Comapps Privacy Policy

Welcome

At COMAPPS, we believe it's important that everyone, regardless of their situation, can obtain secure and private access to the internet. We always aim to provide this access without compromising the privacy of our customers. This Privacy Policy describes how we process and handle data provided to COMAPPS in connection with your use of our products, services, apps, and websites that link to this policy (we refer to these collectively as our "services"). In this policy, COMAPPS," "we," "us," and "our" refer to the COMAPPS LLC company that is responsible for your data.

Information security and privacy are at the heart of what COMAPPS values and promotes as a company. As such, we think it's important to be transparent about how we handle your information. That level of transparency also makes for a lengthy document, but we've tried to make it more readable by organizing it into a logical structure and by using plain language. COMAPPS offers a variety of services, and certain services may process data differently, or in additional ways, to other services and what's described in this policy. We note these differences in Product Privacy Notices that are specific to such services, in product documentation, or inside products themselves at places where such information is relevant. This policy uses the term "personal data" to refer to information that is related to an identified or identifiable natural person and is protected as personal data under applicable data protection law.

Business Customers

Some of COMAPPS's services are offered to businesses. For those services, our customer is a business or other organization who may authorize individual end users to use the services that it has purchased from us. Where an organization is our customer, it may maintain accounts with COMAPPS through which it and its users may submit information ("Customer Data"). That organization typically controls those accounts and any associated Customer Data. In this case, COMAPPS is generally a processor of Customer Data and the organization is the controller.

1. What information do we collect about you?

This section describes the various types of information we collect from and about you. This information is not collected in all situations, but only in specific situations. To understand the context in which collection occurs, see Section 2 (How do we use your information?) and our Product Privacy Notices. More information about some of the mechanisms we use to collect this information, such as cookies, is available in Section 4 (Tracking Technologies & Cookies).

1.1. Information you provide to us

Account information. Some services require or allow you to create an account before you can access them. As part of registering for an account, we may collect information such as your name, username, email address, and password.
Billing and payment information. In order to purchase a service, you may need to provide us with details such as billing name, billing contact details (street addresses, email addresses), and payment instrument details.
Identity verification information. Some services require you to verify your identity as part of creating an account to access them. We may collect information such as email addresses or phone numbers for this purpose.
Communications and submissions. You may choose to provide us with information when you communicate with us (e.g. via email, phone, or chat for support or to inquire about our services), including when you fill out an online form, respond to surveys, provide feedback, post comments to our website, participate in promotions, or submit information through our services.
AI Input Content. When you use AI-based features, we collect content that you provide for processing, such as photos, images, and text prompts (referred to as "Input Content").

1.2. Information collected when you use our services

Usage information. We collect information about how you interact with our services, how much bandwidth you use, and when and for how long you use our services.
Device information. We collect information from and about the device you use to access our services, including about the browsers and COMAPPS apps you use to access our services. For example, we may collect device identifiers, browser types, device types and settings, operating system versions, mobile, wireless, and other network information (such as internet service provider name, carrier name and signal strength), and application version numbers.
Diagnostic information. We may collect information about the nature of the requests that you make to our servers (such as what is being requested, information about the device and app used to make the request, timestamps, and referring URLs).
Location information. Unless otherwise expressly stated, we do not collect your location information based on your device's GPS or other device sensor data. However, we may collect your approximate location by calculating an imprecise latitude and longitude based on your IP address to provide you with better service (e.g. to connect you to the nearest and fastest server).

1.3. Information provided to us by third parties

Referrals. If you are invited to use an COMAPPS service, the person who invited you may submit your personal data, such as your email address or other contact information.
Third Party Accounts. Some services may allow you to register an account using a third party account (such as a Google or Microsoft account). If you do so, that third party may send us some information about you that they have. You may be able to control what information they send us via your privacy settings for that third party account.
Threat Information. We receive information from reputable members of the security industry who provide information to help us to provide, develop, test, and improve our services (for example, lists of malicious URLs, spam blacklists, phone number blacklists, and sample malware). Some of this information may contain personal data on an incidental basis.
Business Customers. Organizations that use our business and enterprise products may submit personal data to facilitate account management and invite individuals to use those products.

Certain types of data described above may be used in connection with AI-based features of the App and may be shared with third-party AI service providers as described in Section 3. We may require certain information to provide our services. If you choose not to provide such information, some features of the App may not be available. You generally do not have a duty to disclose personal data to us unless you have a contractual obligation to us to do so. However, we need to collect and process certain information that is necessary or legally required in order to provide the services to you or otherwise perform our contractual relationships with you.

2. How do we use your information?

2.1. In General

We use the information we collect for various purposes described below.

To provide, maintain, troubleshoot, and support our services. We use your information for this purpose on the basis that it is required to fulfill our contractual obligations to you. Examples: using information about how much bandwidth you use and how long you use our services in order to provide the services in accordance with a plan to which you have subscribed; using threat and device information to determine whether certain items pose a potential security threat; and using usage information to troubleshoot a problem you report with our services and to ensure the proper functioning of our services.
For billing and payment purposes. We use your information in order to perform billing administration activities and process payments, which are required to fulfill our contractual obligations.
To communicate with users and prospective users. We use your information to communicate with you, including by responding to your requests, and sending you information and updates about our services. We may do this in order to fulfill our contract with you, because you consented to the communication, or because we have a legitimate interest in providing you with information about our services.
To improve our services. We want to offer you the best services and user experiences we can, so we have a legitimate interest in continually improving and optimizing our services. To do so, we use your information to understand how users interact with our services. Examples: we analyze certain usage, device, and diagnostic information to understand aggregated usage trends and user engagement with our services (and, for example, invest in technical infrastructure to better serve regions with increasing user demand); we may use device and threat information to conduct spam, threat, and other scientific research to improve our threat detection capabilities; we review customer feedback to understand what we could be doing better.
To develop new services. We have a legitimate interest in using your information to plan for and develop new services. For example, we may use customer feedback to understand what new services users may want.
To market and advertise our services. We may use your information to provide, measure, personalize, and enhance our advertising and marketing based on our legitimate interest in offering you services that may be of interest. Examples: we may use information such as who or what referred you to our services to understand how effective our advertising is; we may use information to administer promotional activities such as sweepstakes and referral programs.
To prevent harm or liability. We may use information for security purposes (such as to investigate security issues or to monitor and prevent fraud) and to prevent abuse. We may do this to comply with our legal obligations, to protect an individual's vital interests, or because we have a legitimate interest in preventing harm or liability to COMAPPS and our users. For example, we may use account, usage, and device information to determine if an entity is engaging in abusive or unauthorized activity in connection with our services.
For legal compliance. We internally use your information as required by applicable law, legal process, or regulation. To learn about our practices regarding sharing your information with third parties for legal compliance purposes, see Section 3.1 below. We also use your information to enforce our legal rights and resolve disputes.

2.2. How we process your Input Content

When users request the generation of AI-based content, the photos, images, or text prompts they upload (which may contain facial features, referred to as "Photos", including "face data") are securely transmitted to our backend servers to enable processing.

Face data refers to any visual information contained in photos or images that may include a person’s face. This data is processed strictly and solely for the purpose of generating AI-based features requested by the user (such as “Effects,” “Photoshoots,” “Restore,” or “AI Photo.”).

Face data is not used for:

identification of individuals;
biometric recognition or authentication;
profiling or behavioral analysis;
tracking users across apps, services, or websites;
advertising or marketing purposes.

Face data processed by the App is not used to identify a specific individual and is not treated as biometric identification data.

All processing occurs only after the user provides explicit consent within the App.

To provide the requested functionality, user Input Content (including Photos and face data) may be temporarily processed and stored on secure servers and cloud infrastructure.

Such data is retained only for as long as necessary to generate the requested content, in accordance with Section 7 (Data Retention). In most cases, this data is deleted shortly after processing (typically within a short period such as 24 hours), unless a longer retention period is required for technical, legal, or security reasons.

We do not store face data indefinitely.

Once the requested content is generated, the original input files are deleted in accordance with our retention policies.

The generated content may remain available within the app for a limited period or until the user deletes it.

We do not use Photos, face data, or generated content for any purposes beyond what is necessary to provide the requested AI-based functionality.

We do not sell, rent, or trade your Photos, face data, or other Input Content.

Where necessary, Input Content (including face data) may be shared with trusted third-party AI service providers strictly for the purpose of generating the requested content, as described in Section 3.3.

3. Who do we share your information with and why?

3.1. In General

We may disclose your information in the following circumstances. This may include sharing data with third-party AI service providers as further described in Section 3.3.

In accordance with your instructions or consent. For example, some services may allow you to register an account using a third party account (such as a Google or Microsoft account). If you choose to do so, we will share information with the third party account provider.
To your business organization (for our business services). If a business customer is providing you with access to our services through a business account, others in that organization may be able to see and manage your account and the information associated with it (such as an administrator).
For collaborating with others. Some services may provide ways for different users to interact or collaborate with each other. Your information will be shared in connection with those activities if you choose to engage in them.
Affiliates and third party service providers. To help us provide some aspects of our services, we work with trusted third parties and partners. To protect your data, we enter into appropriate confidentiality and data processing terms with these third parties, review their security practices, and limit information sharing to the scope of what they are helping us with. Examples of activities that third parties help us with include: providing analytics about our services, providing sales and customer support, maintaining the infrastructure required to provide our services, delivering our marketing and advertising content.
For security research purposes. A sanitized subset of our threat intelligence data may be shared with selected reputable members of the cybersecurity industry for the purpose of security threat research and facilitating community efforts to improve online security.
Aggregated or de-identified data. We may use and share aggregated data and data that is de-identified such that it no longer reveals the identity of an individual user for regulatory compliance, research and analysis, our own marketing and advertising activities and other legitimate business purposes.
To comply with the legal process and the law. We are fiercely protective of the privacy of our users. We may share your information if we are required to do so by applicable law; to comply with our legal obligations; to comply with legal process; and to respond to valid law enforcement requests relating to a criminal investigation, or alleged or suspected illegal activity that may expose COMAPPS, you, or any of our other users to legal liability. If we share your information for these purposes, we limit the information shared to what is legally necessary, and challenge information requests that we believe are unlawful, overbroad, or otherwise invalid.
To enforce our rights and prevent fraud and abuse. We may share limited amounts of your information to enforce and administer our agreements with customers and users, and to respond to claims asserted against COMAPPS. We may also share your information in order to protect against fraud and abuse against COMAPPS, our affiliates, users and others.

3.2. Free Products Only

Displaying Third Party Ads. We do not display third party ads in our paid products. With respect to our free mobile apps and other free products, we may serve third party ads to users in certain regions. Although the money we make from displaying these ads offsets only part of the costs of making these apps and services available for free, we provide free apps because we believe it's important that everyone has the opportunity, regardless of their situation, to have secure and private access to the internet.

We do not provide Ad networks with any personal data about you, except for an approximate city-level latitude and longitude which lets them show ads which are more relevant for your approximate geographic location. However, Ad networks may collect information through their SDKs, such as your mobile advertising identifier, IP address, and device information, for the purpose of serving you with "personalized" ads (ads that they think are more relevant to you) and measuring your response to those ads. Because we do not provide ad networks with personal data about you (apart from city-level location), Ad networks personalize ads based on information that they collect from you and that they already have about you - not based on information we share with them.

While we request you not to use ad blockers to prevent the display of third party ads because that is how we support our free services, our services are able to continue functioning if you do use ad blockers.

3.3. Data Transfer to Third-Party AI Service Providers

By voluntarily submitting any User Content (Input Content) and/or utilizing the AI-based features within the App, you explicitly consent to the transfer of your data to the third-party AI service providers listed below. This data transfer is executed solely for the purpose of generating AI-created User Content (Output Content). The transfer of data is strictly regulated and limited to the following conditions (specifying the recipients and the type of data):

Photos and Images (Input Content): May be transferred to Nano Banana and/or PixVerse (MOTIVAI PRIVATE LIMITED) when you select AI-based features such as "Effects," "Photoshoots," "Restore," or "AI Photo."
Text (Input Content): May be transferred to Nano Banana and/or PixVerse (MOTIVAI PRIVATE LIMITED) when you select AI-based features such as "Effects," "Restore," or "AI Photo."
Output Content: Output Content is generated either by COMAPPS' own systems or, where applicable, by third-party AI service providers such as Nano Banana and/or PixVerse (MOTIVAI PRIVATE LIMITED), and is then returned to the App.

Automatic Provider Selection

By using the AI features in our App, you acknowledge and agree that your User Content (Input Content) will be automatically routed to one of the AI service providers detailed above. The App independently selects the most suitable provider for each request to ensure the highest possible quality and relevance of the Output Content. Data is transferred only when you actively use AI-based features and submit Input Content.

Necessity of Processing and Opt-Out

This data processing is strictly necessary for the core functionality of the App-specifically, the generation of AI content. If you do not agree to share your data with these third-party AI providers, please manage your Data Sharing Consent in the App settings. This processing is necessary to provide the core functionality of the App.

Data Security Guarantees

We confirm that all third-party AI-generated content providers apply the same or an equivalent level of data protection as described in this policy (see Section 3.4 for more details). Input Content you provide is processed solely to generate the requested Output Content (for example, creating "AI Photo" feature). We do not use the photos or the resulting Output Content for any other purposes. In particular, we do not use this data for user identification or authentication, advertising or marketing, profiling for tracking or advertising, or analysis of facial characteristics. We also do not sell, rent, or trade your photos or other User Content. Your photos and User Content are not shared with third parties except when strictly necessary to provide the service or when required by law.

To generate the requested Output Content, the selected photo or other Input Content is securely transmitted to our servers via encrypted connections. In some cases, we use trusted cloud service providers to assist with content generation. These providers are contractually required to process the data securely, use it only for the services they provide to us, and are prohibited from using it for any other purpose.

Face Data and Third-Party AI Processing

Where user-uploaded content contains face data, such data may be transferred to trusted third-party AI service providers (such as Nano Banana and/or PixVerse (MOTIVAI PRIVATE LIMITED)) solely for the purpose of generating AI-based content requested by the user.

Such data sharing occurs only after the user provides explicit consent within the App. We share only the minimum amount of data necessary to perform the requested functionality.

We require and ensure that such third-party providers:

process face data strictly on our behalf and in accordance with our instructions;
do not use face data for their own purposes, including training AI models;
implement appropriate technical and organizational measures to protect such data;
retain face data only for as long as necessary to provide the requested service and delete it thereafter in accordance with their privacy policies.

These providers process face data only to deliver the requested functionality and are contractually restricted from any other use.

However, once data is transferred to a third-party provider, we cannot fully guarantee the security of such data and are not responsible for any unauthorized access or incidents caused by such third parties.

3.4. List of Third-Party Service Providers

We may engage the following third-party service providers in order to provide us with necessary infrastructure for the delivery, improvement, and performance of our services, including AI-generated content processing: When integrating external services, we select third-party providers that commit to implementing appropriate technical and organizational measures to protect users' personal data. With respect to the AI content providers listed below, we confirm that they provide the same or an equivalent level of data protection as described in this Privacy Policy, in their own privacy policies (available via the links below), and as required by applicable law. However, we cannot fully guarantee the security of information once it is transmitted to a third party. We are not responsible for any accidental loss of, or unauthorized access to, your personal data resulting from the actions or failures of such third parties.

Entity name	Services performed	Entity location	Link to Privacy Policy
Google LLC (Google Cloud / Google Analytics)	Cloud storage / Analytics service provider	U.S.A.	https://policies.google.com/privacy
Google LLC (Nano Banana)	AI-generated content provider	U.S.A.	https://policies.google.com/privacy
PixVerse (MOTIVAI PRIVATE LIMITED)	AI-generated content provider	Singapore	https://docs.pixverse.ai/privacy
AppsFlyer Inc.	Analytics service provider	U.S.A.	https://www.appsflyer.com/legal/services-privacy-policy/
Amplitude Inc.	Analytics service provider	U.S.A.	https://amplitude.com/privacy
Amazon.com, Inc.	Cloud storage provider	U.S.A.	https://services.amazon.com/privacy-policy.html https://aws.amazon.com/compliance/data-privacy-faq/?nc1=h
Firebase Crashlytics (Google LLC)	User authentication, analytics and marketing service provider	U.S.A.	https://policies.google.com/privacy https://firebase.google.com/support/privacy?hl=en
Facebook (Meta Platforms, Inc.)	Analytics / ad management service provider	U.S.A.	https://www.facebook.com/privacy/explanation
Google Analytics (Google LLC)	Analytics service provider	U.S.A.	https://policies.google.com/privacy https://support.google.com/analytics/answer/6004245 (see section 'Information for Visitors of Sites and Apps Using Google Analytics')

In case you want to learn more about the services and privacy options (including opt-out mechanisms), please consult the corresponding privacy policies linked in the table above.

4. Tracking Technologies & Cookies

4.1. About Tracking Technologies

COMAPPS uses various technologies in our services to help us collect information. For convenience, we refer to these as "tracking technologies," although they are not always used to track individuals and the information collected is in a non-identifiable form that does not reference any personal data. Tracking technologies include:

Cookies. Cookies are small portions of text that are stored on the device you use to access our services. Cookies enable us (or third parties that we allow to set cookies on your device) to recognize repeat users. Cookies may expire after a period of time, depending on what they are used for.
Pixel Tags / Page Tags / Web Beacons / Tracking Links. These are small, hidden images and blocks of code placed in web pages, ads, and our emails that allow us to determine if you perform a specific action. When you access a page, ad, or email, or click a link, these items let us know that you have accessed that page, opened an email, or clicked a link.
SDKs. SDKs or software development kits are software code provided by our business partners that let our software interact with the services those partners provide. For example, in our free mobile apps, we may use an SDK to enable our app to serve ads from an advertising network. Such information may include device identifiers, usage data, interaction events, and other technical information necessary for analytics, advertising, and service functionality. Advertising partners may use tracking technologies to build profiles based on your interests and show you relevant ads on other platforms.

These technologies may also be used in connection with AI-based features to support service functionality, performance monitoring, and request processing.

4.2. Why we use Cookies

We use cookies:

To provide our services. Some cookies are essential for the proper operation of our services. For example, cookies allow us to authenticate who you are and whether you're authorized to access a resource.
To store your preferences. Cookies can store your preferences, such as language preferences or whether to pre-fill your username on sign in forms. We may also use them to optimize the content that we show to you.
For analytics. Cookies are used to inform us how users interact with our services so we can, as a legitimate interest, improve how they work (such as what screens or webpages you access, and whether our advertising is effective).
For security. Cookies can enable us and our payment processors to detect certain kinds of fraud.
For advertising-related purposes. We advertise our services online with the help of third parties who show ads and marketing about us on sites around the internet.

On mobile devices, similar technologies such as SDKs and local storage may be used instead of traditional browser cookies.

4.3. Third Parties

We may allow our business partners to place certain tracking technologies in our services. These partners use these technologies for the following purposes:

To provide our services. Some business partners who help us to provide our services may use these technologies to support those efforts.
For Analytics. To help us understand how you use our services.
For Marketing. To help us market and advertise our services to you, including on third party websites. Cookies are used in connection with this to measure the performance of our advertising, attribute actions you take with our ads with actions you take on our services, deliver ad retargeting (serving ads based on your past interactions with our services), and target ads at similar audiences.
To Serve Ads. This is relevant to users of our free products only. Ad networks may use these technologies to display ads which they think will be more relevant to you. For more information, please see the "Displaying Third Party Ads" section above.

These third parties may independently collect information from your device in accordance with their own privacy policies. A full list of such third-party providers is available in Section 3.4.

4.4. Your Choices

Where required by applicable law, we obtain your consent before using non-essential cookies or similar technologies.

Our Cookies: Most web browsers and some mobile devices give you the ability to manage your cookie preferences, including deleting cookies and blocking cookies from being set on those browsers or devices. Visit the "help" section of your browser to understand what controls it gives you over cookies. Note that deleting or blocking certain cookies could adversely impact the proper operation of our services.
Google Analytics: We use Google Analytics to help us understand how users use our services. Google makes available a Google Analytics Opt Out Browser Add-On if you do not want to participate in Google Analytics.

5. Security

COMAPPS employs a range of administrative, organizational, technical, and physical safeguards designed to protect your data against unauthorized access, loss, misuse, or modification. We continuously work to improve such safeguards. We use industry-standard security measures, including encryption in transit, access controls, and secure infrastructure, to protect your data. We also require third-party service providers, including AI service providers and cloud infrastructure providers, to implement appropriate technical and organizational security measures to protect your personal data and to process it only for the purposes specified by us. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

6. International Data Transfers

6.1. Transfers to Other Countries

COMAPPS may transfer your personal data to countries other than the one in which you reside. We do this to facilitate our operations, and transferees may include COMAPPS group companies, service providers, partners, and third-party AI service providers. This includes transfers to third-party AI service providers and cloud infrastructure providers located in countries such as the United States and Singapore. Laws in these countries may differ from those in your jurisdiction. Where required by applicable law, we implement appropriate safeguards to ensure that your personal data receives an adequate level of protection, such as standard contractual clauses or other legally recognized transfer mechanisms.

7. Data Retention

COMAPPS generally retains your personal data for as long as necessary to provide the services to you, or for as long as you maintain an account with us. User Input Content (such as photos, images, or text prompts submitted in the app) is retained only for as long as necessary to generate the AI content requested by you. In most cases, such data is deleted shortly after processing, unless retention is required for technical, legal, or security reasons. AI-generated content may be stored within the app for a limited period (for example, up to 365 days) or until you choose to delete it. We may also retain certain personal data where required by law, or for our legitimate interests, such as fraud prevention, abuse detection, and the protection of our legal rights. Residual copies of personal data may be stored in backup systems for a limited period as part of our security and disaster recovery processes.

8. Your Rights

Depending on your country of residence, you may have certain legal rights in relation to your personal data that we maintain. Subject to applicable law, these rights may include:

the right to access and receive a copy of your personal data;
the right to correct inaccurate or incomplete personal data;
the right to request deletion of your personal data;
the right to restrict or object to the processing of your personal data;
the right to data portability;
the right to withdraw consent at any time where processing is based on consent;
the right to lodge a complaint with a data protection authority.

You may also have the right to request information about:

the categories of personal data we collect,
the sources of such data,
the purposes for which it is used,
and the categories of third parties with whom we share it.

AI-Related Rights

Where applicable, you may request the deletion of:

content you have uploaded (such as photos, images, or text prompts), and
AI-generated content created based on your input.

Please note that in some cases, deletion may be subject to technical limitations (for example, temporary storage or backup systems) or legal obligations.

Exercising Your Rights

You may be able to exercise some of your rights directly within the app (for example, by deleting content or updating your account information). If you wish to exercise any of your rights, you may contact us using the details provided in the "Contact Us" section of this Privacy Policy. We may need to verify your identity before processing your request, as permitted by law. You may also opt out of receiving marketing communications at any time by using the "unsubscribe" link included in such communications.

9. Privacy Policy Updates

COMAPPS may update this Privacy Policy from time to time in accordance with this section for reasons such as changes in laws, industry standards, and business practices. COMAPPS will post updates to this page and update the "Last updated" date above. If we make updates that materially alter your privacy rights, we will also provide you with advance notice, such as via email or through the services. If you disagree with such an update to this policy, you may cancel your services account. If you do not cancel your account before the date the update becomes effective, your continued use of our services will be subject to the updated Privacy Policy.

10. Contact Us

We expect this Privacy Policy to evolve over time and welcome feedback from our users about our privacy practices. If you have any questions or complaints about our privacy practices, you can contact us using the following details:

support@comapps.co