Privacy Policy

Effective Date: May 18, 2026 Last Updated: May 18, 2026

This Privacy Policy explains what data Resembly ("we", "us", "our") processes when you use the Resembly mobile application and the website operated under the domain resembly.cc (collectively, the "Service"), why we process it, with whom we share it, and how long it is retained.

Resembly is an AI photo-generation application: you choose a stylized scene from an in-app catalog, attach one to four personal photos as "subjects", and a server-side generative model produces a new image in which your subjects appear within the chosen scene. This Privacy Policy should be read together with the Terms of Service.

Our core principle: we process the minimum data necessary to operate the Service, secure it against abuse, and meet legal and platform obligations.

1. Data Controller

For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA) and analogous laws, Resembly acts as the data controller for the processing described in this Privacy Policy.

For data protection inquiries: [email protected].

2. No Account, No Identity Profile

The Service does not require account creation. We do not ask for, and do not collect:

• Name, email, phone number, postal address.
• Social-login identifiers.
• Apple ID credentials. Authentication of purchases is performed by Apple; we never see your Apple ID credentials, password, or email address.
• A unified user profile across our products. The Service does not have one.

The Service operates entirely on top of Apple In-App Purchase, the device's local storage and our own backend, without any cross-product identity layer.

3. Data We Process

This section lists every category of data the application sends off the device. If a category is not listed here, the Service does not transmit it.

3.1 Your Photos (subjects and generation outputs)

When you start a generation, the application uploads your selected subject photos directly to our object-storage provider over an encrypted connection, using time-limited access links. Each subject photo passes through a mandatory in-app face-crop step before upload, where you manually frame the face with a circular indicator. The Service uploads the framed crop geometry alongside the photo bytes.

The generative model then produces a new image, which is also stored with our object-storage provider and downloaded by the application for display and saving to your device's Photos library.

To select subject photos, the application uses iOS permissions for the photo library and, where you choose to take a new photo, for the camera. These permissions are used solely to let you pick or capture a photo to submit as a subject. The application does not scan, index or read your photo library beyond the items you explicitly select, and does not access the camera at any other time.

We do not perform face recognition, face matching, identity verification or any other biometric identification on these photos. The circular face crop is a layout hint for the generative model only — it tells the model where the subject's face is, not who the person is. For clarity under the GDPR: we do not generate a biometric template that could uniquely identify a person, and we do not use the photos as a basis for any decision affecting you.

3.2 Device and Transaction Identifiers

Each request to our backend carries a small set of headers that identify the device and, where applicable, an active subscription:

• A device identifier (a random value generated when you first launch the application and kept in secure system storage on your device). It is not derived from any Apple identifier and cannot be linked to other Resembly users.
• A request timestamp.
• A technical token that the application uses to authenticate its requests to our backend.
• For users with an active subscription, Apple's subscription identifier. We use it to recognize that this device has an entitled subscription and to keep that entitlement consistent across the user's other devices signed in with the same Apple ID.

We do not send Apple ID, full receipt contents, or names. We do not link the device identifier to any external identifier.

3.3 Purchase Confirmation Data

When you purchase a subscription, Apple provides the application with a signed transaction. The application forwards that transaction to our backend so we can validate it server-side and grant the corresponding credits. We retain the transaction reference and the resulting entitlement state, not your payment details. Apple processes the payment itself; we do not see your card number, billing address, or Apple ID balance.

3.4 Error Reports

If the application encounters an unexpected error, a structured error report may be sent to our backend. A report contains: error type and severity, a short message, a relevant status code (if any), the device model and operating system version, the application version and the request timestamp.

Error reports do not contain photos, generation results, or content of your requests. They contain the device identifier described in §3.2 so we can group errors by device and detect recurring issues.

The application does not use any third-party crash-reporting SDK. Standard iOS crash logs may be accessible to us only to the extent you have opted in to share analytics with developers at the iOS level, in which case Apple aggregates and delivers them to us.

3.5 Analytics

The Service uses Google Firebase Analytics to understand aggregate product usage (for example, how many people open the paywall, how many generate at least once, how many save a result). Analytics events do not include your photos or generated images.

Firebase may receive a Firebase-internal instance identifier (managed by Firebase internally; Firebase resets it under conditions it defines) and standard mobile diagnostics (OS version, device model, application version, broad locale and country). The Firebase instance identifier is not linked to the device identifier described in §3.2 on our side. Firebase Analytics is configured without advertising identifiers and without cross-app tracking.

The application does not use Apple's App Tracking Transparency (ATT) framework and does not request access to the Identifier for Advertisers (IDFA). We do not track you across other apps or websites owned by third parties.

3.6 On-device Preferences

Your interface language, your in-progress slot selections (chosen scene and the subject photos with their face crops that you have not yet submitted as a generation) and other UX state are stored locally on the device (in the application's local storage and in secure system storage provided by iOS for sensitive values such as the device identifier). They are not transmitted to our backend or third parties.

3.7 Website (resembly.cc)

The marketing website operated under resembly.cc serves the Terms of Service, this Privacy Policy and basic product information. It currently does not set marketing, advertising, or analytics cookies, and does not track visitors. Strictly necessary cookies that may be set by the hosting infrastructure for the site to function are not used for tracking or profiling.

4. Legal Bases (GDPR / UK GDPR)

For users in the EU, the UK and other jurisdictions where the GDPR or analogous laws apply, the legal bases we rely on are:

• Performance of a contract (Article 6(1)(b)): processing subject photos to generate the result, validating subscriptions, granting credits, providing the application.
• Our legitimate interests (Article 6(1)(f)): preventing abuse and fraud, debugging crashes, understanding aggregate product usage, securing the Service. These interests are balanced against your privacy as described in this Privacy Policy.
• Compliance with a legal obligation (Article 6(1)(c)): retaining minimum records required by tax, consumer-protection and platform-policy obligations.

We do not rely on consent to process the categories of data described in §3 (we do not need it for the Service to function). If we ever introduce a feature that requires consent — for example, optional use of your photos for model training — we will request that consent explicitly inside the application and not assume it from your continued use of the Service.

5. How We Use Your Data

We use the data described in §3 strictly for the following purposes:

• To generate the requested image (uploading the subject, calling the AI model, returning the result).
• To enforce content moderation and platform safety (see §6).
• To recognize and synchronize your subscription entitlement across your devices.
• To meter credits, refund credits for failed requests, and produce accurate billing records.
• To debug and fix crashes and failed requests through error reports.
• To understand aggregate product usage and improve the Service.
• To detect and prevent abuse, fraud and circumvention of credit accounting.

We do not use your photos, subjects, or generation results to train any AI model. We do not share or sell your photos to third parties.

6. AI Generation and Content Moderation

6.1 No Model Training on Your Content

Subject photos, face-crop coordinates and generated images are used only to produce the result you requested. They are not used to train, fine-tune or evaluate any generative model, classifier or scoring system. We do not share these images with model providers for training purposes.

6.2 Automated Content Moderation

Subject photos and generation requests are screened by automated content moderation before and during AI processing. Moderation may reject a request that appears to involve, for example, explicit material, depictions of minors in unsafe contexts, or attempts to impersonate identifiable persons without consent.

When moderation rejects a request, the image is not used for generation, the credit (if already reserved) is returned to your balance, and you can submit different content. A rejection is an automated decision and does not by itself imply wrongdoing on your part.

You can request human review of a moderation rejection by writing to [email protected] and describing the rejected request (date, approximate time, type of content). As a matter of good practice, and to the extent Article 22 of the GDPR applies to a given decision, we will treat such a request as a request for human review of an automated decision.

6.3 Face Crop Is Not Biometric Identification

The Service does not run face recognition, face matching, age estimation or any other biometric identification or categorization. The circular crop you draw on each subject photo is a manual layout indicator, not an identification feature.

7. Third-Party Processors and Where Data Is Processed

The Service relies on a small number of trusted third-party processors. Each receives only what it needs to perform its part:

• Apple Inc. — distribution of the application, payment processing, subscription verification, optional iOS-level diagnostics. Apple is an independent controller for its own purposes (payment, billing, App Store operation). Apple's Privacy Policy applies to data Apple collects directly: apple.com/legal/privacy.
• Cloudflare, Inc. — object storage for uploaded subject photos and generated results, served from Cloudflare's global infrastructure. Cloudflare processes this data on our instructions as our processor.
• Google LLC — aggregate product analytics through Firebase Analytics. Google processes the data described in §3.5 on our instructions. The analytics service is configured without advertising identifiers and without cross-app tracking.

We do not share data with advertisers, data brokers, or marketing networks. We do not sell personal information within the meaning of the CCPA / CPRA.

8. Data Retention

We keep each category of data only as long as we need it for the purpose described above.

• Subject photos and generated images in object storage: automatically deleted by storage lifecycle rules within a few days after the generation job completes. The application itself treats a job as inactive a short time after creation, after which it no longer attempts to poll or retry.
• Job metadata on our backend: retained for as long as needed to provide history within the application and to reconcile credit accounting; rolled over to a long-term log shortly after the generation completes. References to media in long-term logs remain associated with the deleted object — they are not actionable once the object is gone.
• Upload and download links for media: time-limited, expire within a short window after issuance.
• Error reports: retained for a limited period (typically up to a month) for debugging.
• Analytics events: retained per the analytics provider's defaults; we do not configure long-term retention beyond what is required for trend analysis.
• Subscription / transaction records: retained for as long as we need them to verify entitlements, resolve refund or billing disputes, and meet legal / tax obligations.
• Device identifier (§3.2): exists for as long as the application is installed on your device and is removed when you uninstall the application.

9. International Data Transfers

Resembly operates internationally. Depending on the routing decisions of Cloudflare, Firebase and Apple, your data may be processed in data centers located outside your country of residence, including in the United States or other jurisdictions whose data protection laws may differ from yours.

For transfers from the European Economic Area, the United Kingdom or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards provided by our processors, including the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented where relevant by additional technical measures such as encryption in transit, access controls and time-limited access links.

You can request a copy of the safeguards applicable to a given processor by contacting [email protected].

10. Your Rights

Depending on where you reside, you may have the following rights with respect to your personal data:

• Access — request confirmation of whether we process data relating to you and a copy of that data. Given the minimal-data design of the Service (see §3), the data returned is typically limited to your subscription and transaction records, error reports associated with your device identifier, and aggregate analytics that cannot be directly linked back to you.
• Rectification — ask us to correct inaccurate data.
• Erasure ("right to be forgotten") — ask us to delete data we hold about you.
• Restriction — ask us to limit processing in certain circumstances.
• Objection — object to processing based on our legitimate interests.
• Portability — receive your data in a structured, commonly used, machine-readable format.
• Withdraw consent — if processing is based on consent, you can withdraw it at any time (with prospective effect).
• Lodge a complaint — with a supervisory authority in your country of residence.

For California residents, the CCPA / CPRA gives you the right to know what personal information we collect, to request its deletion, to correct inaccurate information, and to opt out of sale or share of personal information (we do not sell or share personal information within the meaning of the CCPA / CPRA, so there is nothing to opt out of).

Sensitive personal information. Under the CPRA, photos of identifiable individuals you submit to the Service may qualify as sensitive personal information. We use and retain such information solely for the purposes described in this Privacy Policy and not for any secondary purpose. Where applicable law gives you the right to limit our use of sensitive personal information, our use is already limited to the purposes for which it was collected.

How to exercise these rights

Because the Service does not maintain accounts, your data is linked to a device identifier (§3.2) and, if you have an active subscription, to Apple's subscription identifier for that purchase. To process a request, we may ask you to provide, from the device used with the Service: a copy of a recent Apple receipt for the subscription, or a screenshot of the in-app settings screen that shows your device identifier. We use this only to verify the request.

Send requests to [email protected]. We respond within the timeframes required by applicable law (in the EU / UK, typically one month; in California, typically forty-five days).

11. Children's Privacy

The Service is not directed to children. By using the Service you confirm that you are at least 17 years old, or the age of majority in your jurisdiction, whichever is higher.

We do not knowingly collect or process personal data from children below this age. If you believe we have inadvertently received data from a child, please contact us at [email protected] and we will delete such data without undue delay.

12. Security

We implement reasonable technical and organizational measures to protect data, including:

• Encryption in transit for all network traffic between the application, our backend, our storage provider and our analytics provider.
• Technical measures to authenticate that a request originates from a legitimate copy of the application.
• Time-limited access links for uploading and downloading media.
• Storage of sensitive on-device values in secure system storage provided by your device's operating system.
• Server-side storage lifecycle rules that automatically delete generation artifacts.
• Operational monitoring and abuse-prevention mechanisms.

No security measure is perfect. If you become aware of a security issue affecting the Service, please report it to [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect new features, changes in our processing, or changes in applicable law. Updated versions will be published on our website and made available within the application. Material changes will be highlighted in the application or by other reasonable means.

Continued use of the Service after a revised version becomes effective constitutes acknowledgement of the revised Privacy Policy. Where consent is required for a particular change, we will request it separately.

14. Contact

For any question about this Privacy Policy or about our processing of your data:

Resembly Email: [email protected] Website: https://resembly.cc