Privacy Policy

Updated & Effective Date: June 19, 2025

Entity: Guangxi Bili Time Network Technology Co., Ltd.

App: PicDoai

Thank you for trusting and using PicDoai’s products and services! Guangxi Bili Time Network Technology Co., Ltd. and its affiliates ("we", "us") understand the importance of your personal information and are committed to protecting its security and confidentiality. Please read this Privacy Policy carefully. Certain sections are bolded for emphasis because they may significantly affect your rights and involve the processing of sensitive personal information. If you do not agree with this Privacy Policy, you may be unable to use some features.

This Privacy Policy applies to all our products and services unless a specific product or service provides its own privacy policy, which will prevail. Matters not covered in a product‑specific policy will be governed by this Privacy Policy. This Policy only applies to personal information we collect and does not apply to any third party’s collection, storage, or use of your information. When using third‑party services, please review their terms and privacy policies.

We adhere to the principle of data minimization and process personal information only when necessary to provide requested features.

1. Scope & Summary
2. How We Collect & Use Personal Information
3. Facial Data Policy (iOS)
4. Cookies & Similar Technologies
5. Sharing, Transfer & Public Disclosure
6. Your Rights & Controls
7. Data Storage, Security & Retention
8. Children’s Privacy
9. Changes to This Policy
10. Contact Us

1. Scope & Summary

This Policy explains what data we collect, how we use it, and how you can control it. Below is a quick summary:

We do not permanently store facial data. Facial feature points extracted from user‑provided photos are used only to generate the face swap effect and are deleted immediately after processing.
Generated outputs (images/videos) may be temporarily cached to deliver them to you and are deleted within 24 hours.
We do not sell facial data or share it with third parties for their own purposes.
You can request access, correction, or deletion of your account and data; revoke permissions; and manage settings in the app.

2. How We Collect & Use Personal Information

We collect different types of personal information depending on the feature you use. The following table summarizes scenarios, data types, and purposes.

Scenario / Feature	Personal Information Collected	Purpose
Registration / Login	Mobile number	Provide services to registered users and ensure account security
Third‑Party Login	Third‑party account info, mobile number, device info	Authorize login via third‑party accounts
Playback	Device model/name, unique device ID, hardware serial number, browser type/settings, OS & app version, IP address, network data	Display audio/video content
Caching	Device info, storage permissions	Download audio/video content
Search	Device info, logs	Search content
Feedback	Account info, mobile number, device info	Allow users to submit feedback and receive replies
Customer Service	Account info	Communicate with users
Payment / Subscriptions	Device info, payment channel user ID (e.g., Apple ID), network info, installed apps when required	Enable and manage membership services
Advertising & Attribution	IMEI, IMSI, MAC address, Android ID, IDFA (where applicable)	Marketing campaigns and attribution (subject to platform policies)
Security	Account info, transaction info, device info, logs, installed apps, running processes (where required)	Account/system security and environment safety

We will only request permissions necessary for specific features. You may revoke permissions at any time via your device settings; revocation may disable certain features but will not affect others.

3. Facial Data Policy (iOS)

We do not permanently store any facial data. When you choose to use the face swap feature, the following applies:

3.1 Collected Data

Only minimal facial feature points (e.g., coordinates for eyes, nose, mouth) extracted from the photo you upload.

3.2 Purpose

Exclusively to generate the requested face swap effect by mapping detected feature points onto a selected template.

3.3 Processing Flow

Your selected photo is transmitted via encrypted channels to our secure servers.
Facial feature points are detected in real time and applied to the chosen template to generate the effect.
Immediately after processing, the uploaded photo and detected facial feature points are deleted and are not stored persistently.
The generated output (image or video) may be temporarily cached to deliver it to you and is permanently deleted within 24 hours.

3.4 Sharing with Third Parties

We do not sell or share facial data with any third parties for their independent use. Our cloud infrastructure providers (if any) act solely as processors under our instructions and do not retain facial data beyond transient processing necessary to provide the service.

3.5 Storage Location & Security

Face data is processed on our secure servers. We implement industry‑standard security measures, including encryption in transit, access controls, and least‑privilege principles. No facial data is stored after processing. Output files are deleted within 24 hours.

3.6 User Controls

You may delete generated outputs at any time from within the app.
You may choose not to use the face swap feature; no facial data will be processed in that case.

Where to find this in our Policy (for App Review): See Section 3. Facial Data Policy (iOS) and Section 7. Data Storage, Security & Retention. Key statement: “We do not permanently store any facial data. Uploaded photos and detected facial feature points are deleted immediately after processing. Generated outputs may be temporarily cached but are permanently deleted within 24 hours. We never sell facial data, and we do not share it with third parties for their own purposes.”

4. Cookies & Similar Technologies

We may use cookies, local storage, and similar technologies to remember settings, maintain sessions, improve performance, and perform analytics. You can control cookies via your device/browser settings; disabling cookies may impact functionality.

No selling of personal data.
We may share personal information with service providers that process data on our behalf (e.g., payment channels, analytics, cloud hosting). These providers are bound by contracts that limit use of data to our instructions and require appropriate safeguards.
Facial data is not shared with third parties for their own purposes and is not retained after processing (see Section 3).
We may disclose information to comply with laws, regulations, legal process, or governmental requests; to protect our users; to maintain security; or in connection with a merger, acquisition, or asset sale (with notice where required).

6. Your Rights & Controls

Access & Portability: Request a copy of your personal information.
Correction: Request correction of inaccurate information.
Deletion: Request deletion of your account/data (subject to lawful retention obligations for transactions and fraud prevention).
Consent Management: Revoke permissions (e.g., camera, photos) in your device settings; disable certain features in‑app.
Appeal: If you believe your privacy rights have not been respected, contact us (see Section 10).

Account Deletion: You can delete your account via Profile → Settings → Delete Account (if available in your region). If you cannot access this option, email us at chenglu@tomome.com with the subject “Account Deletion – PicDoai”. We will verify your request and delete your account within a reasonable time frame.

7. Data Storage, Security & Retention

7.1 Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit, controlled access, monitoring, and secure deletion procedures.

7.2 Retention

Facial Data: Not stored after processing; deleted immediately. Generated outputs are deleted within 24 hours. Reason: Provide the requested result to the user and ensure reliable delivery.
Account / Transaction Data: Retained only as long as necessary to provide services and as required by applicable laws (e.g., tax/accounting obligations typically 3–7 years).
Logs & Security Data: Retained for a limited period to ensure service integrity and detect fraud or abuse, then deleted or anonymized.

8. Children’s Privacy

Our services are not directed to children where parental consent is legally required. We do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us (Section 10) so we can take appropriate action.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with its effective date. Material changes will be communicated through in‑app notices or other appropriate means.

10. Contact Us

If you have questions or concerns about this Privacy Policy or the security of your personal information, contact us:

Email: chenglu@tomome.com
Phone: +86 13590122712
Company: Guangxi Bili Time Network Technology Co., Ltd.

Contents