Privacy Policy
We are committed to protecting your privacy and ensuring the security of your personal information.
Global Privacy Compliance
Starlyzed is committed to complying with privacy laws worldwide. We continuously update our practices to meet evolving legal requirements and protect your rights.
GDPR
European Union
General Data Protection Regulation
CCPA/CPRA
California, USA
California Consumer Privacy Act / Privacy Rights Act
UK GDPR
United Kingdom
UK General Data Protection Regulation
PIPEDA
Canada
Personal Information Protection and Electronic Documents Act
LGPD
Brazil
Lei Geral de Proteção de Dados
State Privacy Laws
US States
Virginia, Colorado, Connecticut, Utah, and others
Your Privacy Rights
- Access and download your personal data
- Request correction of inaccurate information
- Delete your account and associated data
- Object to certain processing activities
- Port your data to another service
- Opt-out of marketing and analytics
Our Commitments
- Privacy by design in all features
- Regular privacy impact assessments
- Transparent data processing practices
- Prompt breach notifications if required
- Annual compliance audits
- Dedicated data protection officer
We Do Not Sell Your Personal Information
Starlyzed does not sell, rent, or share your personal information with third parties for their marketing purposes. Your data is only used to provide and improve our services.
Information We Collect
We collect different types of information to provide our cosmic style and AI image generation services. Many fields are optional and can be customized to protect your privacy.
Account Information
Basic details needed to create and manage your account.
- Email address (required for signup)
- Full name (required for signup)
- Password (required for email signup)
- Profile photo/avatar (optional)
Photos & AI Content
Images you upload for AI-powered style transformations.
- Selfies/photos for AI image generation
- AI-generated styled images
- Wardrobe item photos
- Video content (if using video features)
- Community posts and shared looks
Style Preferences
Your fashion and beauty preferences for personalization.
- Style quiz responses
- Favorite looks and saved outfits
- Color preferences
- Wardrobe categories and tags
- Occasion and season preferences
App Usage & Performance
Technical data to improve our services.
- Device information and identifiers
- App version and platform (iOS/Android)
- Feature usage and interactions
- Error logs and crash reports
- Performance metrics
- Push notification tokens
Subscription & Credits
Data related to your subscription and AI generation credits.
- Subscription tier and status
- Credit balance and transactions
- Purchase history (via App Store/Play Store)
- Referral code usage
Important Privacy Notes
- Photo Privacy: Photos you upload for AI generation are processed securely and only used to create your styled images. You control which images are saved or shared.
- AI Processing: We use AI to generate styled images and videos based on your photos. Your original photos are not shared with third parties for their own purposes.
- Data Minimization: We only collect information necessary to provide our AI image and video generation services. You have full control over your data.
Why We Process Your Data
Under privacy laws like GDPR and CCPA, we must have a valid legal reason for processing your personal data. Here are the legal bases we rely on for different processing activities.
Contractual Necessity
GDPR Article 6(1)(b)
Processing necessary to provide our services under our Terms of Service
Processing Activities
- Account creation and authentication (email, password, name)
- Core app functionality (AI photo and video generation)
- AI image and video transformation services
- Customer support communications
- Subscription and credit management
Legal Obligations
GDPR Article 6(1)(c)
Processing required to comply with legal requirements
Processing Activities
- Data retention for legal compliance
- Response to lawful government requests
- Fraud prevention and security
- Content moderation requirements
Legitimate Interests
GDPR Article 6(1)(f)
Processing for legitimate business purposes that don't override your rights
Processing Activities
- App performance monitoring and improvements
- Anonymous analytics and usage statistics
- Security monitoring and threat detection
- AI model improvement (anonymized data only)
Consent
GDPR Article 6(1)(a)
Processing based on your explicit consent
Processing Activities
- Marketing communications (optional)
- Push notifications (you control in settings)
- Photo uploads for AI generation
- Profile photo upload (optional)
- Biometric authentication (Touch ID/Face ID/fingerprint when enabled)
- Community sharing and social features
Vital Interests
GDPR Article 6(1)(d)
Processing in rare emergency situations
Processing Activities
- Emergency contact to authorities if required
- Protection of vital interests in extreme circumstances
Special Category Data
We do NOT intentionally collect special category (sensitive) personal data such as:
- β’ Racial or ethnic origin
- β’ Political opinions
- β’ Religious or philosophical beliefs
- β’ Trade union membership
- β’ Genetic data
- β’ Health information
- β’ Sexual orientation
- β’ Criminal history
If any such information is inadvertently collected (e.g., in notes or photos), it is not processed for any purpose and you can delete it at any time.
How We Use Your Data
We use your data responsibly and transparently to provide you with the best possible service. Here's how we put your information to work.
Service Improvement
How we use data to enhance your experience.
- Performance optimization
- Feature development
- User experience enhancement
- Service personalization
Analytics & Insights
Understanding patterns to serve you better.
- Earnings analysis
- Trend identification
- Performance tracking
- Goal achievement
Service Delivery
Ensuring smooth operation of core features.
- Account management
- Payment processing
- Support services
- Communication delivery
Platform Operations
Maintaining and securing our platform.
- System maintenance
- Security monitoring
- Error prevention
- Performance monitoring
Service Providers We Work With
We partner with trusted service providers to deliver Starlyzed's features. These providers are contractually obligated to protect your data and only use it for the services they provide to us.
Supabase
Infrastructure & Database
Backend infrastructure, authentication, and data storage
View Privacy PolicyInformation Shared
Information Shared
Information Shared
Information Shared
Firebase (Crashlytics)
Crash Reporting
App stability monitoring and crash reporting
View Privacy PolicyInformation Shared
Data Sharing Principles
We NEVER:
- βSell your personal data to third parties
- βShare data for advertising purposes
- βAllow unauthorized access to your information
We ALWAYS:
- βUse data processing agreements
- βLimit data sharing to minimum necessary
- βAudit our service providers regularly
How We Use Cookies
We use cookies and similar technologies to enhance your experience on our website. You have full control over which cookies we use.
Cookie Consent
When you first visit our website, you'll see a cookie consent banner allowing you to:
- β’ Accept all cookies
- β’ Reject non-essential cookies
- β’ Customize your cookie preferences
Essential Cookies
Retention: Session or up to 1 year
Required for the website to function properly
Examples:
- Authentication tokens
- Session identifiers
- Security cookies
- Cookie consent preferences
Analytics Cookies
Retention: Up to 2 years
Help us understand how visitors use our website
Examples:
- PostHog analytics tracking
- Page view statistics
- Feature usage metrics
- Performance monitoring
Marketing Cookies
Retention: Up to 1 year
Track visitors across websites for marketing
Examples:
- Conversion tracking
- Campaign effectiveness
- Retargeting pixels
- Social media tracking
Personalization Cookies
Retention: Up to 1 year
Remember your preferences and settings
Examples:
- Language preferences
- Theme settings
- Display preferences
- Timezone settings
Mobile App Tracking
Our mobile app (iOS and Android) uses similar tracking technologies:
App Analytics:
- β’ PostHog for usage analytics
- β’ Firebase Crashlytics for stability
- β’ RevenueCat for subscription tracking
You can control:
- β’ Analytics collection in app settings
- β’ Crash reporting preferences
- β’ Marketing communications opt-out
Managing Your Cookie Preferences
Cookie preferences are managed through your browser settings.
Most browsers allow you to block or delete cookies. Note that blocking essential cookies may affect your ability to use certain features of our website.
How Long We Keep Your Data
We only keep your data for as long as necessary to provide our services and comply with legal requirements. Here are our specific retention periods for different types of information.
Active Account Data
Duration of account
Retained while your account is active
- Profile information and preferences
- Photos and AI-generated images and videos
- Saved collections and favorites
- Account settings and customizations
After Account Deletion
30 days
Grace period for account recovery
- All account data retained for 30 days
- Account can be restored by logging in
- Permanently deleted after 30 days automatically
- Includes complete removal from third-party services (PostHog, Firebase)
Subscription Records
Handled by App Stores
Payment records managed by Apple/Google
- Apple App Store and Google Play handle all payment records
- We do not retain financial transaction data
- Subscription history available through your app store account
- Contact Apple/Google for payment record requests
Analytics Data
Immediately deleted
Third-party analytics removed on account deletion
- PostHog analytics data deleted via API
- Firebase Crashlytics data deletion instructions provided
- Account recovery actions
- Suspicious activity logs
Analytics Data
24 months
Aggregated and anonymized usage data
- Feature usage statistics
- App performance metrics
- Anonymized user behaviors
- No personally identifiable information
Marketing Communications
Until opt-out
Deleted immediately upon unsubscribe
- Email preferences
- Marketing consent records
- Communication history
- Unsubscribe requests honored immediately
Account Deletion Timeline
Day 0
Deletion Request
You request account deletion in the app
Days 1-30
Grace Period
Account marked for deletion but recoverable
Day 30
Permanent Deletion
All personal data permanently removed
After Day 30
Anonymized Records
Only legally required anonymized data retained
Your Control Over Data
You can always:
- β’ Request immediate permanent deletion
- β’ Export all your data before deletion
- β’ Delete specific data items individually
- β’ Recover your account within 30 days
We ensure:
- β’ Clear retention periods for all data types
- β’ Automatic deletion when periods expire
- β’ Secure deletion processes
- β’ Compliance with legal requirements
How We Protect Your Data
We employ industry-leading security measures and follow best practices to ensure your data remains safe and protected.
Data Protection
Strong encryption for stored and transmitted data
- HTTPS/TLS encryption
- Secure database storage
- Regular automated backups
Access Control
Multiple authentication options and secure access
- Email/password authentication
- Biometric authentication (Touch ID/Face ID)
- Google Sign-In integration
- Automatic session management
Input Security
Comprehensive protection against malicious input
- XSS prevention
- SQL injection protection
- File upload validation
- Content sanitization
Infrastructure
Secure cloud infrastructure through trusted providers
- Supabase hosting security
- DDoS protection
- Automated scaling
Data Privacy
Privacy-focused data handling practices
- Minimal data collection
- User-controlled deletion
- 30-day grace period
Secure Storage
Hardware-backed security for sensitive data
- iOS Keychain integration
- Android KeyStore usage
- Encrypted local storage
Cross-Border Data Transfers
Your data may be processed in different countries. We ensure all international transfers comply with applicable laws and maintain strong protection regardless of location.
Legal Transfer Mechanisms
Standard Contractual Clauses
EU-approved contracts for international data transfers
Coverage: EU/UK to US transfers
Status: Active
Adequacy Decisions
Countries recognized as providing adequate protection
Coverage: EU to UK, Canada, Japan, etc.
Status: Active where applicable
Technical Safeguards
Encryption and security measures for all transfers
Coverage: All international transfers
Status: Always applied
Where Your Data Is Processed
United States
Services Located Here:
- Supabase (Primary Database)
- RevenueCat
- PostHog
- Firebase
Safeguards Applied:
SCCs, encryption, access controls
European Union
Services Located Here:
- CDN edge locations
- Backup systems
Safeguards Applied:
GDPR compliance, local processing
Global CDN
Services Located Here:
- Static assets
- Cached content
Safeguards Applied:
Edge encryption, minimal data
Post-Schrems II Compliance
Following the Schrems II decision, we've implemented additional safeguards for EU-US data transfers:
Technical Measures:
- β’ End-to-end encryption for sensitive data
- β’ Pseudonymization where possible
- β’ Access controls and monitoring
- β’ Regular security audits
Organizational Measures:
- β’ Transfer impact assessments
- β’ Enhanced contractual clauses
- β’ Transparency reports
- β’ Government access policies
Your Rights Regarding International Transfers
You have the right to:
- Know where your data is processed
- Understand the safeguards in place
- Request copies of transfer agreements
- Object to transfers in certain circumstances
For questions about international transfers, contact our Data Protection Officer at support@starlyzed.com
Protection of Minors
Starlyzed is designed for creative individuals interested in AI-powered photo and video transformations. We take the protection of minors' privacy seriously and comply with applicable children's privacy laws.
Children's Privacy Protection
While Starlyzed does not impose specific age restrictions during account creation, we are committed to protecting children's privacy and comply with applicable laws:
COPPA Compliance (USA)
- We do not knowingly collect personal information from children under 13
- If we discover a child under 13 has provided information, we immediately delete it
General Protections
- No marketing specifically directed at children
- Immediate response to parental concerns about minor accounts
For Parents and Guardians
If you believe your child under 13 has created an account or we have inadvertently collected information from a child under 13, please contact us immediately.
We will:
- Immediately delete the account and all associated data
- Confirm the deletion within 48 hours
- Review our processes to prevent similar incidents
Contact for Child Privacy Concerns:
support@starlyzed.comSubject line: "Child Privacy Concern - Immediate Attention Required"
How to Delete Your Account
Starlyzed puts you in control of your data. You can easily delete your account and all associated information at any time.
In-App Account Deletion
Starlyzed users can delete their account and all associated data directly in the app by following these steps:
- Open the Starlyzed app
- Navigate to Profile β Settings
- Select Security & Privacy
- Tap on Delete Account
- Follow the confirmation prompts
When an account is deleted, all personal information, photos, AI-generated images and videos, preferences, and other user-generated content are permanently removed from our systems.
Need Help?
If you've uninstalled the app or need assistance with account deletion, please contact our support team at support@starlyzed.com
Your Data Rights
You have complete control over your personal data. We ensure transparency and provide you with tools to manage your information.
Right to Access
You can request access to your personal data and obtain information about how we process it.
Right to Data Portability
You can request a copy of your data in a structured, commonly used format.
Right to Rectification
You can request corrections to your personal data if it is inaccurate or incomplete.
Right to Erasure
You can request deletion of your personal data under certain circumstances.
Right to Object
You can object to the processing of your personal data for certain purposes.
Right to Restrict
You can request to temporarily restrict the processing of your data.
Exercise Your Data Rights
To exercise any of the rights above, send us an email with your request and we'll respond within 30 days.