Privacy Policy

Effective date: March 25, 2026

Nootro Inc. ("we", "us", "our") operates the Nootro mobile application ("the App"). This Privacy Policy explains how we collect, use, store, and protect your information. By using the App, you consent to the practices described in this policy. You must be at least 13 years old to use Nootro.

1. Information We Collect

Account Information: When you create an account, we may collect your email address and display name. If you sign in with Apple or Google, we receive the name and email associated with that account.

Photos and Media: When you use AI-powered features (AI Editor, Magic Eraser, AI Enhance, AI Upscale, AI Filters), your photos are sent to our cloud servers for processing. Photos are processed in real-time and are not stored on our servers after processing is complete.

Purchase Information: When you subscribe or purchase tokens, we receive transaction details from Apple's App Store (we do not directly collect or store your payment card information).

Usage Data: We collect usage analytics including feature usage frequency, AI tool usage history, text prompts and instructions you submit to AI features, filter selections, session duration, device type, operating system version, app version, and crash reports. This data is linked to your account and used to improve our AI services and personalize your experience.

Device Information: We may collect device identifiers, language settings, and timezone for the purpose of providing and improving the service.

Digital Watermark: All images processed through our AI features contain an invisible digital watermark embedded in the image data. This watermark encodes a hashed identifier linked to your account and a timestamp. The watermark is used for content authenticity verification and intellectual property protection.

2. Face Data

Some features of Nootro process photos that may contain human faces. We want to be transparent about how we handle this data:

• Nootro does not perform facial recognition or create biometric identifiers or templates
• Face detection is used on-device only (via Apple Vision framework) for composition analysis and is never sent to our servers for identification purposes
• Photos containing faces sent to AI features are processed solely for the requested editing operation and are not retained after processing
• We do not build facial profiles, databases, or use face data for advertising purposes

3. How We Use Your Information

• To provide and maintain the App's functionality
• To process your photos using AI features
• To manage your account, subscription, and token balance
• To send important service updates and notifications
• To improve our App and develop new features, including analyzing AI prompts and usage patterns
• To embed digital watermarks in AI-processed images for content authenticity and intellectual property protection
• To display relevant advertisements and promotional content
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

Legal Basis (GDPR): We process your data based on: (a) your consent, (b) performance of a contract (providing the service), (c) our legitimate interests (improving the App, preventing fraud), and (d) compliance with legal obligations.

4. Data Storage and Security

Your account data is stored securely using Google Firebase with encryption at rest and in transit. Photos sent for AI processing are transmitted over encrypted connections (HTTPS) and are not retained after processing. We implement industry-standard security measures to protect your data, but no method of transmission over the Internet is 100% secure.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Photos: Not stored after AI processing is complete. Photos exist in server memory only during the processing operation.
• Usage analytics: Retained in anonymized/aggregated form for up to 24 months for product improvement.
• Transaction records: Retained as required by applicable tax and financial regulations.

6. Third-Party Services

We use the following third-party services that may collect data:

• Google Firebase: Authentication, Firestore database, Analytics
• Google Cloud Run: AI photo processing infrastructure (Google Gemini API)
• Apple Sign-In: Optional authentication method
• Google Sign-In: Optional authentication method

AI photo processing is performed via Google Gemini API. While Nootro does not store your photos after processing, third-party AI providers may have their own data handling and retention policies. We encourage you to review the privacy policies of the third-party services listed above.

7. Advertising and Analytics

Nootro may display advertisements from third-party advertising networks. These services may use tracking technologies (such as device identifiers and SDKs) to serve personalized ads based on your interests.

You can opt out of personalized advertising:

• iOS: Settings → Privacy & Security → Tracking — disable "Allow Apps to Request to Track"
• In-app: Nootro respects Apple's App Tracking Transparency (ATT) framework. If you decline tracking, you will still see ads, but they will not be personalized.

We currently use Firebase Analytics for anonymous usage statistics. Additional advertising and analytics SDKs may be integrated in future updates, and this policy will be updated accordingly.

8. Information Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service providers: Third-party companies that help us operate the App (cloud hosting, analytics, payment processing)
• Legal requirements: When required by law, court order, or governmental regulation
• Safety: To protect the rights, safety, or property of Nootro Inc., our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity

9. International Data Transfers

Your data may be processed on servers located in the United States (Google Cloud, us-central1 region). If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your data will be transferred internationally. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with applicable law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data and account
• Portability: Request your data in a structured, machine-readable format, where technically feasible
• Restriction: Request that we limit the processing of your data
• Objection: Object to processing based on our legitimate interests
• Withdraw consent: Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at info@nootro.studio. We will respond within 30 days (or as required by applicable law). You may also use the App without creating an account (anonymous mode) with limited functionality.

EEA/UK residents: You have the right to lodge a complaint with your local data protection supervisory authority.

11. Privacy Rights for U.S. Residents

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Texas, or other U.S. states with consumer privacy laws, you have additional rights:

• Right to Know: What personal information we collect and how it is used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information for targeted advertising
• Right to Non-Discrimination: We will not deny service, charge different prices, or provide a different quality of service because you exercised your privacy rights

We do not sell your personal information. To submit a request, email info@nootro.studio. We will verify your identity and respond within 45 days.

12. Children's Privacy

Nootro is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal data, please contact us at info@nootro.studio.

13. Watermarking

Visible watermark: Images exported by users on the Free plan include a visible Nootro watermark. This watermark is removed when the user upgrades to a paid subscription.

Invisible digital watermark: Nootro may embed invisible digital watermarks into all images processed through the App (regardless of subscription plan) for the purposes of content authenticity verification and intellectual property protection. These watermarks do not contain personal information and are not visible to the human eye.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we may also provide notice through the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Nootro Inc.
Email: info@nootro.studio