Privacy Policy — AI Artist - Art Generator
Effective date: October 9, 2025
This Privacy Policy explains how XCoder ("we", "us" or "our"), operator of the iOS application AI Artist - Art Generator (the "App"), collects, uses, discloses, and protects personal data in accordance with the General Data Protection Regulation (GDPR). If you have questions about this Policy or our data practices, please contact us at blayasoft@gmail.com.
1. Controller
Controller: XCoder (sole entrepreneurship by Ivan Blajic)
Email: blayasoft@gmail.com
2. Scope & Applicability
This Policy applies to personal data collected through the App and associated services (including support and billing interactions). It describes processing activities and your rights under the GDPR if you are located in the European Economic Area (EEA) or the United Kingdom.
3. Data We Collect
We collect only the personal data that is necessary to provide the App and its services. Categories of personal data we may process include:
- Account & contact data: Email address when you contact support or if you create an account (if applicable).
- Usage & analytics data: Aggregated and pseudonymized analytics about how the App is used (app screens viewed, features used, timestamps, device model and OS version, app version). We use analytics to improve the App.
- Crash and diagnostics data: Technical crash reports and diagnostic logs collected via Firebase Crashlytics to detect, investigate and fix crashes and performance issues.
- Purchase & subscription data: Purchase receipts/confirmation and subscription status managed via RevenueCat and Apple App Store. Note: payment processing is handled by Apple (App Store) — we do not receive or store your full payment card details.
- User content: Images or artwork you create and submit in the App (if any). This data may be processed to generate results and (if applicable) stored in your device or in cloud services when you choose to back up or share content.
- Communications: Messages you send to us (support requests) and our replies.
3.1 AI Image Generation & Prompt Data
The App may use third-party AI image generation services to create images based on prompts or inputs you provide. These AI services may be operated by companies located outside the European Union and may process the prompt text, any example images you provide, and the generated images.
User responsibility — do not include private or sensitive personal data in prompts: When using AI generation features, you must not include private, confidential, or sensitive personal data (for example: government ID numbers, full names of private individuals, personal health information, bank or payment details, passwords, or other sensitive identifiers) in your prompts or example images. You are solely responsible for the content you submit as prompts. We do not control third-party AI processors' use of prompt data, and we cannot guarantee deletion or confidentiality by those providers beyond their published policies.
4. Legal Bases for Processing (GDPR)
We rely on the following lawful bases to process personal data under the GDPR:
- Performance of a contract: to provide the App and subscription features you purchase (e.g., managing subscriptions, access to premium features).
- Consent: where required (for optional analytics or marketing choices). You may withdraw consent at any time (see "Your rights" below).
- Legitimate interests: to maintain, improve and secure the App (for example, debugging crashes, improving user experience) provided your rights do not override these interests.
- Legal obligation: where required to comply with law (e.g., record keeping for tax or accounting obligations).
5. Purposes of Processing
We process personal data for the following purposes:
- To operate, maintain and provide the App and its features.
- To manage subscriptions and entitlements (using RevenueCat and App Store data).
- To monitor and analyze usage, improve App performance and fix bugs (analytics and Crashlytics).
- To generate images using third-party AI services when you request that functionality.
- To communicate with you about the App, respond to support requests, and send important notices.
- To comply with legal obligations (tax, accounting, or law enforcement requests where applicable).
6. Third-Party Processors & Data Recipients
We use the following third-party services that may receive personal data as data processors or separate controllers:
- RevenueCat — subscription and purchase management. RevenueCat processes purchase receipts and subscription status to manage entitlements. For details on RevenueCat's processing practices and privacy controls, consult RevenueCat's privacy documentation.
- Firebase Crashlytics (Google) — collects crash reports and diagnostics to help identify and fix errors. Crashlytics may receive technical data (stack traces, device model, OS version, app version, and other diagnostic data).
- Apple (App Store) — handles payment processing and provides purchase receipts; Apple is a separate controller for payment transactions and is subject to its own privacy policies.
- Third-party AI image generation providers — when you request image generation, prompts, example images and generated outputs may be transmitted to external AI providers. Those providers operate under their own privacy policies and terms, and may be located outside the EEA.
We recommend reviewing the privacy policies and data handling practices of any third-party AI provider before using the relevant App features.
We may also disclose personal data if required by law, to enforce our terms, or to protect the rights, property, or safety of XCoder, our users, or the public.
7. International Transfers
Some processors (for example, Google, RevenueCat and third-party AI providers) are headquartered outside the EEA. Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as:
- European Commission approved Standard Contractual Clauses (SCCs) or
- processor policies and other lawful transfer mechanisms recognized under applicable data protection laws.
By using the App and its AI image generation features you acknowledge that your prompt text, example images and generated outputs may be transmitted to and processed in countries with different data protection laws. If you want more information about transfer safeguards, contact us at blayasoft@gmail.com.
8. Data Retention
We retain personal data only as long as necessary for the purposes listed above, unless a longer retention period is required or permitted by law. Typical retention periods include:
- Support communications: retained for as long as necessary to resolve your request and for record keeping (up to 2 years unless otherwise required).
- Crash reports & diagnostics (Crashlytics): retained by Crashlytics for a limited time to diagnose and fix problems (commonly up to 90 days — subject to the processor's retention policy).
- Analytics & usage data: aggregated analytics may be retained in aggregated form indefinitely; user-level analytics are retained in pseudonymized form for up to 24 months unless you request deletion.
- Subscription & purchase records: retained as necessary to manage your subscription and to meet tax and accounting obligations (typically up to 7 years for tax compliance, depending on local law).
- User content (images/artwork) and AI prompts: retention depends on where content is stored. Content kept only on your device is retained until you delete it. If content or prompts are transmitted to third-party AI services, retention is subject to those providers' policies — we recommend reviewing their retention practices. If you request deletion, we will delete any copies we control; deletion of data held by third parties must be requested from them directly, subject to their policies.
9. Your Rights under GDPR
If you are in the EEA (or otherwise covered by the GDPR), you have certain rights regarding your personal data, subject to applicable limitations:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): request deletion of your personal data where there is no legal reason for us to retain it.
- Right to restriction of processing: request that we limit processing of your personal data in certain circumstances.
- Right to data portability: request a machine-readable copy of data you provided to us in a structured format.
- Right to object: object to processing based on legitimate interests (including profiling) or for direct marketing.
- Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time (this will not affect processing prior to withdrawal).
To exercise any of the rights above, contact us at blayasoft@gmail.com. We will respond in accordance with applicable law, typically within one month. If needed, we may extend this period for complex requests and will inform you of any extension.
10. How to Object or File a Complaint
If you believe we have processed your personal data unlawfully, you can file a complaint with your local data protection authority. You may also contact us first at blayasoft@gmail.com and we will try to resolve your concern.
11. Security
We implement technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include administrative access controls, secure transmission (e.g., HTTPS), and following best practices for software development and data minimization. However, no method of transmission or storage is 100% secure; if a breach occurs we will follow applicable legal obligations including notifying authorities and affected users where required.
12. Children's Privacy
The App is not directed at children under 16 (or a higher age where local law requires parental consent). We do not knowingly collect personal data from children under the applicable age without verifiable parental consent. If you believe we have collected personal data from a child without consent, please contact us and we will take steps to delete the data.
13. Changes to This Privacy Policy
We may update this Policy to reflect changes in our practices or legal requirements. When we make material changes we will provide notice through the App or other means and update the "Effective date" at the top of the Policy.
14. Additional Notes on Payments
All payments for subscriptions or in-app purchases are processed by Apple (App Store). We do not receive or store your full payment card details. RevenueCat assists with subscription management; consult Apple and RevenueCat privacy notices for details about their processing of payment and subscription data.
15. Contact
If you have any questions, requests, or concerns about this Privacy Policy or our data practices, contact:
XCoder
Email: blayasoft@gmail.com
Note: This Privacy Policy is intended to describe our general data handling practices and your rights under the GDPR. It does not create contractual rights beyond those required by law. For precise legal advice tailored to your situation (for example, if you operate in certain regulated sectors or store particularly sensitive data), consult a qualified data protection lawyer.
Last updated: October 9, 2025