INTRODUCTION AND SCOPE
1. PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
We may collect Personal Data from and about you:
- Directly from you when you provide it to us.
- Automatically when you Use A2E. Information collected automatically may include Usage details and internet protocol (“IP“) addresses.
- From third parties, for example, our service providers, partners and vendors.
2. PERSONAL DATA YOU PROVIDE TO US DIRECTLY
You may provide Personal Data to us directly, or to service providers that act on our behalf, when you Use A2E. The Personal Data you provide depends on which features of A2E you Use and how you interact with the app.
- Photos and (or) videos that you upload to A2E. If you grant us permission to access your camera or your device’s photo library, we will process the photos and videos you select to upload to A2E to provide features of the app that you choose to Use. For more information regarding how we process your photos and videos, please see Section 3: How We Process, Share and Retain Your Photos, Videos and Image Data.
- Information Regarding Skin Color. When you Use the Avatars feature, we ask you to select the skin color you want to be associated with the Avatar. This information is used solely to generate the Avatars in accordance with your preference. If you do not want to select a skin color, please select “auto”.
- Account Information. When you create a A2E account, we ask you to provide your email address. If you log in with your Google ID we will receive your Google ID and may receive the email address associated with your Google ID, depending on your Google settings. If you log in via your Google Account we will receive your associated email address.
- If you contact us or communicate with us, we will collect and receive records and copies of your correspondence with us and contact details that you have provided us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted).
3. HOW WE PROCESS, SHARE, AND RETAIN YOUR PHOTOS, VIDEOS AND IMAGE DATA
We process your photos and videos to provide you with the features of the A2E application that you choose to Use. In doing so, when you upload photos or videos to A2E, we process your photos and videos using technology that identifies data that is in the photos and videos and provides us with information, such as information about your facial position, orientation and topology (“Face Data“), and other elements of your photo (collectively, “Image Data“). The following describes how we process, share, and retain your photos, videos and Image Data in connection with various features of the A2E app. Please note, however, that we may retain your data for longer time periods than set forth below where required to do so by law.
- Video Generation. When you upload photos and videos for editing, we will automatically apply technology that generates Image Data. This processing only occurs on our servers.
- Avatars Creation. To generate Avatars, you must upload several photos to A2E and select a gender to be associated with the Avatar. The photos you upload are stored on our servers, which are hosted by Amazon Web Services (USA). The Magic Avatars feature relies on the Stable Diffusion model. We create a copy of the Stable Diffusion model, which is hosted on our AWS servers, and apply technology that retrains the model using the photos you uploaded and generates Image Data to create and personalize your Avatars. Immediately after the successful generation of Avatars, your original photos, the copy of the Stable Diffusion model, as well as any associated Image Data, are deleted permanently from our AWS servers. We do not Use your Personal Data to train and/or create separate artificial intelligence/products.
- Your Avatars are stored on our servers (provided by Amazon Web Services (USA)) and are available to you within the A2E app at any time, via any device from which you log into the A2E application, until you decide to either (i) delete the Avatars or, (ii) delete your A2E account. If you delete an Avatar, we will generally process the deletion within 4 hours. If you delete your A2E account, we will generally delete your account, including the Avatars in your account, within 4 hours. Please be aware that deleting the A2E application from your device does not result in the deletion of your A2E account!
4. PERSONAL DATA WE COLLECT AUTOMATICALLY
When you Use A2E, we or third parties we permit to do so, may automatically collect certain information, including Personal Data, from you (this is subject to your consent where this is required by law). The information collected from you automatically when you Use A2E may include:
- Device information: Information about your mobile device and internet connection, including your IP address, the device’s unique device identifier, operating system and version, mobile network information, device type and device language.
- App and country information: Information regarding the version of the app that you are using and the country version of the app store from which you downloaded A2E.
- Image Data: For more information regarding how we process your photos and videos when you Use various features of the app, please see Section 3: How We Process, Share, and Retain Your Photos, Videos and Image Data.
- Usage details: Details of your Use of A2E, including frequency of Use, areas and features of the application that you access and information regarding engagement with particular features of the app.
- Details about your in-app purchases: For example, details regarding the time you made certain purchases.
- (If you have provided your consent) IDFA or Android Advertising ID, whichever is applicable to your device. If you want to disable the collection of IDFA and/or Android Advertising ID by A2E, please follow the instructions below.If you use an iOS device:
- Go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > Tracking.
- Tap to turn off or turn on permission to track for A2E.
- Open Settings app
- Navigate to “Privacy” > “Ads”
- Tap “Delete Advertising ID”
- Tap it again on the next page to confirm.
5. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
We may use your Personal Data for a variety of purposes depending on the category of Personal Data and the way you Use and interact with the A2E app, including the following:
- To present to you and others with A2E and its contents and any other information, products or services that you request from us, including to provide various features of the app (e.g., Photo and Video Generation) and its functionality. We do so to provide you with the services subject to your explicit consent and according to our contractual obligation.
- To customize our product and service offerings to you, for example, offering pricing personalization and discounts. In doing so, we make automated decisions using device type and device language data. Where required by law, we rely on your consent to offer such personalization and/or offer you the opportunity to opt-out. Please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies for more information.
- To provide you with customer and technical support, investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other users’ inquiries in relation to A2E. It is our legitimate interest to provide you with high-quality support.
- To communicate with you, such as to notify you about changes to A2E or any products or services we offer or provide through A2E, including by sending you technical notices, notices about your account/subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages, which we may send through an in-app or a push notification (you may opt-out of push notifications by changing the settings on your mobile device). It is our legal obligation to keep you informed about your subscription and your account and otherwise in our legitimate interests of keeping you informed about your A2E account.
- To conduct research, analytics and monitor performance and other metrics regarding A2E and your Use of A2E. This may include data regarding the total number of users of our app, traffic, and demographic patterns related to the use of our app. Where this data is collected through the technologies described in Section 7 and where required by law, we rely on your consent; otherwise, it is our legitimate interest to conduct analytics as it helps us understand our business metrics and improve our product.
- To improve, test, and monitor the effectiveness of A2E. It is our legitimate interest to conduct such analyses to understand our product and business metrics.
- To provide personalized content and information to you in relation to A2E and so that we, and third parties on which we rely, can advertise to you. This may include using your Personal Data to build advertising audiences that we believe are similar to our user base, serving online ads to you, or engaging in other forms of advertising. Where required by law, we rely on your consent to engage in such activities and/or offer you the opportunity to opt-out. Please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies for more information.
- To send marketing and promotional communications to you, such as via email, push notification or in-app messaging either with your consent or as otherwise permitted by law. Please see Section 9: Your Choices About Our Communications With You for more information.
- In any other way as we may describe when you provide the information or otherwise at your direction or with your consent.
- As permitted or required by law, including for auditing, fraud and security monitoring purposes.
6. TO WHOM WE DISCLOSE PERSONAL DATA
We may disclose the information we process about you, including any Personal Data, as follows:
- We may share your Personal Data with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries (“Affiliates”). The Affiliates act as our data processors and may perform data processing on our behalf (e.g., providing technical support or conducting analytics). Such Affiliates are bound by appropriate contractual safeguards.
- Palta Software Ltd, based in Cyprus (data processor for the purpose of internal analytics)
- We may disclose your Personal Data, and other collected information to third-party organizations such as contractors, business partners, service providers, and vendors that we use to support our business and who assist us in providing A2E. Such service providers may include:cloud provider Amazon Web Services (USA), which we use to store your Personal Data, photos, and Image Data when you generate Avatars;
- cloud provider Google Cloud Platform, which we use to host analytics data; and
- email delivery providers.
- We may disclose your Personal Data to third-party analytics providers and advertising partners or otherwise permit them to collect or access it. For more information, please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies.
- We may disclose your Personal Data in the event that we or any of our affiliates, subsidiaries or lines of business is merged, acquired, divested, financed, sold, disposed of or dissolved, including in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation. In such cases, your Personal Data and any other collected information may be among the items sold, transferred, or otherwise disclosed as part of that transaction or proceeding.
- We may disclose your Personal Data in response to legal requests and for purposes of preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
7. COOKIES, SOFTWARE DEVELOPMENT KITS, AND OTHER TRACKING TECHNOLOGIES
Interest-based Advertising. We may partner with ad networks and other ad-serving providers that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your Use of the app over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Webchoices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and YourAdChoices.com | AppChoicesing interest-based ads from members of the Network Advertising Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to your perceived interests.
- For users in the European Economic Area, United Kingdom and United States. You can opt-out from processing of Personal Data via cookies, SDKs and other tracking technologies by clicking sending a request to email@example.com.
You may find that some parts of the app may not function properly if you have refused cookies or similar tracking technologies, and you should be aware that disabling cookies or similar tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser specific
8. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Access, modification, correction and erasure. You can send us an email at firstname.lastname@example.org to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
EEA/UK individuals. Individuals in the European Economic Area (“EEA“) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the UK version of the EEA GDPR (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below. You can exercise these rights by contacting us (for contact information, please see Section 15: How to Contact Us). We will do our best to accommodate your request or objection but please note that not all rights are absolute.
- Access to your Personal Data: You have a right to request information about whether we have any Personal Data about you, and to receive a copy of such Personal Data.
- Restriction of processing: You also have the right to demand restriction of processing of your Personal Data, for example, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
- Erasure of your Personal Data: In certain circumstances, you may ask us to erase your Personal Data. Please be aware that erasing some Personal Data may affect your ability to Use A2E.
- Right to portability of your Personal Data: In certain circumstances, you have the right to request us to receive any Personal Data you provided us in a structured, commonly used and machine-readable format. You may further ask us to give that Personal Data to another party.
- Right to object to processing or otherwise using your Personal Data: Where we are processing your Personal Data based on our legitimate interest, you may object to the processing or otherwise using your Personal Data. Please be aware that our inability to process or otherwise use some of your Personal Data may affect your ability to Use A2E. If you have opted in to receiving marketing communications, you have the right to opt out of those at any time.
- Right to withdraw your consent at any time: Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority: Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) Make a complaint | ICO .
Please keep in mind that in case of a vague request to exercise any of the aforementioned rights we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request. Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your username or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.
Please note that we will process your request within one month after receiving it. We may extend this period by up to two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know within one month from your request. We will not discriminate against you for exercising your rights under the law.
9. YOUR CHOICES ABOUT OUR COMMUNICATIONS WITH YOU
If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications and push notifications about new products, features or offers from A2E and its affiliates.
10. DATA SECURITY
We use reasonable and appropriate information security safeguards to help keep your Personal Data secure and in an effort to protect it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to do our best to protect your Personal Data, we cannot guarantee the security of the collected information transmitted to or through A2E or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your Personal Data is at your own risk. We are not responsible for the circumvention of security measures contained in A2E. Please understand that there is no ideal technology or measure to maintain 100% security.
The safety and security of your information also depends on you. For instance, we are not responsible for how you choose to share the photos, videos, Avatars or other information processed in your A2E account, such as via social media services. We are not responsible for the functionality, privacy, or security measures of any other organization.
11. DATA RETENTION
Other than as set forth in Section 3: How We Process, Share and Retain Your Photos, Videos and Image Data, we generally retain your Personal Data until you delete your A2E account. If you delete your A2E account, we will generally delete your account within 4 hours.
To make a request to delete your A2E account, please contact us at email@example.com or procede through A2E settings.
Notwithstanding the foregoing, please note that we may retain your Personal Data, photos, videos, Image Data and Avatars for longer periods of time than set forth above, such as in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, or to enforce our agreements. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.
12. CROSS-BORDER DATA TRANSFERS
We and certain of our service providers are incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States.
Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see Adequacy decisions) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see Standard Contractual Clauses (SCC).
Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
As to the location of our servers, we use AWS servers located in the USA for A2E operation, while our analytics operations are processed both on the servers provided by AWS (located in the USA) and by Google LLC (located in the Republic of Ireland).
For further information please contact firstname.lastname@example.org
General age limitation. A2E is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use A2E. If you are under 13, do not: (i) Use or provide any information in A2E or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 13, please contact us at email@example.com.
Age limitation for EEA individuals. You must be at least 18 years old in order to Use A2E. We do not allow Use of A2E by EEA individuals younger than 18 years old. If you are aware of anyone younger than 18 Using A2E, please contact us (for contact information, please see Section 15: How to Contact Us), and we will take the required steps to delete the information provided by such persons.
Age limitation for UK individuals. You must be at least 18 years old in order to Use A2E. We do not allow Use of A2E by UK individuals younger than 18 years old. If you are aware of anyone younger than 18 Using A2E, please contact us (for contact information, please see Section 15: How to Contact Us), and we will take the required steps to delete the information provided by such persons.
14. THIRD-PARTY WEBSITES AND SERVICES
15. HOW TO CONTACT US, EEA/UK REPRESENTATIVE, AND DATA PROTECTION OFFICER