Privacy Policy

Effective date: May 1, 2026

Nootro Inc. ("we", "us", "our") operates the Nootro mobile application ("the App"). This Privacy Policy explains how we collect, use, store, and protect your information. By using the App, you consent to the practices described in this policy. You must be at least 13 years old to use Nootro.

1. Information We Collect

Account Information: When you create an account, we may collect your email address and display name. If you sign in with Apple or Google, we receive the name and email associated with that account.

Photos and Media: When you use AI-powered features (AI Editor, Magic Eraser, AI Enhance, AI Upscale, AI Filters), your photos are sent to our cloud servers for processing. Photos are processed in real-time and are not stored on our servers after processing is complete.

Purchase Information: When you subscribe or purchase tokens, we receive transaction details from Apple's App Store (we do not directly collect or store your payment card information).

Usage Data: We collect usage analytics including feature usage frequency, AI tool usage history, text prompts and instructions you submit to AI features, filter selections, session duration, device type, operating system version, app version, and crash reports. This data is linked to your account and used to improve our AI services and personalize your experience.

Device Information: We may collect device identifiers, language settings, and timezone for the purpose of providing and improving the service.

2. Face Data (on-device)

Nootro uses Apple's Vision framework to detect facial landmarks and face rectangles on-device for two features:

1. A real-time composition overlay in the camera that helps you frame your shot.
2. An optional Face Blur effect in the Photo Editor that applies a blur only to detected faces.

The face data consists solely of coordinate values (landmarks and rectangles) computed on your device by Apple's Vision framework. No facial image, facial template, or biometric identifier is created.

The data is held only in memory for the duration of a single video frame or render, and is then discarded. It is never written to disk, transmitted off the device, shared with third parties, or used for recognition, identification, advertising, profiling, model training, or analytics.

When you invoke an AI feature (AI Editor, AI Filter, AI Enhance, Magic Eraser, AI Upscale), only the photo you explicitly selected is sent to our processing backend — never the face landmarks or rectangles. The third-party AI providers we use (Google Gemini, Topaz Labs) receive the photo only to fulfill that single request and do not receive any face-coordinate data.

3. How We Use Your Information

• To provide and maintain the App's functionality
• To process your photos using AI features
• To manage your account, subscription, and token balance
• To send important service updates and notifications
• To improve our App and develop new features, including analyzing AI prompts and usage patterns
• To display relevant advertisements and promotional content
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

Legal Basis (GDPR): We process your data based on: (a) your consent, (b) performance of a contract (providing the service), (c) our legitimate interests (improving the App, preventing fraud), and (d) compliance with legal obligations.

4. Data Storage and Security

Your account data is stored securely using Google Firebase with encryption at rest and in transit. Photos sent for AI processing are transmitted over encrypted connections (HTTPS) and are not retained after processing. We implement industry-standard security measures to protect your data, but no method of transmission over the Internet is 100% secure.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Photos: Not stored after AI processing is complete. Photos exist in server memory only during the processing operation.
• Usage analytics: Retained in anonymized/aggregated form for up to 24 months for product improvement.
• Transaction records: Retained as required by applicable tax and financial regulations.

6. Third-Party Services and AI Subprocessors

Our backend forwards image and prompt data to the following third-party AI providers strictly for the purpose of fulfilling user-initiated AI features:

• Google LLC — Google Gemini API: Image analysis and generative image editing (used by AI Editor, AI Filter, Magic Eraser, AI Enhance, and analyze features). Region: us-central1.
• Topaz Labs, Inc. — Topaz Labs API: Image upscaling only (used by AI Upscale).

We configure our integrations with these AI providers to opt out of model training where the provider supports it, and rely on the privacy commitments published by each provider to protect your content. Photos are processed transiently and are not retained on our servers beyond the processing operation. All data is transmitted over HTTPS/TLS. We do not share user contacts, location, advertising identifiers, or analytics events with these AI providers.

We additionally use the following infrastructure and authentication services:

• Google Cloud Run (Google LLC): Hosts our backend service.
• Google Firebase (Google LLC): Authentication, Firestore database, push notifications, crash diagnostics, and Firebase Storage (used to host our app assets such as filter thumbnails — user photos are not uploaded to Firebase Storage).
• Apple Sign-In: Optional authentication method.
• Google Sign-In: Optional authentication method.
• Apple App Store: Subscription billing and in-app purchases.

A complete and current list of subprocessors is available at https://nootro.io/subprocessors.

7. Advertising and Analytics

Nootro may display advertisements from third-party advertising networks. These services may use tracking technologies (such as device identifiers and SDKs) to serve personalized ads based on your interests.

You can opt out of personalized advertising:

• iOS: Settings → Privacy & Security → Tracking — disable "Allow Apps to Request to Track"
• In-app: Nootro respects Apple's App Tracking Transparency (ATT) framework. If you decline tracking, you will still see ads, but they will not be personalized.

We currently use Firebase Analytics for anonymous usage statistics. Additional advertising and analytics SDKs may be integrated in future updates, and this policy will be updated accordingly.

8. Information Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service providers: Third-party companies that help us operate the App (cloud hosting, analytics, payment processing)
• Legal requirements: When required by law, court order, or governmental regulation
• Safety: To protect the rights, safety, or property of Nootro Inc., our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity

9. International Data Transfers

Your data may be processed on servers located in the United States (Google Cloud, us-central1 region). If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your data will be transferred internationally. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with applicable law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data and account
• Portability: Request your data in a structured, machine-readable format, where technically feasible
• Restriction: Request that we limit the processing of your data
• Objection: Object to processing based on our legitimate interests
• Withdraw consent: Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at info@nootro.studio. We will respond within 30 days (or as required by applicable law). You may also use the App without creating an account (anonymous mode) with limited functionality.

EEA/UK residents: You have the right to lodge a complaint with your local data protection supervisory authority.

11. Privacy Rights for U.S. Residents

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, Texas, or other U.S. states with consumer privacy laws, you have additional rights:

• Right to Know: What personal information we collect and how it is used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information for targeted advertising
• Right to Non-Discrimination: We will not deny service, charge different prices, or provide a different quality of service because you exercised your privacy rights

We do not sell your personal information. To submit a request, email info@nootro.studio. We will verify your identity and respond within 45 days.

12. Children's Privacy

Nootro is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal data, please contact us at info@nootro.studio.

13. Watermarking

Visible watermark (Free plan only): Images exported on the Free plan include a visible "NOOTRO" label in the corner of the image. This label is automatically removed when you upgrade to a paid subscription. Nootro does not embed any hidden, invisible, or steganographic data into your images.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we may also provide notice through the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Nootro Inc.
Email: info@nootro.studio