at: contact@gradflowlab.com.