Saltar al contenido principal

Cherlume

Privacy Policy

This Privacy Policy explains how Cherlume handles information when you use our mobile app and related services.

Last updated: June 28, 2026

Information you provide

  • Account and authentication data (for example, email or identity provider identifiers via Supabase Auth).
  • Profile details such as display name and avatar, where provided.
  • Photos and content you choose to upload for Experiences.
  • Prompts, options, and generation parameters you select for an Experience.
  • Support messages you send us, and any report you submit about a result.
  • Legal consent records when you accept our terms and disclosures in the app.

Prompts, parameters, and AI results

  • The Experience you choose, the input photos you submit, and the parameters or options for that generation.
  • AI-generated results produced for you, plus moderation outcomes and technical metadata about each generation job.
  • These are processed to produce, deliver, and store your result and to apply safety checks.

Photos and uploaded content

We process uploads to provide the generation, restoration, or export you request.

We do not sell your photos.

We do not use your photos to train public AI models unless explicitly stated by a provider or policy that applies to that processing.

Uploaded content may be transmitted to trusted infrastructure and AI providers solely to deliver the service.

  • Photos and generated results may be stored for a limited period to complete processing, deliver results, and support your account.
  • Retention periods may vary by feature and operational needs.

Purchases and payment metadata

Payments for credits or subscriptions are processed by Apple App Store or Google Play. We receive purchase validation metadata (not your full payment card details) through those platforms and, where used, subscription infrastructure such as RevenueCat.

Technical data and logs

  • Device and app version information.
  • Diagnostic, performance, crash, and security logs.
  • IP address or coarse location derived from network requests (for security and abuse prevention).
  • Hashed identifiers where needed for fraud prevention or legal consent audit trails (for example, an IP hash and user-agent stored with your consent record).

Usage and product analytics

We collect in-app usage events (for example, screens viewed, generation started/completed, paywall and result actions, and stable error codes) to understand how Cherlume is used and to improve the product.

Analytics are processed server-side through our backend and exported to PostHog. Events are tied to your Cherlume account identifier. Cherlume does not use cross-app advertising tracking or device advertising identifiers.

How we use information

  • Provide and improve Cherlume Experiences.
  • Authenticate users and protect accounts.
  • Process generations, credits, and entitlements.
  • Apply safety and moderation measures.
  • Respond to support requests, reports, and legal obligations.

Service providers and AI processors

Cherlume relies on trusted third parties to operate the service. They process data only to provide their service to us, under contract.

AI processing providers receive your input photos, prompts, and parameters solely to generate or evaluate results. We do not use your photos to train public AI models unless a specific provider or policy that applies to that processing says so.

  • Authentication and database/storage: Supabase.
  • Hosting and infrastructure: our cloud hosting providers.
  • Purchases and entitlements: Apple, Google, and RevenueCat.
  • Analytics: PostHog. Push notifications (if enabled): Firebase Cloud Messaging (Google).
  • AI image generation and multimodal evaluation: third-party AI providers (which may include Google, OpenAI, Replicate, fal, OpenRouter, and the Vercel AI Gateway).

Storage and security

We use industry-standard safeguards designed to protect data in transit and at rest. No method of transmission or storage is completely secure.

Data retention

We retain information only as long as needed to provide the service, comply with law, resolve disputes, and enforce agreements.

Uploaded photos and generated results are kept for a limited period to complete processing, deliver results, and support your account; technical logs and consent records are kept for security and audit purposes.

You may request deletion of your account or personal data subject to applicable exceptions (for example, billing records we must keep). To request deletion, email us from your account address; we verify ownership before processing.

Your rights and choices

  • Access, correction, or deletion of your personal data.
  • Data portability and, where applicable, the right to object to or restrict processing.
  • Withdraw consent at any time (for example, for photo processing) without affecting prior processing.
  • Manage optional communications and push notifications where offered.
  • Control uploads by choosing what photos to submit.
  • Lodge a complaint with your local data protection authority.
  • Additional rights may apply depending on your region (for example, GDPR/UK GDPR or CCPA/CPRA). Submit requests via the privacy contact below.

Children

Cherlume is not directed at children under 13 (or the minimum age required in your country), and we do not knowingly collect personal information from them.

Some AI features involving faces may require a higher minimum age in certain regions or app stores. Do not upload photos of children without the consent of a parent or guardian, and only where lawful.

International data transfers

Cherlume operates with providers located in different countries, including the United States. As a result, your information — including photos and prompts sent for AI processing — may be transferred to and processed outside your country, including outside the EEA/UK.

Where we transfer personal data internationally, we use appropriate safeguards (such as Standard Contractual Clauses) and select providers that maintain suitable protections consistent with this policy.

App store privacy disclosures

This policy reflects the data practices we declare in Apple’s App Privacy (“Privacy Nutrition Labels”) in App Store Connect and in Google Play’s Data Safety section. These declarations cover, for example, photos, purchases, app activity/analytics, identifiers, and diagnostics.

If our practices change, we update this policy and the corresponding store declarations.

Contact

Privacy questions or deletion requests: cherlume.app@gmail.com.