Privacy Policy
Last Modified: 18 Jul, 2025
LightFrame Labs Inc., including our subsidiaries and affiliated companies (collectively, "LightFrame", "we", "our" or "us"), puts great efforts in making sure that the Personal Data (as defined herein) we process is stored securely and used properly, and that our data processing practices are accurately communicated to our users and prospective users.
This privacy policy ("Policy" or "Privacy Policy") describes how we collect, store, use and disclose Personal Data through the use of our apps, platforms and services, or otherwise under our business operation, as follows:
• While users are using any of our mobile apps and web services (respectively "Users" and each an "App"), features and all tools and services offered therein, including editing tools, AI tools, content creation.
• While browsing our websites, landing pages, engaging with ads and campaigns promoting our services, blogs or other web-forms and digital assets, by any such assets' visitor ("Visitor") or otherwise potential business partners' representatives ("Prospects");
Under this Privacy Policy:
All our Apps, features and services set forth above, including our website shall be collectively referred to as the "Services". In addition, any individual using or interacting with our Services, including Apps' Users, Visitors, Prospects, referred to as "you" or "your".
We encourage you to read this Policy carefully and reach out to us if you have any further questions.
Any Personal Data you provide is made at your free will and consent (where required under applicable data protection laws), and you acknowledge that you are not under any statutory obligation to provide us with Personal Data. However, we must collect or receive some Personal Data to provide the Service, and if you will not provide us with such Personal Data, we will not be able to fulfill certain purposes, for example, provide certain Services or enable use of certain features – all as described under Section 4 below - "Personal Data Sets We Process & Purpose of Collection and Use" which details the purposes for which each Personal Data set is collected.
This Privacy Policy further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others:
If you are a located in the EEA or UK – this Privacy Policy further details our lawful basis for processing Personal Data, information regarding cross border data transfer and your rights, your rights related to your Personal Data we process, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (collectively "GDPR").
If you are a California resident – please also review Section 13(i) - our CCPA Privacy Notice which serves as a Notice at Collection and Privacy Policy as required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA") and further details the categories of information collected and additional information regarding our privacy practices, including your rights under the CCPA and other California privacy laws.
Additional information to certain United States residents – please also review Section 13(ii) of this Privacy Policy to learn more about our privacy practices and your rights under these territories.
If you are located in Brazil – please also review Section 13 (iii) of this Privacy Policy, 'Additional Notice to Brazil' to learn more about our privacy practices and your rights in the country
1. UPDATES AND AMENDMENTS
We may update and amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be accessible from our website and Apps. The updated date of the Policy will be reflected in the "Last Modified" heading. In case of a material change, or if required by law, we will provide notice reflecting these changes and any such material amendments to our privacy practices described under this Policy will become effective within the period noted in such notice. Unless otherwise notified, any changes will become effective when we publish the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.
2. DATA CONTROLLER & CONTACT INFORMATION
LightFrame Labs Inc. is the "data controller" (as such term, or equivalent, is defined under applicable data protection legislation) of the Personal Data collected through the Services which is subject to this Privacy Policy. Meaning, we control the processing of Personal Data described under this Privacy Policy and decide upon the purpose and means of collection and processing. If you have any questions regarding this Policy or any privacy related matters, please contact our Data Protection Officer by e-mail at [email protected] (please indicate "LightFrame" in the subject line of the e-mail) or by registered mail to LightFrame Labs Inc, 522 W RIVERSIDE AVE STE N, Spokane, WA 99201 United States (Attn: LightFrame Legal Department). Please note that for all other queries, feedback, suggestions and/or complaints not related to privacy or intellectual property infringement (including but not limited to any unsubscriptions, payment disputes, refund requests and technical support from LightFrame), you should contact us by e-mail at [email protected]. If your email is sent to the wrong email address with the wrong subject, it may cause delays or failure to properly process your request.
3. TYPE OF DATA SETS PROCESSED
During your use or interaction with the Services, we collect information which does not identify a specific natural person and cannot reasonably be used for such identification ("Non-Personal Data"). Non-Personal Data collected may include technical information regarding your device or browser, type of operating system, scope, frequency, interactions with the website, and other technical information regarding the device used – all is considered as Non-Personal Data when collected on an aggregate basis, or otherwise not combined with any identifiers. We may further process and anonymize Personal Data in a manner that the data will be Non-Personal Data. Non-Personal Data may be used by us without limitation and for any purpose. Some of this information may be considered "de-identified" under applicable laws and when we rely on data that has been "de-identified", we will take reasonable measures to ensure that the deidentified information cannot be associated with an individual, household, or device and not attempt to reidentify it.
We further collect information that identifies an individual or may, with reasonable effort, be used to identify an individual ("Personal Data"). The types of Personal Data that we collect as well as the purpose for processing such data are specified in the tables below. For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed Personal Data as long as such connection or linkage exists.
4. PERSONAL DATA SETS WE PROCESS & PURPOSE OF COLLECTION AND USE
We have detailed below, for each type of Service, the Personal Data processed, the purpose and operation and the lawful basis for such processing (subject to the GDPR, if applicable).
To make it easier for you to reach the processing operation applicable to your interactions with us, we have classified our disclosure based on the type of our Services. There are four tables below:
Table A details the Personal Data processed while using our Apps, such as when you create an account, and use our Apps and editing tools or AI tools, including through our website or Third Party Platforms;
TABLE A: APPS, AI & EDITING TOOLS AND TECHNOLOGIES
| PERSONAL DATA SET | PURPOSE AND OPERATIONS | LAWFUL BASIS (UNDER THE GDPR) |
|---|---|---|
| Registration, Account Data & Information: After you install the App or upon accessing web Apps, you will log in and create your account. You may choose to login using your Apple, Facebook, Instagram or Google account. If you login through Apple, Facebook, Instagram or Google, we will receive information connected to such account (depending on the privacy settings you chose) such as your name, profile picture, friends list, demographic data and location (collectively "Registration Data"). You may choose to upload photos to label and associate with each profile you create and wish to include under your account (i.e., display name, thumbnail image). (collectively "Account Data") | We use the Registration Data to create an account, and for authentication and identification purposes. Additional Personal Data you voluntarily provide as part of the Account Data will be used to provide the Services for which such information was provided, as well as for Services improvement, development, and customization, as further detailed under this Privacy Policy. | Registration Data and Account Data are processed for the purpose of performing our contract with you, meaning, to designate your account and provide with requested Services. Processing for Direct Marketing is subject to our legitimate interest, you may opt-out at any time by unsubscribing. Note, even if you unsubscribe operational and service-related messages will still be sent. |
| Online Identifiers and Usage Data: When you use the App (including tools and features made available through our website or ThirdParty Platforms), we, or our thirdparty partners, identify you through Online Identifiers. "Online Identifiers" are unique identifiers associated with your account, device or browser, which are either designated by us or transmitted from your device, and may include identifiers known as "IDFA" or "AAID", IP address, cookie ID, agent, etc. We further process, directly or indirectly through our third-party partners and service providers, usage data, which may or may not be associated with the Online Identifiers or your account. When associated with an Online Identifier or your account it will be treated as Personal Data. The usage data includes information regarding your interaction with the App and Services, features used, time stamp and duration of use, click stream data, errors that occurred, as well as your interaction with the content or ads displayed, records of advertising and content displayed on pages or App screens displayed to you, and any interaction you may have had with such content or advertising (collectively "Usage Data"). | Online Identifiers and Usage Data are used for analytics and operational purposes, correcting errors and bugs, to secure our Services and related systems, to enable you to use the Services and to provide you with its functionalities. Some of the Apps further display interest-based ads or other marketing and promotions which are based on the Usage Data. We may further use the Usage Data to customize our Services and offer you and our users' content or other Services based on Usage Data or statistics and our analyze of Usage Data, meaning that we can assume you will be interested in based on other features you have used, etc. | When the processing of Online Identifiers and Usage Data is for marketing or tracking purposes, we will obtain your consent to process Personal Data (where required under applicable laws). When the processing of Personal Data is for operations and providing the Services' functionalities, the lawful basis is contract necessity. Last, the Personal Data may be processed subject to our legitimate interest of ensuring the security of our Services, understanding how our Services are used, correcting errors and enhancing experience. |
| IP Address and Country InferenceWhen you access the App, we may collect your IP address to infer your country code (e.g., "JP" for Japan). | We processes users' IP addresses for two main purposes. First, when a user accesses the app, we infer their country code from the IP address (for example, "JP" for Japan or "FR" for France). This country-level location inference allows us to determine whether the user falls under specific regional data protection obligations, such as those required by the General Data Protection Regulation (GDPR). The inferred country code may be stored after the user completes registration to ensure that their personal data is stored in the appropriate regional database, such as storing European users' data on EU-based servers. In this case, we do not retain the full IP address unless required by applicable law.Second, we uses IP address data in real time during the use of features such as template or preset recommendations. This allows us to deliver contextual suggestions based on general location patterns, such as tailoring content for users in urban or coastal areas. For this use case, IP address data is processed transiently and is not stored, logged, or linked to the user's profile. Once the location-based recommendation is completed, the IP data is immediately discarded. | When IP address data is used to determine the appropriate data storage region (e.g., storing EEA users' data in the EU), the lawful basis is our legal obligation under applicable data protection and localization laws. When IP address and country code are used to personalize content (such as template or preset recommendations) or to deliver region-specific features, the lawful basis is our legitimate interest in improving the user experience and ensuring the Services function effectively across geographic regions. In limited cases where IP data is linked to marketing or tracking technologies, we will obtain your consent where required under applicable laws. |
| Images, Photos, Videos & Face Data: To enable the Services, you will either provide us access to your camera or photo gallery or import photos or videos from your gallery. This allows us to support both content capture and editing workflows.When using our shooting tools (e.g., AI Pose Guide, Auto Capture), as well as editing tools, images, photos, and videos are processed on your device to determine the estimated position of facial landmarks (such as eyes, nose, mouth), which are applied to a generic model to help you shoot and edit in real time ("Face Data"). We do not collect or store Face Data on our servers or share it with third parties. Face Data is not used to identify you or others. However, Face Data may be considered "biometric identifiers" or "biometric information" under certain local laws and will only be processed with your consent where required.Depending on the App and Service you use, we also process demographic data, such as age (or age group), gender, and skin tone, which may be inferred from your images, photos, or videos, or provided by you as part of your Account Data. Additional attributes or tags (such as scene type or editing style) may be inferred to enhance your experience.When you use the Edit page to access or preview your photos or videos: We access your device's media library to let you import files for editing and export creations back to your gallery. Files are only uploaded to our Cloud when needed for cloud-based effects or features. We may temporarily process photo metadata (EXIF), such as creation date, resolution, camera model, or exposure, to optimize presets or tool behavior. EXIF data is not stored unless included in your exported file. Some editing tools may access motion or orientation sensors (e.g., gyroscope or accelerometer) to enable gesture-based editing, rotation correction, or stabilization. This sensor data is processed locally and not used to identify or track you. Editing parameters and layer data (e.g., crop, brightness, contrast, HSL, masks, AI cutouts) are processed on-device unless you explicitly initiate a cloud-based feature. To support undo/redo or resume-later functionality, temporary edit history may be stored locally on your device. These drafts are automatically deleted unless saved or synced by you. We may collect anonymized insights on tool usage (e.g., preferred filters, time spent per feature) to personalize your interface and suggest editing flows based on your behavior. | We process your images, videos, and related metadata to enable the full range of editing functionalities within the App and Services. This includes importing and exporting media from your device's photo gallery, applying on-device adjustments (e.g., crop, brightness, filters, overlays, AI features), and using motion or orientation data (e.g., gyroscope, accelerometer) for gesture-based editing and stabilization. EXIF metadata may be temporarily processed to optimize editing tool behavior or display accuracy. Session-level edit history may be stored locally on your device to support undo/redo or draft recovery. Anonymized tool usage patterns may also be processed to personalize your editing experience and recommend editing flows suited to your behavior.When photos, videos or images are used for creating artwork or adding effects to your creations, the selected content is uploaded to the our Cloud. The photos, videos and images you upload are stored for up to 30 days, except where you have uploaded such content through the use of our Services of film production, where in such event we need to retain such content for as long as your created artwork is retained (i.e., the output, as further explained below), in order to maintain the sequence of images you chose to integrate and include in such output. Your output image or other created artwork will be stored on our Cloud until you request us to delete your Personal Data and your account, in order to make such output image or other created artwork accessible to you, provided that we may earlier delete such outputs according to our internal retention policies. If you no longer want our Apps to process Face Data, you can disable access by our Apps to your camera and photo gallery and stop importing photos or videos from your gallery at any time, but if you do so, we will not be able to provide you with the applicable Services. We will further process demographic data, and other characteristics (inferred or provided by you as part of your Account Data), as well as the features or effects you use through our Services in order to market personalized offers by us, and for example, to offer you features which are similar to the features you use or popular among users with similar characteristics. We do not use Face Data for marketing purposes and this information is not shared with any third parties. | We process the images, video photos, Face Data, demographic data, characteristics related data (inferred or provided by you as part of your Account Data), and editing-related data (including EXIF metadata, edit parameters, motion sensor data, and anonymized tool usage) for the purpose of providing the Services and performing our contract with you. Face Data and sensor data are processed based on your consent where required under applicable laws. You may withdraw consent at any time by revoking camera/gallery access or changing your App settings. We will further process demographic data or otherwise any characteristics related data (inferred or provided by you), editing patterns, interaction history subject, as well as data related to the features or effects used, subject to our legitimate interest, to improve, enhance and customize our offers and Services. |
| AI Tools and Features - Inputs, AI Tools Outputs, Face and Voice Recognition Models, Face and Voice Models : Certain Services accessible through the Apps, our website or Third-Party Platforms include artificial intelligence ("AI") technology for creating and editing images, photos, videos, and audio recordings. This AI technology, which may further include face and voice recognition technology, allows you to use various features, including, among others, motions and effects, art styles, text to image, headshot editing, and synthetic voice speech, "swap" features or other face or voice manipulation features, film production (collectively "AI Tools Outputs"). To create the AI Tools Outputs, as well as to generate the Face and Voice Recognition Models, or Face and Voice Models, and as applicable, we process, including by our AI technology, the original images, photos, videos, or audio recordings that you upload ("Inputs"). To create the AI Tools Outputs, including to improve and optimize the results, our AI technology further generates and processes types of information known as "metadata", meaning, information extracted from your Inputs and describing certain elements of such Inputs such as estimated demographic data (for example age or age group, gender and skin tone of the character or voice in the Input), and other labels or tags of items in such Inputs, as well as uses face detection to analyze Inputs (images and videos) in order to estimate the posture and location of faces or of parts and areas of faces and other non-identifying characteristics of faces that appear in frame. We may further process Non-User Personal Data (as defined and described in the section below), in the event your Inputs include any third party's image or voice. - Face and Voice Recognition Models: To provide certain features and AI Tools Outputs, as part of our AI technology, we further use face and voice recognition technology. If you have enabled this technology, it uses your Inputs (images, photos, videos, voice recordings, etc.), as well as the "metadata" described above, to extract facial features information (such as facial geometry, topology, and face embeddings), or a voiceprint, and generates a model that can recognize your unique facial or vocal characteristics ("Face and Voice Recognition Models"). Face and Voice Recognition Models are used to recognize your face or voice in your Inputs and enable the creation of enhanced AI Tools Outputs. Face and Voice Recognition Models may be deemed "biometric identifiers" or "biometric information" according to the laws of your jurisdiction, and will only be processed with your consent, subject to the terms of such laws and this Policy. - Face and Voice Models: To provide certain visual and voice AI Tools Outputs as part of our Services, our AI technology uses your Inputs (images, photos, videos, audio recordings, etc.), as well as the "metadata" described above to generate facial features information (such as facial geometry, topology, and face embedding) or a voice print, in order to create a model of the face and a voice print that appears in your Input ("Face and Voice Model"). Face and Voice Models are not used to identify you or anyone else. However, Face and Voice Models may be deemed "biometric identifier" or "biometric information" according to the laws of your jurisdiction, and will only be processed with your consent, subject to the terms of such laws and this Policy. | We process the data, including Inputs, Face and Voice Recognition Models, Face and Voice Models, metadata, and other information you voluntarily choose to provide, for the purpose of providing the Services and generating the AI Tools Outputs. Note that, this data might be processed on your device or otherwise uploaded and processed on our Cloud – depending on the specific App, feature, or Service you use. Inputs are usually retained for a short-term period of up to 30 days after the AI Tools Outputs are generated, except where you have: (i) provided consent to use the Inputs to generate Face and Voice Recognition Models, where in such case we will retain the Inputs for as long as we retain the Face and Voice Recognition Models in order to provide these Service and enhance your AI Tools Output; (ii) provided us with consent to further retain the Inputs for development and AI training and machine learning purposes; or (iii) uploaded such Inputs through the use of our Services of film production, where in such event we need to retain such Inputs for as long as your AI Tools Outputs are retained (as further explained below), in order to maintain the sequence of Inputs you chose to integrate and include in such AI Tools Outputs. In the event that AI Tools Outputs are processed and stored on our Cloud, such will be retained to remain accessible for you through the App at any time and from any device until you decide to delete them by requesting us to delete all your information and your account, provided that we may earlier delete such AI Tools Outputs according to our internal retention policies. In the event that the Face and Voice Recognition Models or Face and Voice Models created from your Inputs are processed and stored on ourCloud or on your device, they will be stored to enable repeat experiences using them. Face and Voice Recognition Models and Face and Voice Models will be permanently deleted within 2 years after the last time you have used our Services unless we are legally required to maintain the data for a longer period. We will further delete Face and Voice Recognition Models and Face and Voice Models if you withdraw consent, you ask us to delete all your information and your account or in accordance with our retention policies. Face and Voice Recognition Models and Face and Voice Models if retained and stored by us, are retained and used solely to provide you with the Services including additional AI Tools Outputs you request to generate through your use of the App and Services. We may further use Face and Voice Recognition Models and Face and Voice Models for AI training and machine learning purposes, in the event you haveseparately provided us with consent for such use. You may withdraw your consent to our processing of Face and Voice Recognition Models and Face and Voice Models at any time as set forth under Section 8 – Your Rights, below, or through the App's Privacy Settings. We do not share Face and Voice Recognition Models or Face and Voice Models with third parties except in the limited circumstances described under this Policy (see Section 7 – Data Sharing, below). Inputs, the gathered metadata, and AI Tools Outputs, may be further used for AI training and machine learning purposes (as further described in Table B, below). We will further process the inferred demographic data, tags, labels or otherwise any characteristics related data, as well as data related to the features or effects used, to improve, enhance and customize our offers and Services. Note that, within the parameters set forth above, we may retain, store, or delete Inputs and AI Tools Outputs at our discretion and the above shall not be considered as any obligation on behalf of LightFrame to store or retain any information. | We process the Inputs, metadata, or other information you voluntarily choose to provide, to create the AI Tools Outputs and optimize their results, meaning, for the purpose of providing the Services and performing our contract with you. Face and Voice Recognition Models and Face and Voice Models are processed based on your consent. You have the right to withdraw your consent at any time, as set forth under Section 8 Your Rights, below, or through the App's Privacy Settings. We will further process demographic information, the gathered metadata or otherwise any characteristics related data, as well as data related to the features or effects used, subject to our legitimate interest to improve, enhance and customize our offers and Services, and for example, to offer you features which are similar to the features you use or popular among users with similar characteristics. Please note that, if our Services are used by our business partners as Business Partner Service, the processing of Personal Data set forth under this paragraph (including Inputs, AI Tools Outputs, Face and Voice Models, etc.) is made by us as a "data processor" and is subject to our agreements with the business partner and not covered by the Privacy Policy. |
| Customer Support: When you contact us for customer support, we will process your contact information, as well as any information you choose to provide as part as our communications and correspondence. | We will use the contact information to provide the customer support and communicate with you. We will retain such communications to have records of the support that was provided, for any future needs as well as to further improve our Services and support. | We process such information, for the purpose of providing the support services and performing our contract with you. We will further retain our communications for records keeping and services improvement, including to train our customer support team, based on our legitimate interest. |
| Purchase Details: Certain features and Services are subject to payment, either in-app or subscription payments. Payments are made through in app purchase ("IAP"), in which Google Play or Apple Store terms would govern such payments, or by third party payment processing services (such as Adyen and PayPal) and we do not collect store, or have access to your full payment details; however, we process the commercial transaction data such as, records of purchases and prices; shipping details (if applicable); address, contact telephone number, email address, IP addresses and your approximate location extracted from the IP address (e.g., country and Zip). ("Transactions Data"). | We use Transactions Data to process your payments and provide the applicable Service you have purchased. Any information related to your payment means and transactions is processed by the third parties' platforms or IAP and will be further governed by such third parties' own privacy policy and terms, which we recommend that you review. | We process Transactions Data to provide the Services and perform our contract with you. We may further use such information to analyze our Services and their performance (e.g., features' popularity), as well as to customize and improve our offers and Services, based on our legitimate interests. |
| Permissions: Depending on the App used or the features you wish to enjoy, you will be asked to grant us access permissions such as: access to camera, photo gallery, microphone or audio files, enable tracking tools, push notification, access to your location, etc. ("App Permissions"). | We will use these permissions to process the information needed to provide the Service or enhance the Service. | To access these App Permissions, you will need to actively and explicitly enable them through an in-app permission or the device settings. You can disable the App Permissions at any time, however note, depending on the App Permission if you disable App Permission, certain feature or all features might not properly operate. |
| Use of Third-Party Technologies: Our Apps may include integration with third-party analytics service providers such as Google Analytics, Google's Crashlytics and Firebase services, and Facebook. We may disclose your information (such as Online Identifiers and Usage Data) to these analytics providers to help us learn more about how you and others use our Services. For more information on the Software Development Kits ("SDKs) integrated on our Apps, please see below: AppLovin SDK; Facebook iOS SDK; Firebase iOS SDK; Google signin iOS SDK; TikTok SDK; Kochava SDK | We will disclose the information to third party analytic providers for marketing and tracking purposes, analytics and operational purposes, correcting errors and bugs, enhance the Services such as to adjust language preference, if applicable, to enable you to use the App and to provide you with its functionalities. | When the processing is for marketing or tracking, where required under applicable laws we will process the Personal Data based on consent. Otherwise, we will process and share the Personal Data subject to our legitimate interest. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, International Data Transfer, is based on the same lawful basis as stipulated in the table above. In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests. We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services and the type of Services. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.
5. HOW WE COLLECT YOUR INFORMATION
Depending on the nature of your interaction with us, we may collect the above detailed Personal Data from you, as follows:
● Automatically, when you visit our website or interact with our App and Services, including through the use of cookies (as detailed below) and similar tracking technologies, as well as, where applicable, information created by our AI Tools.
● When you voluntarily choose to provide us with information, such as when you create an account, contact us or request a demo, all as detailed in this Policy.
● By our third parties service providers which collect Personal Data on our behalf, such as analytics service providers.
● Through our tools and technologies, collecting information made available through Creators' Media and other insights generated through our AI technologies as part of our Popular Pays Marketplace or other Business Partners Services.
6. COOKIES AND SIMILAR TECHNOLOGIES
We may use cookies, tracking pixels (also known as clear GIFs and web beacons), third party software development kits (SDKs) as detailed in Table A above, and other technologies in order to maintain, provide, and improve our website, Apps and Services. We use Cookies for various purposes:
● Strictly Necessary Cookies: these cookies are necessary for our website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the website will not work.
● Functional Cookies: these cookies enable the website to provide enhanced functionality and personalization (e.g., remembers your preferences so you don't have to re-set them each time you visit). They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
● Performance and Analytics Cookies: these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance.
● Marketing and Targeting Cookies: these cookies allow us to know whether or not you've seen an ad or a type of ad, how you interacted with such an ad, and how long it has been since you've seen it. We also use cookies to help us with targeted advertising. We may partner with ad networks and other ad serving providers that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your use of our website and other sites or apps over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
The third-party cookies we currently use and purpose of use are listed under the Cookies Setting tool available on our website, which you may further use to opt-out of cookies or change your preferences ant any time.
Also note that, most browsers will allow you to erase cookies from your computer's hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the website may not operate properly and your online experience may be limited.
Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies, and are responsible for their practices.
7. DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH
We share your Personal Data with third parties, including our partners or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients
| CATEGORY OF RECIPIENT | DATA THAT MAY BE SHARED | PURPOSE OF SHARING |
|---|---|---|
| Essential Service Providers, which process data on our behalf, for the purpose of providing the Services, securing and improving the Services. | All data except for data which is stored locally on your device. | We may disclose Personal Data to our trusted service providers that provide technology or platforms that are essential for providing the Services ("Essential Service Providers"). Such Essential Service Providers include hosting, and server co-location services, communications and content delivery networks (CDNs), internet service providers, operating systems and platforms, data and cyber security services, fraud detection services, billing and payment processing services, shipping and handling services, session or activity recording services, AI tools, support and customer relation management systems. Essential Service Providers have access, or process on our behalf. The Essential Service Providers are prohibited from using your Personal Data for any purposes other than providing us with requested services. |
| Subsidiaries and Affiliated Companies | All data except for data which is stored locally on your device. | We may share Personal Data, internally within our group or in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy. |
| Third Parties, Authorities, Security Providers, Governmental Agencies, or Authorized Third Parties. | Any data except for data which is stored locally on your device, depending on the purpose and needs. | For protecting rights and safety of our Services and Apps, we may share Personal Data with others if we believe in good faith that this will help protect the rights, property or personal safety of users or individuals, or any members of the general public. This will include legal and law enforcement purposes, meaning, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our services. |
When we share data with service providers and partners, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other Non-Personal Data for their own benefit).
8. YOUR RIGHTS
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed. The principal rights that may apply to your Personal Data (subject to your jurisdiction and additional conditions) may include:
| Right to be informed, right to know, and right to a list of specific third parties | You have the right to be provided with information regarding our Personal Data collection and privacy practices, as we detail under this Privacy Policy. You may also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data. This Privacy Policy also details our Personal Data handling practices. |
|---|---|
| Access rights, right to inspect your Personal Data | You have the right to confirm whether we collect Personal Dataabout you and to know which Personal Data we specifically holdabout you, as well as receive a copy of such or access it. If you wishto receive a copy of the Personal Data, please submit the DataSubject Request available here and send it to our DPO:[email protected] |
| Right to correction/rectification | You have the right to correct inaccuracies in your Personal Data inthe event you found it incorrect, outdated, etc. (or otherwiserequest its deletion), taking into account the nature and purposesof each processing activity. If you wish to exercise this right, pleasesubmit the Data Subject Request available here and send it to ourDPO: [email protected] |
| Right to be forgotten, right to deletion | You have the right to request the deletion of certain Personal Data we process, if specific conditions are satisfied, for example, if you think we no longer need to use it for the purpose we collected it; in the event that the collection was based on your consent; where we have used it unlawfully, or; where we are subject to a legalobligation to delete your Personal Data. Deletion request will besubject to our rights and obligations under applicable law (forexample, our legitimate interests to maintain record keeping,completing transactions, providing a service that you haverequested, taking actions reasonably anticipated within thecontext of our ongoing business relationship with you, detectingsecurity incidents, protecting against illegal activity;debugging; exercising right provided for by law, etc.).If you wish to exercise this right, please submit the available hereand send it to our DPO: [email protected] are not required to create an account with us to submit adeletion request. |
| Right to portability | You have the right to obtain the Personal Data in a portable, andto the extent technically feasible, readily usable format that allowsyou to transmit the data to another entity without hindrance. Wewill select the format in which we provide your copy.If you wish to exercise this right, please submit the Data SubjectRequest form available here and send it to our DPO:[email protected] |
| Right to withdraw consent. Right to opt out from: (i) "sale" or "share" of Personal Data (as defined under US laws); (ii) Targeted advertising; and (iii) Profiling and automated decision making | Where we process Personal Data based on your consent, you have the right to withdraw such consent at any time. For example - you have the right to withdraw consent from receiving any marketing communication from us or otherwise optout, by unsubscribing through the message received. You have the right to opt-out or otherwise withdraw consent from processing of Personal Data through our use of cookies, by changing your preferences through the cookie setting tool available on our website. You have the right to withdraw consent from processing of Face and Voice Recognition Models from the App's Privacy Settings. If and to the extent applicable, you have the right to opt out of the "sale" or "share" of your Personal Data, which includes opting-out of our practice of using cookies for the purposes of targeted advertising, analytic, etc., by clicking on the "Do Not Sell or Share My Personal Information" link on our website or communicating your opt out through opt-out preference signals, like Global Privacy Control. In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save someinformation in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again. We do not profile you in a manner that has a significant effect on you or other individuals, therefore we do not provide an opt-out option from such use of Personal Data. |
| Right to Object | You have the right to object to any use of your Personal Data whichwe have justified by our legitimate interest if you believe yourfundamental rights and freedoms to data protection outweigh ourlegitimate interest.If you wish to exercise this right, please submit the Data SubjectRequest form available here and send it to our DPO:[email protected] |
| Right to Restrict Processing | You have the right to ask us to restrict or limit the purpose forwhich we process your Personal Data, where certain conditions aresatisfied (for example, where you contest the accuracy of thePersonal Data, for a period enabling us to verify its accuracy).If you wish to exercise this right, please submit the Data SubjectRequest form available here and send it to our DPO:[email protected] |
| Right to appeal or lodge a complaint | If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Within the timeframe set under applicable law as of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority. Where the GDPR applies, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. |
For additional information on your rights and how to exercise your rights, please see the Data Subject
Request Form ("DSR") form available here and send it to our DPO: [email protected].
Further, certain rights can be exercised from the App: you may correct, revise and delete information using
the App settings at any time, any consent provided may be easily withdrawn (for example, for Face and
Voice Recognition Models, through the App Privacy Settings), and you may
opt-out from certain features and tracking, therefore we recommend you use the technical solutions we
have provided you with to exercise your rights. Please further note that, AI Tools Output may contain
Personal Data about you that you deem inaccurate, and if you would like us to correct the inaccuracy you
may submit a correction request as detailed above, however given the technical complexity of how our AI
tools work, we may not be able to correct the inaccuracy in every instance. In that case, you may request
that we delete your Personal Data from the AI Tools Outputs.
9. DATA RETENTION
In general, unless a different retention period is described above, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, when permissible by law or regulation, or until you request to delete your information, where applicable.
Other circumstances in which we may retain your Personal Data for longer periods of time when permissible by law or regulation include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by e-mail at: [email protected].
10. SECURITY MEASURES
We implement appropriate and industry-standard technical, organizational, and security measures to reduce the risks of damage to (or loss of) information, or any unauthorized access or use of information. This includes a protocol for responding to a data security incident that may compromise the security of Personal Data, including biometric data and identifiers, and providing notice to impacted individuals. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your Personal Data, it is not guaranteed, and you cannot expect that the Services will be immune to information security risks or attacks. Also, as the security of information depends in part on the security of the computer, device or network you use to communicate with us, the security of your Personal Data depends on you as well. Please make sure to take appropriate measures to use secured networks, devices and to protect your access credentials.
Please contact us at: [email protected] if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
11. INTERNATIONAL DATA TRANSFER
Our data servers in which we host and store the information are located globally including in the US and EU. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA"), United Kingdoms or Swiss, is transferred outside of such jurisdiction, to a country that has not received an adequacy decision from the European Commission or the ICO, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the EU, UK or Swiss Standard Contractual Clauses or, as applicable the EU/UK-US Data Privacy Framework. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Data, using contractual protections that regulators have pre-approved to ensure your Personal Data is protected.
12. ELIGIBILITY AND CHILDREN'S PRIVACY
The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law), and we do not knowingly process children's information. We will discard any information we receive from a User that is considered a "child" immediately upon discovering that such a User shared information with us. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us. Where required under applicable laws, we will require parental consent for participation in our Services related to the Popular Pays Marketplace by individuals under the applicable age.
13. JURISDICTION-SPECIFIC NOTICES
Information provided below supplements the information contained in this Privacy Policy and applies to residents of such states. These additional disclosures are intended to provide you with additional information with regard to our handling of your Personal Data and certain consumer rights.
For Users in the European Economic Area and the United Kingdom
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), and we process your personal data within the scope of the General Data Protection Regulation (EU) 2016/679 ("GDPR") or the UK GDPR, the following legal bases apply:
Legal Basis for Processing (GDPR)
We only process your personal data when we have a valid legal basis under Article 6 of the GDPR:
-
Consent – For processing biometric data, microphone/audio access, and optional location information, we will seek your explicit consent where required.
-
Contract – When processing is necessary for the performance of a contract with you, such as providing access to our presets, camera features, and editing tools.
-
Legitimate Interests – When processing is necessary to pursue our legitimate business interests (such as analytics, personalization, and service improvement), provided that such interests are not overridden by your fundamental rights and freedoms.
You may withdraw your consent at any time by adjusting your device settings or by contacting us at [email protected] (please include " – GDPR" in the subject line).
For Japanese Users
The Right to Data Disclosure, Correction, Deletion or Suspension of Use
If you are in Japan, as a data principal, you have the right to request disclosure, correction, deletion or suspension of the use of your personal information, and we are obliged to fulfill your request without delay. You can send your request by email to [email protected] (Please indicate "LightFrame" in the subject of the email) or by mail to LightFrame Labs Inc, 522 W RIVERSIDE AVE STE N, Spokane, WA 99201 United States (recipient: LightFrame Legal Department).
For Korean Users
International Data Transmission
We only process users' personal information within the scope specified in "How We Use Information" and will not provide users' personal information to third parties in principle. However, with your consent, in order to provide you with the services described in "Information Sharing and Disclosure," we may collect, transmit, store, and process your personal information from other places.
Transfer of personal information: Please refer to the "Information we collect" section above this policy.
Transfer date and method: Transfer when submitting storage and processing.
Countries to which personal information is transferred: US and Singapore.
Retention of personal information: Please refer to the "Data Retention" section above this policy.
In addition, we may transfer your personal information to third parties located outside of Korea:
Name of personal information provider Purpose of use of personal information Details of the personal data collected Retention and use period of personal information
Stripe Payment Europe, Limited Link Subscription payment service Email address, bank account info The period specified in the Privacy Policy of the relevant third-party recipient
AppLovin (Singapore) Pte Ltd Link Advertising services Approximate location, email address, purchase history, application interaction, other actions
AppsFlyer Limited Link Attribution service Approximate location, email address, purchase history, application interaction, other actions
Firebase Link Improve our service by analyzing the problems encountered by users user_id, origin_order_id, subscription token, idfa, idfv, g_uuid, ip address, mac_addr, imei, advertising_id, attribution fields
Adjust GmbH Link Attribution service IDFA, IDFV, GAID, Android ID, FAI, IMEI, OAID, attribution fields
Google Asia Pacific Pte Ltd Link Subscription paid services and advertising services Request user uid
Apple Inc Link
Meta Platforms Inc Link
Mintegral International Limited Link Advertising services Location information, device/ad ID, device information, application information, interaction information, others
ADLOGIC Technology Pte Ltd Link
Vungle Corporation Link Device information, interaction information, ad placement/browsing/clicking information, device ID
Whenever we share information outside of your place of residence, we ensure that the transfer complies with your local laws so that your personal information is adequately protected. If you do not wish to transfer your personal information outside of Korea, we will not be able to provide you with our products or services.
In addition, we may receive your personal information from the following third parties:
Name of Personal Information Provider Purpose of Use of Personal Information Details of the Personal Data Collected Retention and Use Period of Personal Information
AppLovin (Singapore) Pte Ltd Link Advertising services Approximate location, email address, purchase history, application interaction, other actions Duration of Privacy Policy of Relevant Third Party Platforms
Google Asia Pacific Pte Ltd Link Subscription payment service IDFA, IP user's UID, location Duration of Privacy Policy of Relevant Third Party Platforms
Apple Inc Link IDFA, GAID, Android ID, IP user's UID, location
Meta Platforms Inc Link IDFA, GAID, Android ID, IP user's UID, location
Adjust GmbH Link Attribution service Approximate location, email address, purchase history, application interaction, other actions
Firebase Link Improve our service by analyzing the problems encountered by users user_id, origin_order_id, subscription token, idfa, idfv, g_uuid, ip address, mac_addr, imei, advertising_id, attribution fields
Data Retention
We will delete your information (including your personal information) immediately after you terminate our account in accordance with applicable laws, regulations, and requirements and the fulfillment of our business or legitimate purposes. We will destroy your personal information in accordance with the following procedures and methods:
Destruction procedure: We select the personal information to be destroyed and destroy it with the approval of our Data Protection Officer.
Method of destruction: We will destroy electronically stored and archived personal information in a deletable manner and, where possible, in a way that makes the records irrecoverable.
Department Responsible for Personal Information Protection and Complaint Handling
Email: [email protected] (Please indicate "LightFrame" in the subject line of your email)
For US Users
You agree that LightFrame and its affiliates may use facial recognition technology to collect biometric information from photos or images you provide. LightFrame and its affiliated companies may use such information to verify your identity, provide and improve the Services, and for our internal research purposes. If your biometric information is subject to the Illinois Biometric Information Privacy Act, we will delete your biometric information within three years of your last interaction with the Services.
Under applicable law, you may be entitled to:
Confirm whether we are processing your personal information;
Obtain or copy your personal information and accompanying details;
Receive an electronic copy of the personal information you provide to us, or request that we send that information to another company, i.e., data portability rights;
Correct your personal information;
Request an opt-out from certain processing activities, including (where applicable) if we process your personal information for "targeted advertising" (as defined in the Privacy Act), if we "sell" your personal information (as defined in the Privacy Act), or if we conduct profiling to further a decision that has a legal or similar material impact on you;
Request deletion of personal information we hold about you; and
Appeal against our decision to refuse to process your request.
If you wish to exercise any of the rights granted to you by applicable privacy laws, please contact our Data Protection Officer by e-mail at [email protected] (please indicate "LightFrame" in the subject line of your e-mail) or contact our Data Protection Officer by registered mail at LightFrame Labs Inc, 522 W RIVERSIDE AVE STE N, Spokane, WA 99201 United States (Attn: LightFrame Legal Department). We will process such requests in accordance with applicable law.
If you are a Virginia resident and would like to appeal a decision we have made on your request, you can let us know and provide us with information to support your appeal.
The following paragraphs apply only to our processing of your personal information in accordance with the California Consumer Privacy Act (as amended from time to time) ("CCPA").
CCPA gives California residents the right to know what categories of personal information we collect and whether we have disclosed this personal information for commercial purposes (such as to service providers) in the past twelve months. California residents can find this information below:
Categories of personal information collected Categories of third parties to whom personal information is disclosed for commercial purposes
Identifier Service provider LightFrame and its affiliates
Categories of personal information listed under California Customer Records statute (California Civil Code § 1798.80 (e)) Service provider LightFrame and its affiliates
Classification features protected by California or federal law Service provider LightFrame and its affiliates
Business information Service provider LightFrame and its affiliates
Biometric information Service provider LightFrame and its affiliates
Internet or other electronic network activities Service provider LightFrame and its affiliates
Geographic location data Service provider LightFrame and its affiliates
Sensory data Service provider LightFrame and its affiliates
Professional or employment-related information Not applicable
Non-public educational information (under the Family Educational Rights and Privacy Act (20 USC Sec. 1232g, 34 CFR Part 99)) Not applicable
Inferences drawn from other personal information to create personal information about consumers Service provider LightFrame and its affiliates
Disclosing personal information about consumers Social Security, driver's license, state ID or passport numbers Not applicable
Personal information that reveals the consumer's account login name, financial account, debit or credit card number, and any required security or access codes, passwords, or credentials that allow access to the account Service provider LightFrame and its affiliates
Revealing consumers' precise geographic location personal information Service provider LightFrame and its affiliates
Disclosing personal information about a consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership Service provider LightFrame and its affiliates
Personal information, unless Figma is the intended recipient of the communication, will disclose the contents of the consumer's mail, email and text messages Not applicable
Revealing personal information about consumers genetic data Not applicable
Biometric information processed to uniquely identify consumers Not applicable
Collecting and analyzing personal information about consumer health Not applicable
Collect and analyze personal information about a consumer's sex life or sexual orientation Not applicable
The source categories of personal information we collect and the business and commercial purposes for which we use and disclose personal information are listed in "Information We Collect", "How We Use Information", and "Information Sharing and Disclosure" above. We will retain personal information for the time period specified in "Data Retention" above.
In the past twelve months, we have not "sold" any personal information (as defined by the CCPA), nor have we actually learned of any "sale" of juvenile personal information under the age of 16.
In the past twelve months, we have not "shared" any personal information for "cross-context behavioral advertising" (as defined in the CCPA), nor have we actually learned of any "sharing" of personal information of minors under the age of 16 for "cross-context behavioral advertising".
We only use and disclose sensitive data for the following purposes:
Provide services.
Prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and/or confidentiality of stored or transmitted personal information.
Resist malicious, deceptive, fraudulent, or illegal behavior against us and prosecute those responsible for such behavior.
Ensure the personal safety of natural persons.
Verify or maintain the quality or safety of our products, services, or equipment, and improve, upgrade or enhance our services or equipment.
For the purpose of not inferring personal characteristics.
California residents have the right not to be discriminated against by us for exercising their rights under the CCPA.
To protect your privacy, we will take steps to reasonably verify your identity before executing a request submitted under the CCPA. These steps may involve asking you to provide sufficient information for us to reasonably verify that you are the person or authorized representative collecting personal information. Examples of our verification process may include asking you to provide an email address or phone number associated with you and providing a verification code sent to your email address or phone number.
Only you or a person authorized by law to act on your behalf may make a verifiable consumer request related to your personal information. To authorize an agent, please provide a written authorization signed by you and your designated agent, and contact us using the information in "Privacy" above for further instructions.
We do not "sell" personal information or "share" personal information for "cross-context behavioral advertising", so we do not respond to opt-out preference signals.
If you are a resident of Nevada, we will not "sell" your personal information.
For Users in Brazil
For users in Brazil, the advanced Shooting page may collect sensitive personal data, such as body pose information from pose guides, considered biometric under the Brazilian General Data Protection Law (LGPD). We will process such data only with your explicit consent and in accordance with LGPD requirements. Biometric data will be discarded upon completion of the shooting session or when you close the application, unless otherwise required by law.
Legal Basis for Processing Data
If you are in Brazil, the legal basis on which we may rely to process your personal information is:
Agree (has obtained your consent);
Contract (processing necessary to fulfill the contract signed with you, such as operating the website or providing any services you request);
Legal obligations (to comply with laws, regulations, rules, or requirements of government departments, judicial authorities, or law enforcement agencies); and
To prevent fraud and protect credit.
If you have any questions about our lawful basis for processing your personal information, please contact us through [email protected] (please indicate "LightFrame" in the subject line of the email).
The Right to Data Disclosure, Correction, Deletion or Suspension of Use, Portability and Withdrawal of Consent
If you are in Brazil, as a data principal, you have the right to request the disclosure, correction, deletion, suspension of use or carrying of your personal data, as well as to withdraw your consent and be informed of the possible negative consequences of such withdrawal, as well as the public and private entities with which we share your personal data. We are obliged to comply with your request without delay. You can send your request by e-mail to [email protected] (Please indicate "LightFrame" in the subject line of the e-mail) or by post to LightFrame Labs Inc. (addressee: LightFrame Legal Department).
Sensitive Data
If you are in Brazil, you understand and agree that in order to be able to provide you with our services, we may collect sensitive personal information such as the facial features of the person in the photograph, gender, age, ethnicity, and other elements contained in the photograph.
Representative
If you are in Brazil, you can contact our Data Protection Officer by e-mail at [email protected] (please indicate "LightFrame" in the subject of your e-mail), or by post to LightFrame Labs Inc. (Attn: LightFrame Legal Department).
International Data Transmission
In order to provide you with our services, we may collect your personal information from, transfer it to, store, and process it elsewhere.
Transfer of personal information: Please refer to the "Information we collect" section above this policy.
Transfer date and method: Transfer when submitting storage and processing.
Countries to which personal information is transferred: US and Singapore.
Retention of personal information: Please refer to the "Data Retention" section above this policy.
Whenever we share information outside of your place of residence, we ensure that the transfer complies with your local laws so that your personal information is adequately protected.
Data Retention
We will retain your information (including your personal information) for as long as is necessary to provide you with the Services and within the limits set forth in the Brazil Civil Core Law, the LGPD, the Brazil Internet Civil Rights Framework, and the Brazil Consumer Protection Law, in accordance with applicable laws, regulations, and requirements and to fulfill our business or legal purposes.
When your personal information is no longer needed, we will immediately destroy your personal information. When we destroy your personal information, we will take commercially reasonable and technically feasible measures to ensure that the personal information is permanently deleted.
Choice of Law
If you reside in Brazil, this policy will be enforced and interpreted in accordance with Brazilian law.
GDPR Notification
In the process of providing services, we will process personal data.
If GDPR applies to our processing of your personal data, we only process personal data in accordance with GDPR. In our above (general) Privacy Policy, you can find information about when GDPR applies to our processing of personal data. This GDPR notice supplements the above (general) Privacy Policy and contains detailed information about our processing of your personal data in accordance with GDPR.
I. Information on the Controller
LightFrame Labs Inc.
522 W RIVERSIDE AVE STE N
Spokane
WA 99201 United States
Identity and contact details of the controller's representatives
LightFrame Labs Inc.
522 W RIVERSIDE AVE STE N
Spokane
WA 99201 United States
II. Information on the Processing of Personal Data
Detailed information on the personal data processed.
Categories of Personal Data Processed Personal Data Contained in Categories Data Sources Data Principal Obligation to Provide Data Retention Period
Biometric Data Biometric data, such as body pose information derived from pose guides on the Shooting page, used for real-time shooting assistance. Service Users. Providing data is not a legal or contractual requirement, nor is it necessary for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to use pose guide features. Biometric data is discarded upon completion of the shooting session or when the application is closed.
Protocol Data Protocol data, which is the data generated when using the service to provide content from our application server. The data generated during use is defined by the network protocol that transfers information between your end point device and the application server. This includes IP address, type and version of mobile operating system used, accessed content, previously accessed content, access date and time. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. Data principal is not obligated to provide data. If data is not provided, we will not be able to provide the application content you requested. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Registration Data Name, username, gender, date of birth, mobile phone number, location. Service Users Providing information marked as required during the registration process is a necessary condition for signing the contract. The data principal is not obligated to provide data. If you do not provide required information, you will not be able to fully utilize the service. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Subscription Data Information about current and/or past subscriptions. Service Users Providing information marked as required during the registration process is a necessary condition for signing a subscription contract. Providing other data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Mobile Device Data Information about your mobile device, including its International Mobile Equipment Identity (IMEI), Unique Device ID (UDID) or Android ID, Universal Unique Device Identifier (GUUID), User ID (UID), IDFA (IDFA) and Supplier Identifier (IDFV), Open Anonymous Device Identifier (OAID), Integrated Circuit Card Identifier (ICCID), Media Access Control (MAC) address, Google Advertising ID (GAID), the type of device you are using, operating system version, list of mobile applications installed on the device, and resolution. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. Data principal is not obligated to provide data. If data is not provided, we will not be able to provide the application content you requested. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Mobile Analytics Data Information obtained to better understand and improve the functionality of our services. This information includes the frequency of your use of the application, events that occur within the application, summary usage, performance data, and download location of the application. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. The data principal is not obligated to provide data. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Network Data Operator name and network type, the name of the WiFi network you are connected to, the location of the WiFi network, and the duration of your WiFi connection. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. The data principal is not obligated to provide data. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Location Data The country code, latitude and longitude, network location, IP Address, and system country and system time zone recorded by your device. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. The data principal is not obligated to provide data. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Log Data Log information may include (i) details of when and how often you use our services, and (ii) device statistics, including critical operating paths, errors, crashes, language, and time zones. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. The data principal is not obligated to provide data. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Image Data Data principal photos/videos; EXIF data stored in image files (EXIF data may include GPS coordinates for taking and processing photos, device type, ISO, and information about front and rear cameras and creation time, depending on the device manufacturer). Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to fully utilize the service. The maximum storage period for data in server log files is 21 days.
Voice Data The voice of the data principal. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to fully utilize the service. The maximum storage period for data in server log files is 21 days.
Metadata Information describing the analysis results of the elements contained in the photo, such as facial features, gender, age, etc. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to fully utilize the service. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Facial Recognition Data Data principal facial feature information (including but not limited to facial images, facial markers). Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to fully utilize the service. When the content recommendation is completed or the application is closed, the facial mapping information will be discarded.
Cookie Data Data principal Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), Referencing and Exit Pages, operating system, date and timestamp, clickstream data. If such personal data is stored in cookies, you can find more detailed information in Part III below. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. The data principal is not obligated to provide data. If data is not provided, you will not be able to fully utilize the service. The data you provide will be stored in your account during its existence until you delete it yourself. You can delete your account at any time. The data will be deleted when the user logs out of their account. When the token expires (after 30 days), the cookie will be replaced.
Advertising Data Advertising ID (including IMEI, Android ID, OAID, IMSI, ICCID, GAID, MEID, mac addr, IDFV, IDFA), geographic location, and IP Address. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary requirement for signing a contract. Data principal is not obligated to provide data. If you do not provide this data, we will not be able to provide interest-based advertising to you. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Third-party Tracking Data Device ID symbol, region (defined as the location where a specific language is used), location information, IP address. If such personal data is stored in cookies, you can find more detailed information in Part III below. Service Users Providing data is not a legal or contractual requirement, nor is it a necessary condition for signing a contract. The data principal is not obligated to provide data. As long as your account exists, the data you provide will be stored in your account until you delete it yourself. You can delete your account at any time.
Purpose of processing personal data Categories of personal data processed Automated decision-making Legal basis and legitimate interests under applicable circumstances Recipient
Provide services Protocol data, registration data, subscription data, network data, location data, image data, voice data, metadata, facial recognition data No automated decision-making will occur. For processing activities related to application users: GDPR Article 6 (1) (b) (fulfilling the contract of the data principal as a party or taking measures at the request of the data principal before signing the contract). For processing of location data: GDPR Article 6 (1) (a) (consent). For processing activities related to data principals different from those of the device owner: GDPR Article 6 (1) (f) (pursuing legitimate interests in the balance of interests): Our legitimate interest is to provide our services. Other subsidiaries of LightFram Apple Inc., Google LLC, Meta Platform, Inc., AppLovin (Singapore) Pte. Ltd., Tencent Holdings Limited, Microsoft Corporation, Zendesk, Inc., Stripe, Inc., AppsFlyer Ltd., Adjust GmbH
Statistical Analysis (Developing and Analyzing Statistical Data on the Use of Our Products and Services to Improve Our Products and Services) Protocol Data, Mobile Device Data, Mobile Analytics Data, Network Data, Location Data, Log Data, Cookie Data No automated decision-making will occur. Article 6 (1) (a) GDPR (consent) Other subsidiaries of LightFram Apple Inc., Google LLC, Meta Platform, Inc., AppLovin (Singapore) Pte. Ltd., Tencent Holdings Limited, AppsFlyer Ltd., Adjust GmbH
Create an account Agreement data, registration data, subscription data, location data No automated decision-making will occur. Article 6 (1) (f) of the GDPR (pursuing legitimate interests in the balance of interests): Our legitimate interest is to provide our application content requested by users. Other LightFram affiliates, Apple Inc., Google LLC
Provide location-based services (to provide users with advertisements, the correct version of our services, and help users have a good User Experience) Protocol data, location data No automated decision-making will occur. Article 6 (1) (a) GDPR (consent) Other subsidiaries of LightFram Apple Inc., Google LLC, AppLovin (Singapore) Pte. Ltd., AppsFlyer Ltd., Adjust GmbH
Improving User Experience (optional features such as User Experience programs that allow us to analyze data about the use of our products and services and improve User Experience) Protocol data, mobile device data, mobile analytics data, network data, location data, log data, image data, metadata, Cookie data, third-party tracking data No automated decision-making will occur. Article 6 (1) (a) GDPR (consent) Other subsidiaries of LightFram Apple Inc., Google LLC, Meta Platform, Inc., AppLovin (Singapore) Pte. Ltd., Tencent Holdings Limited, AppsFlyer Ltd., Adjust GmbH
Provide TTpush (used to evaluate advertising effectiveness and software update success rate, or provide notification of new product releases). Protocol data, mobile device data, advertising data No automated decision-making will occur. Article 6 (1) (a) GDPR (consent) Other subsidiaries of LightFram Apple Inc., Google LLC, AppLovin (Singapore) Pte. Ltd., AppsFlyer Ltd., Adjust GmbH
Verify user identity Agreement data, registration data No automated decision-making will occur. Article 6 (1) (f) of the GDPR (pursuing legitimate interests on balance of interests): In this case, our legitimate interest is to verify your identity in order to be able to provide you with services. Other LightFram affiliates, Apple Inc., Google LLC
Collect user feedback (to help us improve our services) Agreement data, registration data No automated decision-making will occur. Article 6 (1) (a) GDPR (consent) Other subsidiaries of LightFram Apple Inc., Google LLC, Meta Platform, Inc., AppLovin (Singapore) Pte. Ltd., Tencent Holdings Limited, Zendesk, Inc., AppsFlyer Ltd., Adjust GmbH
Comply with any applicable rules, laws and regulations, codes of conduct or guidelines or assist relevant authorities in law enforcement and investigations Agreement data, registration data, subscription data No automated decision-making will occur. Article 6 (1) (c) of the GDPR (necessary to comply with the legal obligations of the controller) Public authorities, other LightFram affiliates
Maintain the safe and stable operation of the service, such as identifying or handling any faults in the service Protocol data, network data, log data No automated decision-making will occur. Article 6 (1) (f) of the GDPR (pursuing legitimate interests in the balance of interests): Our legitimate interest is to ensure the secure and stable operation of the IT infrastructure used to provide services. Other LightFram affiliates
Protect your account, network, operation, and system security, prevent phishing, website fraud, and Trojan viruses Protocol data, network data, log data No automated decision-making will occur. Article 6 (1) (f) of the GDPR (pursuing legitimate interests on balancing interests): Our legitimate interest is to ensure the security of the IT infrastructure used to provide our website, in particular for detecting, eliminating, and conclusively recording events (such as DDoS attacks). Other LightFram affiliates
Processing requests (Client Server) Agreement data, registration data, subscription data No automated decision-making will occur. If your request involves a contract to which you are a party or pre-performance measures: Article 6 (1) (b) GDPR (performance of a contract to which the data principal is a party or taking measures at the request of the data principal before entering into a contract). Otherwise: Article 6 (1) (f) GDPR (pursuit of a legitimate interest in balancing interests): In this case, our legitimate interest is to process your request. Other LightFram affiliates
Details about recipients of personal data and transfers of personal data to third countries and/or international organizations.
Recipient Role of the Recipient Transfers to Third Countries and/or International Organizations Sufficiency Decisions or Appropriate Safeguards for Transfers to Third States and/or International Organizations
Cloudflare Inc. Processor United States of America The European Commission has recognized the EU-U.S. Data Privacy Framework (DPF) as providing an adequate level of data protection. Cloudflare, Inc. participates in and complies with the EU-U.S. DPF. Transfers are therefore covered by an adequacy decision under Article 45 of the GDPR. For further details, refer to Cloudflare's Data Processing Agreement (DPA). A copy can be requested via Cloudflare's legal documentation.
Apple Inc Processor US The European Union Commission has no adequacy decision against the US. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) GDPR, thus protecting your data. You can obtain a copy of this agreement from the above contact address.
Google LLC Processor US The European Union Commission has no adequacy decision against the US. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) GDPR, thus protecting your data. You can obtain a copy of this agreement from the above contact address.
Meta Platform Corporation Processor US The European Union Commission has no adequacy decision against the US. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) GDPR, thus protecting your data. You can obtain a copy of this agreement from the above contact address.
AppLovin (Singapore) Pte Ltd Processor Singapore The European Union Commission has not made an adequacy decision for Singapore. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) of the GDPR to protect your data. You can obtain a copy of this agreement from the above contact address.
Stripe Inc Processor US The European Union Commission has no adequacy decision against the US. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) GDPR, thus protecting your data. You can obtain a copy of this agreement from the above contact address.
AppsFlyer Limited Processor Singapore The European Union Commission has not made an adequacy decision for Singapore. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) of the GDPR to protect your data. You can obtain a copy of this agreement from the above contact address.
Adjustment co Processor US, European Union The European Union Commission has not made sufficient decisions regarding the US and the European Union. We have signed so-called standard data protection clauses with the recipient in accordance with Article 46 (2) (c) of the GDPR, thus protecting your data. You can obtain a copy of this agreement from the above contact address.
III. Information on the Use of Cookies or Similar Technologies
The following section currently only involves cookies. If similar technologies (browser fingerprinting, local storage, session storage, etc.) are used, this section must be adjusted accordingly.
We use cookies when providing services. For this purpose, we use the processing and storage functions of your device and/or device browser, and collect information from the memory of your device and/or device browser.
You will find more detailed information about this content in the following text.
- General Information about Cookies
Cookies are small text files containing information that can be placed on a user's device when they use an application or visit a website. When a user uses the same device again or visits a related application or website, the cookie and the information it contains can be retrieved.
A) First-Party and Third-Party Cookies
Type of Cookies Description
First-Party Cookies Cookies placed and accessed by the operator of the application or website as the controller or by processors entrusted by the controller
Third-Party Cookies Cookies placed and accessed by controllers other than application or website operators who are not processors employed by application or website operators
B) Temporary and Persistent Cookies
Type of Cookie Description
Temporary Cookies (Session Cookies) Cookies that are automatically deleted when you close the application or browser
Persistent cookies Cookies will still be stored on your device for a period of time after the application or browser is closed
C) Cookies that do not require consent and cookies that require consent
Cookie Type Description
Cookies without consent Cookies whose sole purpose is to transmit information through electronic communication networks
Cookies necessary for the service provider Cookies necessary for the service provider to provide the corresponding service upon explicit request from participants or users ("strictly necessary cookies")
Cookies that require consent Cookies for all purposes other than the above
- Manage the Cookies Used on Our Applications and Websites
A) Granting and withdrawing consent to the use of cookies in the data protection settings of our applications and websites.
If the use of certain cookies requires your consent, we will only use those cookies with your prior consent. You can find information on whether your consent is required for the use of certain cookies in Section III.3 of this Privacy Policy.
You cannot disable absolutely necessary cookies in the data protection settings of our application or website. However, you can usually disable these cookies at any time in the application or browser.
B) Manage cookies using device/browser settings
You can also manage the use of cookies in the settings of your device or browser. Different browsers have different ways of configuring cookie settings. You can find more information on websites such as allaboutcookies.org/manage-cookies/. However, we would like to point out that if you disable cookies on your device, certain features of our application or website may not function properly, or even not function at all.
- Cookies Used on Our Applications and Websites
Name First-Party/Third Party Purpose and content of use Validity period Do I need to agree?
Token First-Party User login token When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
Connection.sid First-Party User login token When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
First login First-Party User login token When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
creative style First-Party Provide services When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
Image style First-Party Provide services When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
GuideVisible First-Party Optimize User Experience When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
_ga Third party Data Analysis When the user logs out of the account, it will be deleted. When the token expires (30 days), it will be replaced. No
As a Data Principal, You Have the Following Rights Regarding the Processing of Your Personal Data:
Right of access (Article 15 of the GDPR)
Right to rectification (Article 16 of the GDPR)
Right to deletion ("right to be forgotten") (Article 17 of the GDPR)
Right to restrict processing (Article 18 of the GDPR)
Right to data portability (Article 20 of the GDPR)
Right to object (Article 21 of the GDPR)
Right to withdraw consent (Article 7 (3) of the GDPR)
You can use the contact information provided to exercise these rights.
Where applicable, you can find information on the processing of personal data about any specific modes and mechanisms that facilitate the exercise of your rights, particularly your rights to data portability and the right to object.
You also have the right to file a complaint with the supervisory authority (Article 77 of the GDPR).
The following is more detailed information about your personal data processing rights:
Right of access
As a data principal, you have the right of access and information in accordance with the conditions set out in Art. 15 GDPR.
This particularly means that you have the right to confirm with us whether we are processing your personal data. If so, you also have the right to access personal data and the information listed in Article 15 (1) of the GDPR. This includes information about the purpose of processing, the categories of personal data being processed, and the recipients or categories of recipients to whom personal data has been or will be disclosed (Article 15 (1) (a), (b), and (c) of the GDPR).
Right of correction
As a data principal, you have the right to make corrections in accordance with the conditions set out in Article 16 of the GDPR.
This means in particular that you have the right to request that we correct inaccuracies in your personal data without delay and to supplement incomplete personal data.
Right to be deleted ("right to be forgotten")
As a data principal, you have the right to delete data in accordance with the conditions set out in Article 17 of the GDPR ("right to be forgotten").
You have the right to request that we delete your personal data when one of the reasons listed in Article 17 (1) of the GDPR applies, we are obliged to delete your personal data without delay.
Right to restrict processing
As a data principal, you have the right to restrict processing in accordance with the conditions set out in Article 18 of the GDPR.
This means that if one of the conditions specified in Article 18 (1) of the GDPR applies, you have the right to obtain processing restrictions from us.
Data portability rights
As a data principal, you have the right to data portability in accordance with the conditions set out in Article 20 of the GDPR.
You generally have the right to receive the personal data you provide to us in a structured, commonly used, and machine-readable format and to transfer this data to another controller without hindrance from us.
Right to object
As a data principal, you have the right to object under the conditions set out in Article 21 of the GDPR.
You have the right to object at any time to the processing of your personal data.
The right to withdraw consent
If the processing is based on consent under Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, as the data principal, you have the right to withdraw your consent at any time.
The right to complain to regulatory authorities
As a data principal, you have the right to lodge a complaint with the supervisory authority under the conditions set out in Article 77 of the GDPR.
The regulatory agency responsible to us is:
Hamburg's Data Protection and Freedom of Information Beautification
Ludwig Erhard Street 22, 20459 Hamburg
E-mail: [email protected]
Phone: + 49 40 42854-4040
Office of the Information Commissioner
E-mail: [email protected]
Telephone: 0303 123 1113
IV. Information on GDPR Technical Terms Used in This GDPR Notice
The technical terms related to data protection used in this GDPR notice have the meaning of the General Data Protection Regulation.
The full scope of the General Data Protection Regulation can be found in Article 4 of the GDPR.
You will find more detailed information about the most important technical terms of the General Data Protection Regulation used in this GDPR notice below:
"Personal Data" means any information relating to an identified or identifiable natural person ("data principal"); an identifiable natural person means a person who can be directly or indirectly identified, in particular by name, identification number, location data, online identifier or one or more specific factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
"Data principal" means the identified or identifiable natural person to whom the personal data relates.
"Processing" means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, construction, storage, adaptation, or alteration, retrieval, access, use, disclosure by transmission, dissemination, or otherwise making available, adaptation or combination, restriction, deletion or destruction.
"Analysis" means any form of automated processing of personal data, including the use of personal data to evaluate certain personal aspects related to natural persons, in particular to analyze or predict the work performance, economic status, health status, personal preferences, interests, reliability, behavior, location, or movements of natural persons.
"Controller" means a natural or legal person, public authority, body or other body that decides, alone or jointly with others, the purposes and methods of processing personal data; if the purposes and methods of such processing are determined by Union or Member State law, the specific criteria for the controller or its nomination may be prescribed by Union or Member State law.
"Processor" means a natural or legal person, public authority, body or other body that processes personal data on behalf of the controller.
"Recipient" means the natural or legal person, public authority, institution, or other body to which the personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data within the framework of a specific investigation under Union or Member State law shall not be considered recipients; the processing of these data by these public authorities shall comply with applicable data protection rules depending on the purpose of the processing.
"Third parties" means natural persons, legal persons, public authorities, institutions, or bodies other than data principals, controllers, processors, and persons authorized to process personal data under the direct authorization of controllers or processors.
"International organization" means an organization and its subsidiary organs governed by public international law, or other organs established by or pursuant to an agreement between two or more States.
"Third country" means a country that is not a member of the European Union ("EU") or the European Economic Area ("EEA") or the United Kingdom.