Privacy Policy

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), We process Your Personal Data based on the following legal grounds:

• •Consent: By creating an account and using Our Service, You explicitly consent to the processing of Your Personal Data as described in this Privacy Policy.
• •Contract Performance: Processing is necessary for the performance of Our terms of service and to provide You with Our AI-powered video editing and creative content generation services through Chroma.
• •Legitimate Interest: We may process Your data for Our legitimate business interests, such as improving Our Service, ensuring security, and preventing fraud.
• •Legal Obligation: We may process Your data to comply with applicable laws and regulations.

You have the right to withdraw Your consent at any time by contacting Us or deleting Your account.

Cookies and Tracking Technology

Our mobile application uses various technologies to collect information and improve Your experience. This section explains what technologies We use and how they work.

Analytics and Performance Monitoring

We use PostHog (EU servers) for analytics to understand how You use Our app and improve its functionality. PostHog may collect:

• •Device type and operating system
• •App version and usage patterns
• •Feature interactions and user flows
• •Performance metrics and load times
• •Randomly generated user identifiers (not linked to Your real identity)

Crash Reporting

We use Sentry for crash reporting to identify and fix technical issues. According to Sentry's mobile privacy documentation, Sentry:

• •Does not use device IDs or advertising identifiers
• •Uses randomly generated IDs per app installation
• •Collects only crash data and error information You configure
• •Does not track users across applications

Device Information

Our app may automatically collect certain device information including device model, operating system version, app version, and crash logs. This information helps Us provide technical support and improve app performance.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Services, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• •Email address
• •First name and last name
• •Address, State, Province, ZIP/Postal code, City
• •Usage Data

Usage Data

Usage Data is collected automatically when using our Services.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access our Services by or through a mobile device, including the Chroma app, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Services or when You access our Services by or through a mobile device.

Use of Your Personal Data

Studio Ray may use Personal Data for the following purposes:

• •To provide and maintain our Service, including to monitor the usage of our Service.
• •To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• •For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
• •To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• •To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
• •To manage Your requests: To attend and manage Your requests to Us.
• •For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
• •For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

Data Retention Periods

We retain Your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Here are Our specific retention periods:

• •Account Data: Deleted immediately (0 seconds) upon account deletion request
• •Images and AI Processing Data: Deleted immediately after processing completion
• •Support Communications: Retained for 2 years to provide customer service
• •PostHog Analytics Data: Retention period determined by PostHog's data retention policies
• •RevenueCat Payment Data: Retention period determined by RevenueCat's data retention policies
• •Sentry Crash Reports: Retention period determined by Sentry's data retention policies

For third-party services, We recommend reviewing their respective privacy policies for specific retention periods. We will delete or anonymize Your Personal Data when it is no longer needed, unless We are legally required to retain it for longer periods.

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Face Data and Biometric Information

Our app does not collect, store, or process your facial images or biometric data directly. If you choose to sign in with Apple, biometric authentication (such as Face ID) is handled entirely by Apple on the user’s device. The app only receives a secure authentication token from Apple, not the user’s face data.

The only information we receive from Apple Sign In is a secure authentication token and, if you permit, your name and email address. We use this information solely to authenticate your account and provide access to our services. We do not use, share, or retain any face data or biometric information for any other purpose.

For more information on how Apple handles biometric data, please refer to Apple’s privacy policy.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

AI Data Processing and Third-Party Content

Our Service uses artificial intelligence (AI) technologies to provide image processing, video editing, and content generation features. This section explains how we handle your data in relation to AI processing and third-party content.

How We Process Your Images for AI Features

When you use our AI-powered features, we process your uploaded images and videos in the following ways:

• •Image Analysis: We analyze your images to understand content, composition, and technical properties
• •Content Generation: We use AI models to generate new content based on your input images and prompts
• •Enhancement Processing: We apply AI algorithms to enhance, edit, or transform your content
• •Safety Filtering: We analyze content for safety, appropriateness, and compliance with our policies

Third-Party AI Service Providers

We may use various third-party AI services to power our features, including:

• •AI Processing Services: For advanced AI processing capabilities and content generation
• •Image Generation Platforms: For image generation and editing features
• •Cloud Machine Learning Services: For various machine learning and AI processing tasks
• •Content Analysis APIs: For content safety, moderation, and quality analysis

When we use these services, your content may be temporarily processed by these third-party providers. We have agreements in place to ensure your data is handled securely and in accordance with applicable privacy laws.

AI Model Training and Third-Party Content

Our AI features utilize models that have been trained on diverse datasets containing third-party content. This training data includes:

• •Publicly available images and datasets under appropriate licenses
• •Creative Commons licensed content
• •Open-source image collections and databases
• •Licensed stock photography and artwork
• •Content used under fair use or fair dealing provisions

Important: We do not use your personal uploaded content to train our AI models or any third-party models. Your images are processed solely to provide you with the requested AI features and are deleted immediately after processing completion.

Data Retention for AI Processing

For AI-related data processing, we maintain the following retention policies:

• •Input Images: Deleted immediately after AI processing completion
• •Generated Content: Stored temporarily for delivery to you, then deleted
• •Processing Metadata: Anonymized technical data may be retained for service improvement
• •Safety Logs: Records of content safety checks may be retained for security purposes

Third Party Partners and Service Providers

Our Service integrates with various third-party services to provide analytics, payment processing, AI capabilities, and other functionality. We want to be transparent about these partnerships and how they may affect your privacy.

Analytics Partners

We use PostHog for analytics and user behavior tracking to improve our Service. PostHog may collect information about your usage of our Service, including device information, app interactions, and usage patterns.

• View PostHog's Privacy Policy

Payment Processing Partners

We use RevenueCat for subscription and payment processing services. RevenueCat processes payment information and subscription data to facilitate transactions within our Service.

By using our app and making in-app purchases, you consent to our sharing of data regarding your usage and consumption of purchased content with Apple, as part of our efforts to resolve refund requests. This information may include details about how you have accessed and interacted with the purchased content. The purpose of sharing this data is to help Apple make an informed decision regarding refund requests. We ensure that such data sharing is done in compliance with Apple's policies and only as necessary to process your requests.

• View RevenueCat's Privacy Policy

AI and Machine Learning Partners

We partner with leading AI service providers to deliver our content processing features. These partnerships are governed by strict data processing agreements to protect your privacy. Our AI service providers operate under their own privacy policies and terms of service, and we carefully select partners who meet our standards for data protection.

These third-party services operate under their own privacy policies and terms of service. We encourage you to review their privacy practices by visiting the links provided above. We are not responsible for the privacy practices of these third-party services, but we carefully select partners who meet our standards for data protection.

Your Privacy Rights

Under certain privacy laws, You have rights regarding Your Personal Data. We are committed to respecting these rights and providing You with the means to exercise them.

Access to Your Personal Data

You have the right to request access to the Personal Data We hold about You. This includes the right to obtain confirmation of whether We are processing Your Personal Data and, if so, to receive a copy of that data along with information about how it is being processed.

Rectification and Correction

You have the right to request that We correct any inaccurate or incomplete Personal Data We hold about You. If You believe any information We have about You is incorrect, please contact Us and We will take steps to correct it promptly.

Erasure and Deletion

You have the right to request that We delete Your Personal Data in certain circumstances, including:

• •The Personal Data is no longer necessary for the purposes for which it was collected
• •You withdraw Your consent and there is no other legal basis for processing
• •You object to the processing and there are no overriding legitimate grounds
• •Your Personal Data has been unlawfully processed
• •Deletion is required for compliance with a legal obligation

Data Portability

Where applicable, You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider without hindrance from Us.

Objection to Processing

You have the right to object to Our processing of Your Personal Data for certain purposes, including direct marketing, profiling, and processing based on legitimate interests. We will stop processing Your Personal Data unless We can demonstrate compelling legitimate grounds for the processing.

Restriction of Processing

In certain circumstances, You have the right to request that We restrict the processing of Your Personal Data. This means We can store Your data but cannot further process it without Your consent or for specific legal reasons.

Withdraw Consent

Where We process Your Personal Data based on Your consent, You have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact Us using the information provided in the Contact Us section of this Privacy Policy. We will respond to Your request within the timeframe required by applicable law, typically within 30 days.

Please note that We may need to verify Your identity before processing Your request to ensure the security of Your Personal Data. In some cases, We may be unable to fulfill Your request due to legal obligations or other legitimate reasons, which We will explain to You.

Complaints

If You believe We have not handled Your Personal Data in accordance with applicable privacy laws, You have the right to lodge a complaint with the relevant supervisory authority in Your jurisdiction. However, We encourage You to contact Us first so that We can try to resolve any concerns You may have.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: