1. Introduction
Welcome to Santai ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Santai (the "App").
By downloading, accessing, or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.
Key Privacy Commitments:
- Your uploaded photos are automatically deleted from AI processing servers within 1 hour
- We do NOT sell your personal data to third parties
- We do NOT use your photos to train AI models
- You have full control over your data and can delete it at any time
2. Information We Collect
2.1 Information You Provide Directly
Account Information
When you create an account, we collect:
- Email Address: Used for account identification and communication
- Display Name: Optional, used for personalization
- Authentication Credentials: Securely managed through Firebase Authentication
- Sign-in Method: Apple ID or Google Sign-In (we receive only the information you authorize)
Photos and Media
- Uploaded Photos: Images you upload for AI generation are temporarily processed and automatically deleted from processing servers within 1 hour
- Generated Content: AI-generated images and videos are stored locally on your device
- Community Submissions: If you voluntarily share content to our community gallery, those images are stored on our servers (Cloudflare R2) until you delete them
User Input
- Text Prompts: Descriptions you provide for AI generation
- Style Preferences: Selected styles, categories, and generation settings
- Referral Codes: If you use or share referral codes
2.2 Information Collected Automatically
Device Information
- Device type and model
- Operating system version
- Unique device identifiers (for authentication and fraud prevention)
- App version
Usage Data
- Features accessed and generation history
- Category selections and style preferences
- Session duration and interaction patterns
- Error logs and crash reports (anonymized)
Analytics Data
We use Firebase Analytics to collect anonymized usage statistics to improve the App. You can opt out of analytics in App settings.
2.3 Information from Third-Party Services
- Apple/Google Authentication: Basic profile information (email, name) as permitted by your privacy settings
- Apple App Store: Purchase confirmations and subscription status (we do not receive your payment card details)
- RevenueCat: Subscription management and purchase verification
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide AI generation services | Photos, prompts, style preferences | Contract performance |
| Account management & authentication | Email, authentication tokens | Contract performance |
| Process in-app purchases | Purchase confirmations, subscription status | Contract performance |
| Credit system management | Usage history, credit balance | Contract performance |
| Community features | Shared content, likes, user interactions | Consent |
| Push notifications | Device tokens | Consent |
| Improve our services | Anonymized usage analytics, crash reports | Legitimate interest |
| Prevent fraud & abuse | Device identifiers, usage patterns | Legitimate interest |
| Customer support | Contact information, support requests | Contract performance |
4. Photo Processing and AI Services
Important: We use fal.ai as our AI processing provider. Understanding how your photos are handled is crucial for your privacy.
4.1 How Your Photos Are Processed
When you use our AI generation features:
- Upload: Your photo is securely uploaded via encrypted HTTPS connection to our Firebase Cloud Functions
- Processing: The image is sent to fal.ai's secure servers for AI processing
- Generation: The AI model generates your requested content (photo transformation or video)
- Delivery: Generated results are delivered back to your device
- Automatic Deletion: Your original uploaded photo is automatically deleted from fal.ai servers within 1 hour of processing completion
4.2 fal.ai Data Handling
Our AI processing partner fal.ai:
- Processes images only for the purpose of generating your requested content
- Automatically deletes all uploaded images within 1 hour
- Does NOT use your images to train AI models
- Does NOT share your images with third parties
- Maintains SOC 2 Type II compliance for security
4.3 Local Storage
- Generated Content: All AI-generated images and videos are stored locally on your device in the app's Documents directory
- Photo Library: You can optionally save generated content to your device's photo library
- Cache: Temporary cache files are stored locally and automatically cleaned
4.4 Community Gallery Storage
If you choose to share your creations to the Community:
- Images are uploaded to Cloudflare R2 storage
- Metadata (category, prompt, model used) is stored in Firebase Firestore
- Content remains stored until you delete it
- You can delete your community posts at any time directly from the App (Community > My Posts > Delete)
5. Data Retention
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Uploaded photos (AI processing) | 1 hour after processing | Automatic deletion by fal.ai |
| Generated content | Until you delete from device | Delete from My Generations or device storage |
| Community posts | Until you delete | Delete from Community > My Posts |
| Account data | While account is active | Contact support for account deletion |
| Usage analytics | 14 months (Firebase default) | Anonymized, cannot be individually deleted |
| Crash reports | 90 days | Automatic expiration |
| Purchase history | As required by law (typically 7 years) | Legal requirement |
6. Data Sharing and Disclosure
6.1 Third-Party Service Providers
We share information with trusted third-party service providers who assist us in operating the App:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, database, analytics, cloud functions | Account info, usage data, authentication tokens |
| fal.ai | AI image and video generation | Uploaded photos (deleted within 1 hour), prompts |
| Cloudflare R2 | Community content storage | Voluntarily shared community posts |
| RevenueCat | Subscription management | Anonymous user ID, purchase status |
| Apple | In-app purchases, Sign in with Apple | Purchase transactions, authentication |
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
6.2 What We Do NOT Do
- We do NOT sell your personal information to third parties
- We do NOT share your photos with advertisers
- We do NOT use your photos to train AI models
- We do NOT provide your data to data brokers
- We do NOT display targeted advertisements in the App
6.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights or property
- Prevent fraud or illegal activity
- Protect the safety of users or the public
7. Data Security
We implement robust security measures to protect your information:
Encryption
- All data transmitted between your device and our servers uses TLS 1.3 encryption
- Data at rest is encrypted using AES-256 encryption
- Authentication tokens are securely stored in iOS Keychain
Infrastructure Security
- Firebase infrastructure with Google Cloud security
- Cloudflare edge network protection
- Regular security audits and monitoring
Access Controls
- Strict role-based access controls
- Two-factor authentication for administrative access
- Regular access reviews
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights and Choices
8.1 Access Your Data
You can view your:
- Generated content in "My Generations" section
- Community posts in "Community > My Posts"
- Account information in Profile settings
For a complete data export, contact us at santai.help.app@gmail.com.
8.2 Delete Your Data
Within the App:
- Generated Content: Delete from My Generations screen
- Community Posts: Go to Community > filter by "My Posts" > tap trash icon on any post
- Local Cache: Clear from device Settings > Santai > Clear Cache
Account Deletion: Contact santai.help.app@gmail.com to request complete account deletion. We will delete your account and associated data within 30 days.
8.3 Opt-Out Options
- Push Notifications: Manage in iOS Settings > Santai > Notifications
- Analytics: We respect iOS App Tracking Transparency settings
- Community Sharing: Completely optional - you control what you share
- Data Processing Consent: You can revoke consent, but this will prevent AI generation features from working
8.4 California Residents (CCPA/CPRA)
California residents have additional rights:
- Right to Know: Request what personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact santai.help.app@gmail.com.
8.5 European Users (GDPR)
If you are in the European Economic Area, you have rights including:
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
Legal Basis for Processing: Contract performance (providing services), consent (community features, notifications), legitimate interests (security, analytics).
9. Children's Privacy
The App is rated 4+ on the App Store and is suitable for all ages. However:
- We do not knowingly collect personal information from children under 13 (or 16 in some jurisdictions)
- Account creation and purchases require age verification through Apple ID
- If we discover we have collected information from a child without appropriate consent, we will delete it immediately
If you are a parent or guardian and believe your child has provided personal information, contact us at santai.help.app@gmail.com.
10. International Data Transfers
Your information may be transferred to and processed in:
- United States: Firebase, fal.ai servers
- Global Edge Locations: Cloudflare CDN for content delivery
When we transfer data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all service providers
- Ensuring recipients maintain adequate security measures
11. Consent Management
Before using AI generation features, you must provide consent for data processing. This consent popup explains:
- How your photos are uploaded and processed
- That images are automatically deleted within 1 hour
- That generated content stays on your device
- Our commitment to never selling your data
You can view and manage your consent status in Profile > Settings. Revoking consent will prevent AI generation features from working.
12. Third-Party Links
The App may contain links to third-party websites or services (such as Apple's Terms of Service). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated Privacy Policy in the App
- Updating the "Last Updated" date at the top
- Showing an in-app notification for significant changes
Continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
- Email: santai.help.app@gmail.com
We will respond to your inquiry within 30 days (or sooner as required by applicable law).
Thank you for trusting Santai. Your privacy is important to us, and we are committed to being transparent about how we handle your data while providing you with amazing AI-powered creative tools.