Privacy policy — VibeX

1. Summary

VibeX is an AI photo-editing app — you pick a photo, choose an edit, the app produces an enhanced version. To do this we process the photos you provide and a small amount of account/usage data. We do not sell your personal data and we do not use your photos for advertising.

2. Data we collect

We collect only what's needed to run the service:

• Photos and images: photos you select or capture, and AI-generated results. Sent to Google Gemini API for processing; results stored locally on your device. We do not maintain a server-side gallery of your photos.
• Account information (optional): email and Apple/Google identifier when you sign in. Authentication via Supabase. You can use the app as a guest with no account.
• Purchase information: subscription/credit status via Apple + RevenueCat. No card details reach us.
• Usage and device data: in-app events, app version, device model, OS via PostHog. Not used for cross-app advertising.
• Diagnostics: crash reports and error context via Sentry. Secrets actively redacted.
• Local device data: preferences, credit balance, edit history, session info via MMKV. Configuration fetched from Upstash.

3. How we use your data

Your data powers the core service and keeps it healthy:

• Provide the core feature — generating AI edits from your photos.
• Maintain your account, credits and purchases.
• Diagnose crashes and improve performance and features.
• Comply with legal obligations.

4. Legal bases (GDPR)

Performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent where required (Art. 6(1)(a), Art. 9(2)(a) for image data), and legal obligations (Art. 6(1)(c)).

5. Who we share data with

Sub-processors act under our instructions — we do not sell personal data:

• Google (Gemini API) — AI image processing (photos + prompts).
• Supabase — authentication and backend (email, account ID).
• RevenueCat + Apple — purchases and subscriptions (purchase status, anonymous ID).
• PostHog — product analytics (usage events, device info).
• Sentry — crash reporting (error and diagnostic data).
• Expo (EAS) — app updates and delivery (app version, device info).
• Upstash — remote configuration (app config requests).

6. Photos and facial features

Your photos may contain faces. We process these images only to generate the edit you request — we do not use them for biometric identification, face recognition, training of models, or building profiles. Photos are sent to Google's Gemini API for processing and the result is returned to your device. Depending on your jurisdiction, facial images may be treated as sensitive/special-category data; where required we rely on your explicit consent, which you give by choosing a photo and starting an edit.

7. Data retention

How long different data lives:

• Photos and results: stored locally on your device until you delete them or uninstall.
• AI processing: sent to Google for processing; retention governed by Google's API terms.
• Account data: kept until you delete your account.
• Analytics and diagnostics: retained per provider defaults.

8. International transfers

Some providers (Google, Sentry, PostHog) process data outside your country, including the United States. Transfers rely on appropriate safeguards (Standard Contractual Clauses) and, where required, your explicit consent.

9. Your rights and account deletion

Under GDPR/KVKK you may request access, correction, deletion, restriction, portability, and objection. To exercise them:

• In-app account deletion: Settings → Account → Delete account. This deletes your account and associated server-side data.
• Local data: Settings → Privacy → Delete all my data, or uninstall the app.
• Email: mustafa@mustafaevleksiz.com.

10. Children

The app is not directed to children under 13. We do not knowingly collect their data.

11. Security

We use industry-standard measures — encryption in transit, access controls. No method is 100% secure; we cannot guarantee absolute security.

12. Changes

We may update this policy; material changes will be notified in-app or by updating this page's date.

13. Contact

Mustafa Evleksiz — mustafa@mustafaevleksiz.com.