LIKENESS: IMAGINE WITH AI

Last Updated: March 22, 2026

LIKENESS APPLICATION — PRIVACY POLICY

Okan Atabağ ("Developer", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you use the Likeness mobile application ("App").

This policy complies with:

- General Data Protection Regulation (GDPR) — European Union

- Turkish Personal Data Protection Law No. 6698 (KVKK) — Republic of Turkey

- California Consumer Privacy Act (CCPA) — State of California, USA

- Children's Online Privacy Protection Act (COPPA) — United States

- Other applicable data protection laws

1. DATA CONTROLLER

Okan Atabağ acts as the Data Controller for all personal data processed through the App.

Contact Information:

Email: okiata@gmail.com

For KVKK-related inquiries:

Veri Sorumlusu: Okan Atabağ

E-posta: okiata@gmail.com

2. PERSONAL DATA WE COLLECT

2.1. Data You Provide Directly:

  - Photographs/images uploaded for child generation

  - Celebrity search queries

  - Account information (if applicable)

2.2. Data Collected Automatically:

  - Device information (device type, operating system, version)

  - Anonymous usage/quota data (generation count, subscription entitlement status)

  - Service diagnostics required for reliability and abuse prevention (Firebase Crashlytics)

  - Aggregated analytics events (Firebase Analytics), such as onboarding completion, purchase attempts, and generation lifecycle events

  - IP address (processed but not stored long-term)

  - Anonymous authentication identifiers (Firebase Anonymous Auth)

2.3. Data We Do NOT Collect:

  - Names, email addresses, or phone numbers (unless voluntarily provided)

  - Location data

  - Contact lists

  - Biometric data (facial recognition templates are NOT stored; images are processed transiently)

  - Financial or payment information (handled entirely by Apple/Google/RevenueCat)

3. LEGAL BASIS FOR PROCESSING (GDPR Article 6 / KVKK Article 5)

We process your personal data based on the following legal grounds:

  (a) Consent (GDPR Art. 6(1)(a) / KVKK Art. 5(1)): You explicitly consent to the processing of your photographs when you upload them. You may withdraw consent at any time.

  (b) Performance of Contract (GDPR Art. 6(1)(b) / KVKK Art. 5(2)(c)): Processing necessary to provide the App's services as described in our Terms of Service.

  (c) Legitimate Interest (GDPR Art. 6(1)(f)): Service reliability, fraud prevention, quota enforcement, and security.

4. HOW WE USE YOUR DATA

4.1. Uploaded photographs are used SOLELY for:

  - On-device face validation (Google ML Kit) to detect exactly one face, validate frontal angle, and calculate face region for preprocessing

  - Content safety screening (on-device NSFW signal plus server-side Google Cloud Vision SafeSearch when required)

  - Analyzing facial features via AI (Google Gemini)

  - Generating hypothetical child images via AI generation workflows (including Google and fal.ai-powered pipelines)

  - Displaying results to the user within the App

4.2. Usage data is used for:

  - Enforcing generation quotas and subscription entitlements

  - Processing subscription status

  - Improving App performance and user experience

  - Diagnosing and fixing errors

5. DATA PROCESSING AND STORAGE

5.1. Uploaded images are:

  - Transmitted securely via HTTPS/TLS encryption

  - Stored temporarily in Google Firebase Cloud Storage

  - Processed by Google Cloud Functions

  - Optionally screened by Google Cloud Vision SafeSearch when additional moderation confidence is required

  - Sent to AI service providers used by the App (including Google Gemini and fal.ai workflows) for analysis/generation

  - NOT used for training AI models by default (subject to Google Cloud Terms)

5.2. Generated images are:

  - Stored in Google Firebase Cloud Storage

  - Stored in user-scoped paths and intended to be accessed by the authenticated owner via the App

  - May be cached locally on the user's device

5.3. Generation history is stored locally on your device using SharedPreferences. This data is NOT transmitted to our servers.

5.4. Data Retention:

  - Uploaded images: Retained for up to 30 days to facilitate the "History" feature, then deleted by configured storage lifecycle rules.

  - Generated images: Retained for up to 30 days to facilitate the "History" feature, then deleted by configured storage lifecycle rules.

  - Usage logs: Retained for up to 12 months

  - Crash and diagnostic logs: retained according to Firebase Crashlytics retention configuration

  - Analytics event data: retained according to Firebase Analytics retention settings

  - Account data: Retained until account deletion is requested

  - Local history: Local records of generations older than 30 days are automatically removed from the App to ensure consistency with server data.

6. DATA SHARING AND THIRD-PARTY SERVICES

6.1. We share data with the following third-party service providers, acting as Data Processors:

  | Service | Purpose | Data Shared | Privacy Policy |

  |---------|---------|-------------|----------------|

  | Google Firebase (Auth, Storage, Functions, Analytics, Crashlytics, App Check) | Authentication, storage, processing, abuse prevention, diagnostics, analytics | Images, anonymous IDs, diagnostics, usage events, attestation tokens | https://firebase.google.com/support/privacy |

  | Google AI (Gemini) | Image analysis/prompt processing | Uploaded images (transient) | https://ai.google.dev/terms |

  | Google Cloud Vision SafeSearch | Content moderation and sexual content detection | Uploaded images (as needed for moderation) | https://cloud.google.com/vision/docs/privacy |

  | fal.ai (and configured generation workflows) | Image generation workflow orchestration | Prompt data, generated outputs, reference image URLs | https://fal.ai/privacy |

  | RevenueCat | Subscription management | Anonymous user ID, purchase status | https://www.revenuecat.com/privacy |

  | Apple App Store | Payment processing | Payment info (not shared with us) | https://www.apple.com/privacy |

  | Google Play Store | Payment processing | Payment info (not shared with us) | https://policies.google.com/privacy |

6.2. We do NOT:

  - Sell your personal data to any third party

  - Share your photographs with third parties for marketing purposes

  - Use your images for advertising or promotional purposes without explicit consent

  - Transfer data to third parties for purposes unrelated to the App's services

6.3. We may disclose data if required by law, court order, government request, or to protect our legal rights.

7. INTERNATIONAL DATA TRANSFERS

7.1. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where Google's servers are primarily located.

7.2. For transfers from the EU/EEA: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and Google's compliance with the EU-US Data Privacy Framework.

7.3. For transfers from Turkey: International transfers comply with KVKK Article 9, based on adequate safeguards and, where applicable, explicit consent.

7.4. We ensure that all international transfers are protected by appropriate safeguards to maintain the security and integrity of your data.

8. YOUR RIGHTS

8.1. Under GDPR (EU Users), you have the right to:

  (a) Access your personal data

  (b) Rectify inaccurate personal data

  (c) Erase your personal data ("Right to be Forgotten")

  (d) Restrict processing of your personal data

  (e) Data portability

  (f) Object to processing

  (g) Withdraw consent at any time

  (h) Lodge a complaint with your local Data Protection Authority

8.2. Under KVKK (Turkish Users — Article 11), you have the right to:

  (a) Learn whether your personal data is being processed (Kişisel verilerinizin işlenip işlenmediğini öğrenme)

  (b) Request information about data processing (İşlenmişse buna ilişkin bilgi talep etme)

  (c) Learn the purpose of processing and whether data is used in accordance with its purpose (İşlenme amacını ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme)

  (d) Know the third parties to whom data is transferred (Yurt içinde veya yurt dışında kişisel verilerin aktarıldığı üçüncü kişileri bilme)

  (e) Request rectification of incomplete or inaccurate data (Eksik veya yanlış işlenmiş olması hâlinde bunların düzeltilmesini isteme)

  (f) Request deletion or destruction of data (Kişisel verilerin silinmesini veya yok edilmesini isteme)

  (g) Object to automated decision-making (Otomatik sistemler vasıtasıyla analiz edilmek suretiyle aleyhinize bir sonucun ortaya çıkmasına itiraz etme)

  (h) Request compensation for damages caused by unlawful processing (Kanuna aykırı olarak işlenmesi sebebiyle zarara uğramanız hâlinde zararın giderilmesini talep etme)

8.3. Under CCPA (California Users), you have the right to:

  (a) Know what personal information is collected

  (b) Know whether personal information is sold or disclosed and to whom

  (c) Opt out of the sale of personal information (we do NOT sell your data)

  (d) Access your personal information

  (e) Request deletion of your personal information

  (f) Not be discriminated against for exercising your rights

8.4. To exercise any of these rights, please contact us at: okiata@gmail.com

8.5. Consent withdrawal: You can stop using the App and request deletion of server-side data via the contact email above. You may also clear local history inside the App at any time.

8.6. We will respond to your request within 30 days (GDPR/KVKK) or 45 days (CCPA).

9. SPECIAL CATEGORIES OF DATA / SENSITIVE DATA

9.1. Photographs may be considered biometric data in some jurisdictions. We process photographs ONLY for the purpose of AI-based image generation and do NOT create biometric templates, facial recognition databases, or biometric identifiers.

9.1.a. Face Data Collection and Usage:

  - The App uses Google ML Kit Face Detection on-device to process temporary face geometry signals (for example, face bounding box coordinates and head rotation angle) during selfie validation.

  - This temporary face geometry processing is used only to verify image quality (single face, frontal angle, face size) before generation.

  - Face geometry signals are not stored as biometric templates, are not used for identity matching, and are discarded after processing.

  - Face data is not sold and is not shared for advertising purposes.

  - For content safety, images may be checked by Google Cloud Vision SafeSearch when moderation fallback is needed.

9.2. Under KVKK, image data may be classified as sensitive personal data (özel nitelikli kişisel veri). Processing is based on your explicit consent (açık rıza) provided when you upload photographs.

9.3. Under GDPR, we process facial images based on explicit consent (Article 9(2)(a)). You may withdraw consent at any time.

10. DATA SECURITY

10.1. We implement appropriate technical and organizational measures to protect your personal data, including:

  - End-to-end HTTPS/TLS encryption in transit

  - Firebase Security Rules restricting data access

  - Google Cloud's enterprise-grade infrastructure security

  - Access controls limiting data access to authorized services only

  - Regular security reviews

10.2. Despite our best efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10.3. In the event of a data breach that poses a risk to your rights and freedoms, we will notify relevant authorities within 72 hours (GDPR) and affected users without undue delay.

11. COOKIES AND TRACKING

11.1. The App does not use cookies. However, third-party SDKs (Firebase, RevenueCat) may use local storage mechanisms for functionality purposes.

11.2. We do not use third-party advertising trackers. We use Firebase Analytics for aggregated product analytics and Firebase Crashlytics for reliability diagnostics.

12. CHILDREN'S PRIVACY

12.1. The App is not directed at children under 13 years of age.

12.2. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

12.3. Parents or guardians who believe their child has provided personal information may contact us at okiata@gmail.com for immediate deletion.

13. CHANGES TO THIS PRIVACY POLICY

13.1. We may update this Privacy Policy from time to time. We will notify you of material changes through the App or other appropriate means.

13.2. The "Last Updated" date at the top indicates when the policy was most recently revised.

13.3. Continued use of the App after changes constitutes acceptance of the updated policy.

14. DATA PROTECTION OFFICER / REPRESENTATIVE

14.1. For GDPR inquiries, our EU representative can be contacted at: okiata@gmail.com

14.2. For KVKK inquiries, our Veri Sorumlusu İrtibat Kişisi can be contacted at: okiata@gmail.com

15. CONTACT US

For any questions, concerns, or requests related to this Privacy Policy, please contact us:

Okan Atabağ

Email: okiata@gmail.com

KVKK: okiata@gmail.com

For complaints:

- EU Users: You may lodge a complaint with your local Data Protection Authority

- Turkish Users: You may apply to the Personal Data Protection Authority (KVKK Kurulu) at https://www.kvkk.gov.tr

- California Users: You may contact the California Attorney General at https://oag.ca.gov/privacy