This Privacy Policy applies to the AiDitor mobile application (“App”) and the website at www.aiditor.app (together, the “Service”) operated by AiDitor(“AiDitor”, “we”, “us”). By using the Service you agree to the practices described below.
1. Information we collect
1.1 Account information
When you use the App we collect the account and entitlement details needed to provide your purchase, token balance, generations, and support history. If you contact support, we use the email address and details you provide to resolve the request.
1.2 Content you submit
To generate images, the App sends your prompts (the text you type) and any images you upload (photos, sketches, or brush masks) to our servers and on to the AI model providers listed in Section 3. We retain these inputs only as long as needed to produce your result and to provide the features described in this policy (see Section 5, “Retention”).
1.3 Generated outputs
AI-generated images produced for you are stored on our cloud storage (Amazon S3) and delivered to you through short-lived signed URLs. We label these outputs as AI-generated inside the App and attach content-provenance metadata where available.
1.4 Purchases & subscriptions
If you buy a subscription or a token pack, the transaction is processed by Apple (App Store) or Google (Google Play). We receive a purchase receipt and the entitlement identifier through RevenueCat. We do not receive or store your full payment card details.
1.5 Device and usage information
We automatically collect technical data needed to run the Service: device model, OS version, app version, approximate region (derived from IP), crash reports, and error logs. We use this to keep the App stable and to detect abuse.
1.6 Support messages
When you email us at aiditor.app@gmail.com or submit a report through Support we receive your message and any information you choose to include.
2. How we use your information
- To operate the core Service (authenticate you, render generations, deliver outputs, run your wallet).
- To enforce our acceptable use rules and applicable law — including safety review of prompts and outputs.
- To investigate reports of harmful or policy-violating content.
- To fix bugs, prevent fraud, and monitor service health.
- To communicate with you about your account, billing, and material changes to these policies.
We do not sell your personal information. We do not use your prompts or uploaded images to train foundation models. Where a provider we use for a specific call trains on inputs by default, we opt out where the provider offers that control.
3. Service providers we share data with
We use the minimum set of sub-processors needed to run the Service. Each is bound by contract to process data only on our instructions:
- Amazon Web Services (AWS) — hosting, databases, and object storage (United States).
- fal.ai — image generation inference. Prompts and uploaded reference images are sent to fal to produce your output.
- RevenueCat — subscription entitlements and receipt validation.
- Sentry — crash reporting and error diagnostics.
4. Legal bases (EEA / UK users)
We process your data on the following bases: performance of a contract (to deliver the Service you request); our legitimate interests (to keep the Service safe and improve it); your consent (where required, e.g. to access your photo library); and compliance with legal obligations.
5. Retention
- Account data — while your account is active; 30 days after deletion request.
- Prompts & uploaded images — up to 30 days for free users, 90 days for paid users, unless you delete them first.
- Generated outputs — per the lifecycle in Section 1.3 (free outputs: 90 days; avatar inputs: 7 days).
- Moderation records & user reports — retained for at least 12 months for safety and legal compliance, then archived.
- Purchase receipts — as long as required by tax and consumer-protection law.
6. Your rights
Subject to your local law, you may have the right to access, correct, port, or delete your personal data, to object to or restrict certain processing, and to withdraw consent at any time. You can delete your account from inside the App (Settings → Account → Delete account) or by emailing aiditor.app@gmail.com. Deletion is irreversible and removes your prompts, uploads, generations, and wallet balance.
7. Children
The Service is not directed to children under 13, and in regions where the minimum age is higher (for example 16 in parts of the EEA) we apply that higher threshold. We do not knowingly collect personal data from children below these ages. If you believe a child has provided us data, contact aiditor.app@gmail.com and we will delete it.
8. Security
We use TLS in transit, encryption at rest for stored objects, scoped IAM roles, and least-privilege access for engineers. No system is perfectly secure; we will notify you of a breach when required by applicable law.
9. International transfers
Our servers are located in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US. Where required (e.g. EEA → US) transfers are covered by Standard Contractual Clauses or an equivalent lawful mechanism.
10. Cookies and browser storage
On the public marketing pages we do not set advertising, retargeting, or cross-site tracking cookies. If you use signed-in web surfaces, we may use strictly necessary session cookies such as aid_id, aid_access, and aid_refresh to keep you signed in and protect your account.
We may also use local browser storage for UI state and cached product data so pages load faster. You can clear cookies and local storage in your browser settings. Disabling strictly necessary cookies may prevent signed-in web features from working.
11. Changes
We'll post material changes to this policy here and update the “Effective” date above. If the change is substantive we will notify you in-app or by email before it takes effect.
12. Contact
Privacy questions — aiditor.app@gmail.com.
Abuse / takedown — aiditor.app@gmail.com.
Web — www.aiditor.app.