← Back to SelfAI

Privacy Policy

Last updated: April 2026

Welcome to SelfAI — AI Photo Studio (“SelfAI”, “the App”, “we”, “us”, or “our”). SelfAI is operated by Rocket Digital Limited, a company incorporated in Hong Kong with registered address at 1603, The L Plaza, 367-375 Queens Road Central, Hong Kong.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website located at https://www.aiselfies.app (collectively, the “Services”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Services.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and, where appropriate, within the App. Your continued use of the Services after such changes constitutes acceptance of the updated policy.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. AI-Generated Content and Photo Processing
  4. Third-Party Services and Data Sharing
  5. Advertising
  6. Cookies and Tracking Technologies
  7. Data Retention
  8. Data Security
  9. Children's Privacy
  10. Your Rights — GDPR (EEA/UK Users)
  11. Your Rights — CCPA (California Users)
  12. International Data Transfers
  13. Links to Other Websites
  14. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: When you create an account or sign in via Firebase Authentication, we collect your email address and, if you use social sign-in, your name and profile picture from the relevant provider (e.g., Google, Apple).
  • Photos and images: You may upload photos of yourself for AI processing. These images are transmitted to our AI processing partners and temporarily stored in Firebase Cloud Storage to generate your AI-styled selfies.
  • Subscription and payment information: When you purchase a subscription or in-app purchase, payment is handled by Apple App Store or Google Play. We do not directly collect or store your payment card details. Subscription status is managed via RevenueCat.
  • Communications: If you contact us by email, we collect your name, email address, and the content of your message.

1.2 Information Collected Automatically

  • Usage data: We collect information about how you interact with the App, including features used, pages visited, session duration, and actions taken, via Firebase Analytics and Google Analytics.
  • Device information: Device type, operating system version, unique device identifiers, mobile network information, and app version.
  • Log data: Server logs, IP address, timestamps, crash reports, and diagnostic data.
  • Advertising identifiers: If you view or interact with ads served by Google AdMob, your advertising identifier (IDFA on iOS or GAID on Android) may be collected, subject to your device privacy settings and consent.
  • Website analytics: When you visit aiselfies.app, we collect data via Google Analytics and Meta Pixel, including pages visited, referral source, browser type, and approximate geographic location.

1.3 Information from Third Parties

  • Authentication providers: If you sign in with Google or Apple, we receive basic profile information as permitted by your settings with those providers.
  • RevenueCat: We receive subscription status, entitlements, and purchase history (not full payment details) to manage access to premium features.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services, including generating AI-styled photos.
  • Authenticate your identity and manage your account.
  • Process and fulfill subscription purchases and manage premium feature access.
  • Personalize your experience and remember your preferences.
  • Analyze usage patterns to improve the App’s performance, features, and user experience.
  • Serve relevant advertisements through Google AdMob.
  • Measure the effectiveness of our marketing campaigns via Google Analytics and Meta Pixel.
  • Detect, investigate, and prevent fraudulent activity, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Respond to your inquiries and provide customer support.
  • Send you service-related notifications (e.g., generation complete, subscription renewal). We will only send marketing communications where you have provided consent or where permitted by applicable law.

Legal bases for processing (GDPR):We process your personal data on the bases of (i) contract performance — to deliver the Services you requested; (ii) legitimate interests — to improve the App and prevent fraud; (iii) consent — for optional analytics, advertising, and marketing; and (iv) legal obligation — where required by law.

3. AI-Generated Content and Photo Processing

The core functionality of SelfAI involves processing your photos using artificial intelligence. This section explains how that works and what it means for your privacy.

3.1 How Your Photos Are Processed

When you submit photos for AI generation, your images are securely transmitted over encrypted connections to one or more of our AI processing partners: OpenAI, Microsoft Azure AI, Replicate, and/or Fal.ai. The specific service used depends on the style or feature you have selected. Your photos are used solely to generate the requested output image and are not used to train third-party AI models without your explicit consent.

3.2 Storage of Your Photos

Uploaded source photos and generated output images are stored in Firebase Cloud Storage under your authenticated user account. You can delete your generated images at any time from within the App. Upon account deletion, all associated images are permanently removed from our storage within 30 days.

3.3 AI Partner Data Practices

We have data processing agreements in place with all AI partners to ensure your data is handled in compliance with applicable privacy laws.

3.4 Biometric and Facial Data

Photos you submit may contain your facial likeness. We treat facial data with the highest level of care. We do not create persistent biometric identifiers or facial recognition profiles from your images. Images are processed transiently to generate your requested AI artwork. If you are located in Illinois, Texas, or another jurisdiction with biometric privacy laws, you consent to this limited processing by using the AI generation features. You may revoke consent at any time by deleting your account.

4. Third-Party Services and Data Sharing

We do not sell your personal information to third parties. We share data only as described below.

ServicePurposeData Shared
Firebase (Google)Authentication, cloud storage, analyticsAccount credentials, uploaded images, usage events
RevenueCatSubscription managementUser ID, device info, purchase receipts
Google AdMobIn-app advertisingAdvertising ID, device info, approximate location, ad interaction data
OpenAIAI image generationSubmitted photos (for processing only)
Microsoft AzureAI image processingSubmitted photos (for processing only)
ReplicateAI model hostingSubmitted photos (for processing only)
Fal.aiAI image processingSubmitted photos (for processing only)
Google AnalyticsWebsite analyticsBrowsing behavior, device info, approximate location
Meta PixelAdvertising analyticsWebsite visit data, events, hashed contact info (if provided)

We may also disclose your information:

  • Legal requirements: If required by law, court order, or government authority, or to protect our legal rights.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, in which case the acquiring entity will be bound by the terms of this policy.
  • Protection of rights: To enforce our Terms of Service, prevent fraud, or protect the safety of our users or the public.

5. Advertising

Free users of SelfAI may see advertisements served by Google AdMob. AdMob may use your advertising identifier and other signals to show you personalized ads. You can limit ad personalization by adjusting your device settings:

  • iOS:Settings → Privacy & Security → Tracking → disable “Allow Apps to Request to Track” or opt out on a per-app basis.
  • Android:Settings → Google → Ads → “Delete advertising ID” or “Opt out of Ads Personalization”.

Purchasing a SelfAI Pro subscription removes all advertisements from the App.

6. Cookies and Tracking Technologies

Our website (aiselfies.app) uses cookies and similar technologies to operate and improve the site experience, and to enable analytics and advertising measurement.

  • Essential cookies: Required for the website to function correctly. These cannot be disabled.
  • Analytics cookies (Google Analytics): Help us understand how visitors use our website. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Advertising cookies (Meta Pixel): Allow Meta to measure the effectiveness of our ads on Facebook and Instagram. You can manage your preferences via Meta’s Cookie Policy.

Where required by law, we will request your consent before placing non-essential cookies. You can withdraw consent at any time by clearing your browser cookies or adjusting your browser settings.

7. Data Retention

  • Account data: Retained for as long as your account is active or as needed to provide Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.
  • User photos and generated images: Stored in Firebase Cloud Storage and deleted upon account deletion within 30 days.
  • Transaction records: Retained for up to 7 years to comply with financial and tax obligations.
  • Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 26 months.
  • Support communications: Retained for up to 3 years after resolution.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures, including:

  • TLS encryption for all data in transit between your device, our servers, and third-party AI partners.
  • Firebase Security Rules to restrict access to stored images to authenticated users only.
  • Server-side authentication token validation on all API requests.
  • Regular security reviews of our infrastructure and third-party integrations.
  • Principle of least privilege: our team members only have access to the data necessary to perform their roles.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by law.

9. Children’s Privacy

SelfAI is not directed to children under the age of 13 (or under 16 in the European Economic Area and UK). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at hello@rocketdigital.ai.

Upon receiving such a request, we will take steps to promptly delete the relevant information from our systems. If we discover we have collected data from a child under the applicable age limit without verified parental consent, we will delete it without undue delay.

10. Your Rights — GDPR (EEA and UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): You may request deletion of your personal data, subject to certain legal exceptions.
  • Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
  • Right to data portability: You may request your personal data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at hello@rocketdigital.ai. We will respond to your request within 30 days. We may need to verify your identity before fulfilling certain requests.

11. Your Rights — CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing:We do not sell personal information for monetary consideration. However, our use of Google Analytics and Meta Pixel may constitute “sharing” under CCPA. You may opt out by contacting us or adjusting your cookie preferences.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to limit use of sensitive personal information: You may request we limit the use of sensitive personal data (such as biometric information) to what is necessary to provide the Services.

To exercise your California rights, please submit a request to hello@rocketdigital.ai with “California Privacy Request” in the subject line. We will respond within 45 days.

Categories of personal information collected (CCPA): Identifiers (name, email, device ID); commercial information (subscription history); internet and electronic network activity (usage data, browsing); geolocation data (approximate); audio/visual information (photos you upload); and inferences drawn from the above to understand user preferences.

12. International Data Transfers

Rocket Digital Limited is based in Hong Kong. Our third-party service providers are primarily based in the United States. If you are accessing our Services from the EEA, UK, or other regions with data protection laws, please be aware that your data may be transferred to and processed in countries where data protection laws differ from your own.

Where we transfer personal data from the EEA or UK to third parties in countries that are not deemed to have adequate data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement, as applicable. You may request a copy of these safeguards by contacting us.

13. Links to Other Websites

Our Services may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you visit.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Rocket Digital Limited

1603, The L Plaza

367-375 Queens Road Central

Hong Kong

Email: hello@rocketdigital.ai

We aim to acknowledge all privacy-related inquiries within 5 business days and resolve them within 30 days where possible.

© 2026 Rocket Digital Limited. All rights reserved.

HomeTerms of Service