1. Information We Collect

Account Information

When you create an account, we collect the information necessary to authenticate and identify you:

• Apple Sign-In: Your Apple-provided user identifier and, if you choose to share it, your name and email address. Apple may provide a private relay email address instead of your real email.
• Google Sign-In: Your Google account name, email address, and profile identifier.
• Email/Password: Your email address and a securely hashed password. We never store passwords in plain text.

Profile and Transaction Data

We maintain a server-side profile that includes:

• Your unique user identifier
• Your current credit balance
• A record of credit transactions (purchases and usage) for accounting and support purposes

Photos and Images

• Body Photos (Virtual Try-On): When you use the virtual try-on feature, your body photo is transmitted to our server and forwarded to a third-party AI processing service (Kie.ai) to generate the composite image. These photos are used solely for real-time processing and are not stored permanently on our servers or by Kie.ai after the result is delivered.
• AI-Generated Tattoo Designs: All tattoo images generated by the AI are stored locally on your device only using on-device storage (SwiftData). They are never uploaded to or stored on our servers.

Text Prompts

When you generate a tattoo design, the text description you provide is sent to our server to create a professional AI prompt. We do not permanently associate prompts with your identity for purposes other than delivering the generated image back to you.

Information We Do Not Collect

• We do not use advertising SDKs or ad-tracking identifiers.
• We do not use analytics or tracking SDKs.
• We do not collect precise location data.
• We do not access your contacts, calendar, microphone, or other device sensors.
• We do not collect browsing history or cross-app activity.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Authenticate your identity, generate AI tattoo designs from your prompts, and process virtual try-on requests.
• Manage Credits: Track your credit balance, process in-app purchases, and maintain transaction history for billing support.
• Curated Gallery: Display a collection of admin-managed tattoo designs for browsing and inspiration. This content does not depend on your personal data.
• Customer Support: Respond to your inquiries, troubleshoot issues, and assist with account or purchase problems.
• Security and Integrity: Prevent fraud, detect abuse, and protect the security of our systems and users.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

We do not use your information to build advertising profiles, sell data to third parties, or perform behavioral targeting.

3. Third-Party Services

Inkify relies on the following trusted third-party services to operate. Each service receives only the minimum data necessary to perform its function.

Supabase

Purpose: Authentication, user profiles, credit management, and curated gallery storage.

Data shared: Account credentials (processed securely during authentication), user profile data, credit balances, and transaction records.

Privacy policy: supabase.com/privacy

RevenueCat

Purpose: In-app purchase processing and credit fulfillment via server-to-server webhooks.

Data shared: Anonymous app user identifiers and purchase transaction data. RevenueCat does not receive your name or email.

Privacy policy: revenuecat.com/privacy

Apple Sign-In

Purpose: Secure account authentication via Apple’s identity service.

Data shared: Authentication is handled entirely by Apple. We receive only the user identifier and the information you choose to share (name, email, or private relay email).

Privacy policy: apple.com/legal/privacy

Google Sign-In

Purpose: Secure account authentication via Google’s identity service.

Data shared: We receive your Google account name, email address, and profile identifier upon successful sign-in.

Privacy policy: policies.google.com/privacy

Kie.ai

Purpose: AI-powered virtual try-on image processing. When you use the try-on feature, your body photo and the selected tattoo design are sent to Kie.ai’s API to generate a photorealistic composite.

Data shared: Body photo and tattoo design image (transmitted for processing only; not stored permanently by Kie.ai after the result is generated).

Privacy policy: kie.ai/privacy-policy

4. Data Storage and Security

On-Device Storage

AI-generated tattoo designs, including result images and associated metadata, are stored exclusively on your device using Apple’s SwiftData framework. This data is never uploaded to our servers. If you delete the app, this data is permanently removed from your device.

Server-Side Storage

Your account information, credit balance, and transaction history are stored securely on Supabase’s infrastructure. Supabase uses industry-standard encryption at rest and in transit (TLS 1.2+), role-based access controls, and regular security audits.

Data in Transit

All communication between the app and our servers uses HTTPS with TLS encryption. Body photos sent for virtual try-on processing are encrypted in transit and are discarded after the processed result is returned.

Security Measures

• Passwords are securely hashed and never stored in plain text.
• API keys and secrets are managed server-side and are never embedded in the app binary.
• Server-side functions enforce authentication and authorization checks before processing requests.
• Credit deductions and additions are handled server-side to prevent client-side tampering.

While we implement reasonable administrative, technical, and physical safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us at batuardahan22@gmail.com.

Rights Under the EU General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data (“right to be forgotten”).
• Restriction: Request that we restrict processing of your personal data under certain circumstances.
• Data Portability: Receive your personal data in a structured, machine-readable format.
• Objection: Object to our processing of your personal data for certain purposes.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

Our legal basis for processing your personal data is typically the performance of a contract (providing the service you requested) or your explicit consent.

Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Delete: Request deletion of your personal information, subject to certain exceptions.
• Opt-Out of Sale: We do not sell your personal information to third parties. There is no need to opt out.
• Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.

Account Deletion

You may delete your account at any time through the app’s Profile settings. Upon account deletion:

• Your server-side profile, credit balance, and transaction history are permanently deleted.
• Your authentication credentials are removed from our authentication provider.
• Locally stored data (AI-generated images) remains on your device until you delete the app.

We will respond to rights requests within 30 days (or sooner as required by applicable law). We may ask you to verify your identity before processing your request.

6. Data Retention

• Account Data: Retained for as long as your account is active. Deleted upon account deletion request.
• Credit Transaction History: Retained for as long as your account is active, or as required by applicable financial record-keeping regulations, whichever is longer.
• AI-Generated Images: Stored locally on your device only. We have no server-side copy to retain or delete. Data is removed when you delete the app or clear its data.
• Body Photos (Try-On): Transmitted for real-time processing only. Not stored on our servers or by third-party processors after the result is delivered.
• Text Prompts: May be transiently processed in server logs. Logs are automatically rotated and purged within 30 days.

7. Children’s Privacy

Inkify is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. The app carries an age rating of 13+ on the Apple App Store.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at batuardahan22@gmail.com. We will take steps to promptly delete such information from our systems.

For users between 13 and 18 (or the age of majority in your jurisdiction), we recommend that a parent or guardian review this Privacy Policy with you.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will:

• Update the “Effective date” at the top of this page.
• Provide a notice within the app or via email, where appropriate.

We encourage you to review this policy periodically. Your continued use of Inkify after any changes indicates your acceptance of the updated Privacy Policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Developer: Batuhan Arda
• Email: batuardahan22@gmail.com

We will make every effort to respond to your inquiry within a reasonable timeframe.