Privacy Policy for Avatario

Last Updated: January 5, 2026

Introduction

Avatario ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "Application") and related services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

Photos and Avatar Content: When you take or upload photos for avatar transformation, these images are processed to generate AI avatars. Original photos are transmitted to our servers for processing and are deleted after your avatar is generated. Generated avatars are stored locally on your device.

Device Identification: We use anonymous device identifiers to manage your credits and provide personalized service without requiring account creation.

Communication Information: When you contact us for support or feedback, we collect the content of your communications, email address, and any additional information you provide.

1.2 Automatically Collected Information

Device Information: We collect technical information about your device, including device model, operating system version, unique device identifiers, and mobile network information.

Usage Data: We automatically collect information about how you interact with the Application, including features used, transformation styles selected, and timestamps.

Crash and Performance Data: We collect information about application crashes, errors, and performance metrics to improve Service stability and functionality.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing Services: To deliver, maintain, and improve the Avatario Application and its features
  • Photo Transformation: Your photos are processed using AI to generate avatar transformations. Photos are transmitted to secure servers for processing and deleted after transformation is complete
  • Credits Management: To track and manage your credit balance for avatar transformations
  • Purchase Processing: To process credit purchases through RevenueCat and Apple's payment systems
  • Analytics and Improvement: To analyze usage patterns, troubleshoot issues, and develop new features
  • Security: To detect, prevent, and address technical issues, fraud, and security incidents
  • Communication: To send you service-related announcements and respond to your inquiries

3. How We Share Your Information

3.1 Third-Party Service Providers

OpenRouter API: We use OpenRouter (https://openrouter.ai) to route photo processing requests to AI models including Claude Vision for facial analysis and Google Gemini for image generation. Photos are transmitted securely and are not retained by OpenRouter or the underlying AI providers after processing. Subject to OpenRouter's Privacy Policy: https://openrouter.ai/privacy

Supabase: We use Supabase for backend infrastructure, including credit management, device identification, and temporary storage of transformation requests (maximum 24 hours for crash recovery). Data is stored securely in compliance with industry standards. Subject to Supabase's Privacy Policy: https://supabase.com/privacy

RevenueCat: We use RevenueCat to process in-app purchases and manage credit packages. Purchase data is handled according to RevenueCat's privacy policy.

Analytics Providers: We may use analytics services to understand how users interact with our Application.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, law enforcement requests).

3.3 Business Transfers

If Avatario is involved in a merger, acquisition, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

4. Photo Data Handling

We take special care with your photos:

  • Temporary Processing: Photos are only retained on our servers during the transformation process (maximum 24 hours for crash recovery)
  • Automatic Deletion: Transformation requests including any photo data are automatically deleted after 24 hours via scheduled database cleanup
  • No Photo Database: We do not maintain a permanent database of user photos or facial features
  • No Training Use: Your photos are not used to train AI models without your explicit consent
  • Local Storage: Generated avatars are stored locally on your device, not permanently on our servers

5. Face Data Collection and Processing

This section specifically addresses how Avatario handles face data contained in photos you provide, in accordance with Apple's App Store Guidelines.

5.1 What Face Data We Collect

When you select or capture a photo for transformation, we process the visual appearance of faces in that photo. This includes:

  • Facial features visible in the photo (eyes, nose, mouth, hair, skin tone, facial structure)
  • General appearance characteristics needed to generate artistic transformations

What we do NOT collect:

  • Biometric identifiers or facial geometry measurements
  • Face recognition data or facial templates
  • Data that could be used to uniquely identify you across other services
  • Depth maps, infrared scans, or 3D facial models

5.2 How Face Data Is Used

Face data is used exclusively for AI-powered artistic transformation:

  1. Your photo is compressed to JPEG format and encrypted, then sent via HTTPS to our secure backend
  2. Claude Vision AI analyzes facial features to generate a text description of your appearance
  3. Google Gemini AI generates a new artistic image in your chosen style based on the description
  4. The transformed image is returned to your device

Face data is never used for:

  • Facial recognition or identity verification
  • Building a database of faces
  • Training AI models (without explicit consent)
  • Matching faces across users or sessions
  • Any purpose other than generating your requested transformation

5.3 Third-Party Processing of Face Data

To generate transformations, face data is temporarily processed by:

OpenRouter API (https://openrouter.ai)

  • Routes requests to AI models (Claude Vision for analysis, Google Gemini for image generation)
  • Does not retain images after processing completes
  • Subject to OpenRouter's Privacy Policy: https://openrouter.ai/privacy

Supabase

  • Our backend infrastructure provider
  • Temporarily stores transformation requests for crash recovery (maximum 24 hours)
  • Automatically deletes all transformation data via scheduled cleanup
  • Subject to Supabase's Privacy Policy: https://supabase.com/privacy

5.4 Face Data Retention

Location Retention Period
Our servers (Supabase) Maximum 24 hours, then automatically deleted
OpenRouter/AI providers Not retained after processing completes
Your device Until you delete the app or clear cache in Settings

5.5 Your Rights Regarding Face Data

You have full control over your face data:

  • Delete cached images: Go to Settings > Clear Cache to remove all locally stored images
  • Request server deletion: Contact us to request immediate deletion of any server-side data
  • Uninstall the app: Removes all local face data from your device
  • Automatic cleanup: Server-side data is automatically deleted after 24 hours

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure transmission of photos using encryption
  • Immediate deletion of photos after processing
  • Secure authentication mechanisms
  • Regular security audits and updates
  • Compliance with industry security standards

However, no security system is impenetrable. We cannot guarantee absolute security of your information.

7. Data Retention

  • Photos and Face Data: Transformation requests (including photo data) are automatically deleted from our servers after maximum 24 hours via scheduled database cleanup
  • Avatars: Stored locally on your device under your control
  • Credit Transactions: Retained for billing and customer support purposes
  • Usage Data: We retain analytics and usage data for up to 12 months
  • Device Identifiers: Retained as long as you use the Service

You may request deletion of your data at any time by contacting us at the email address below.

8. Your Privacy Rights

8.1 Access and Portability

You have the right to access your personal information and receive a copy of the data we hold about you in a structured, commonly used format.

8.2 Correction and Deletion

You have the right to correct inaccurate personal information and request deletion of your data, subject to certain legal exceptions.

8.3 Opt-Out Rights

You may disable certain data collection features through your device settings or Application settings. Note that disabling some features may limit Application functionality.

8.4 GDPR and CCPA Rights

For EU Residents (GDPR): You have additional rights including the right to restrict processing, object to processing, and lodge complaints with your local data protection authority.

For California Residents (CCPA): You have rights to know what personal information is collected, delete personal information, and opt-out of the sale or sharing of personal information.

9. Children's Privacy

Avatario is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

Important: Users should not upload photos of children without appropriate parental consent.

10. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not have the same data protection laws. By using Avatario, you consent to such transfers.

11. Third-Party Links and Services

Avatario may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review their privacy policies before providing personal information.

12. California Privacy Rights

California residents have specific privacy rights under the California Consumer Privacy Act (CCPA). We do not sell your personal information. For questions about your California privacy rights, please contact us using the information below.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the Application and updating the "Last Updated" date. Your continued use of Avatario after changes become effective constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us at:

Artur Gorbaczewski Avatario Development Email: [contact@avatario.app]

Your privacy matters to us. Thank you for trusting Avatario with your photos and creative expression.

Logo Avatario

Transform your photos into stunning AI avatars with multiple creative styles. From anime and superhero to cyberpunk and fantasy - create unique profile pictures and share-worthy transformations instantly.

Privacy Terms Contact Blog
© 2026 All rights reserved.