Privacy Policy
Invictus Logic LLC ("Cherry," "we," "us," or "our") operates the Cherry mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.
By accessing or using the App, you agree to this Privacy Policy. If you do not agree, do not use the App.
1. Information We Collect
1.1 Information You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Display name, username, email address (via Apple/Google sign-in) | Account creation and management |
| Reference Photos | Five (5) facial and body reference photographs (front face, left profile, right profile, half body, full body) | Used solely to generate personalized AI images at your direction |
| Avatar Image | Profile picture you upload | Display on your public profile |
| Uploaded Clothing/Prop Images | Photos of clothing or props you upload to the Dressing Room | Used as visual references during AI image generation |
| Generation Inputs | Text descriptions, selected options for pose, background, outfit, lighting, and other generation parameters | To generate AI images per your instructions |
| Published Content | AI-generated images you choose to publish to the Explore feed | To display on the public feed and enable recreation by other users |
| Support Inquiries | Messages submitted through in-app support | To respond to your requests |
1.2 Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Device Information | Device type, operating system version, unique device identifiers, push notification tokens | App functionality, push notifications, troubleshooting |
| Usage Data | Features accessed, templates viewed, searches performed, interactions (views, enlargements, recreations), generation history | Improve the App, personalize experience |
| Transaction Data | Credits purchased, credits consumed, subscription tier, billing period | Process transactions, maintain credit balances |
| Analytics Data | App events logged via Meta (Facebook) SDK, subject to your App Tracking Transparency (ATT) choice on iOS | Measure App performance and marketing effectiveness |
1.3 Information We Do NOT Collect
- We do not collect precise geolocation data.
- We do not collect contacts, call logs, or messages.
- We do not collect financial information directly (all payments are processed by Apple App Store, Google Play Store, or RevenueCat).
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and operate the App, including AI image generation, account management, credit tracking, and content publishing.
- Process transactions, including subscription management and credit purchases through third-party payment processors.
- Generate AI images using your reference photos and generation parameters. Your reference photos are used solely as input to the AI image generation model at your direction and are not used to train, fine-tune, or improve any AI or machine learning model.
- Display published content on the Explore feed and enable other users to recreate published generations.
- Communicate with you, including push notifications (with your consent), support responses, and service-related announcements.
- Improve and optimize the App, including analyzing usage patterns, search behavior, and feature engagement.
- Enforce our Terms of Service, detect fraud, and protect the safety and security of our users and systems.
- Comply with legal obligations, including responding to lawful requests from public authorities.
3. Legal Bases for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
| Legal Basis | Applies To |
|---|---|
| Performance of a contract | Providing the App, processing generations, managing your account and credits |
| Consent | Processing reference photos (biometric-adjacent data), push notifications, analytics tracking (ATT), publishing content to the Explore feed |
| Legitimate interests | Improving the App, fraud prevention, security, aggregated analytics |
| Legal obligation | Responding to lawful government requests, tax and financial record-keeping |
You may withdraw consent at any time (see Section 8). Withdrawing consent does not affect the lawfulness of processing performed before withdrawal.
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (US-West-2) | Database hosting, authentication, file storage, real-time features | Account data, reference photos, generated images, usage data |
| Google (Gemini API) | AI image generation | Reference photos (as generation input only), generation parameters, uploaded clothing/prop images |
| RevenueCat | Subscription and in-app purchase management | User ID, subscription status, purchase history |
| Meta (Facebook) SDK | Analytics and marketing measurement | App events (subject to your ATT choice on iOS); Advertiser ID collection is disabled by default |
| Apple / Google | Payment processing, app distribution | Payment information (processed directly by Apple/Google; we do not receive or store payment card details) |
| Upstash (Redis) | Job queue processing | Generation job metadata |
4.2 Public Content
When you publish a generation to the Explore feed, the following becomes publicly visible to all App users:
- The generated image
- Your username and display name
- Your avatar (if set)
- The generation parameters (so others may recreate similar images)
You may unpublish content at any time, which removes it from public visibility.
4.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Cherry, our users, or the public, or to detect, prevent, or address fraud, security, or technical issues.
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via the App or email of any such change in ownership or control.
5. Biometric and Facial Data Disclosures
5.1 Illinois Biometric Information Privacy Act (BIPA) Notice
If you are an Illinois resident: The reference photos you upload contain facial geometry that may constitute "biometric identifiers" or "biometric information" under the Illinois Biometric Information Privacy Act (740 ILCS 14), collectively "Biometric Data."
- Purpose: We collect your Biometric Data solely to generate personalized AI images at your direction within the App.
- Storage: Your Biometric Data is stored on servers located in the United States (US-West-2 region).
- No Sale: We do not sell, lease, trade, or otherwise profit from your Biometric Data.
- No Training: We do not use your Biometric Data to train, fine-tune, or improve any AI or machine learning model.
- Retention: Your Biometric Data is retained until you delete your reference photos or your account, plus a maximum of thirty (30) days for technical deletion processes, after which it is permanently destroyed.
- Third-Party Disclosure: Your Biometric Data is shared with Google (Gemini API) solely for the purpose of generating images at your request. Google processes this data per their API terms and does not retain it beyond the generation request.
- Consent: Before uploading reference photos, you are required to provide explicit consent via an on-screen checkbox. This constitutes your informed, written consent to the collection, use, and storage of your Biometric Data. You may withdraw consent at any time by deleting your reference photos or your account.
5.2 Texas Capture or Use of Biometric Identifier Act (CUBI) Notice
If you are a Texas resident: We do not capture or use biometric identifiers for a commercial purpose other than to provide the App's image generation service at your direction. We do not sell, lease, or disclose biometric identifiers except as described in this Privacy Policy. Your biometric identifiers are destroyed within thirty (30) days after account deletion.
5.3 Washington Biometric Identifiers Law Notice
If you are a Washington state resident: We provide notice that biometric identifiers (facial geometry) are collected from your reference photos. This data is used solely for image generation. We do not sell or share biometric data for commercial purposes unrelated to the App's services. You may request deletion at any time.
6. International Data Transfers
Our servers are located in the United States (US-West-2 region). If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States.
For EEA/UK users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and your explicit consent to the transfer, given when you create an account and upload reference photos.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Retained until you delete your account |
| Reference photos | Retained until you delete them or delete your account, plus up to 30 days for technical processing |
| Generated images | Retained until you delete them or delete your account, plus up to 30 days for technical processing |
| Published content | Retained until you unpublish or delete, plus up to 30 days for technical processing |
| Transaction and credit records | Retained for up to 7 years after account deletion for financial and legal compliance |
| Usage and analytics data | Retained in aggregated/anonymized form; identifiable data deleted within 90 days of account deletion |
| Support tickets | Retained for up to 2 years after resolution |
Upon account deletion, we initiate permanent deletion of your personal data within thirty (30) days, except where longer retention is required by law. Backups containing your data are purged within ninety (90) days of account deletion.
8. Your Privacy Rights
8.1 All Users
- Access: Request a copy of the personal data we hold about you.
- Deletion: Request deletion of your account and associated personal data.
- Correction: Request correction of inaccurate personal data.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: Withdraw consent for processing at any time.
- Object: Object to processing based on legitimate interests.
8.2 European Economic Area / United Kingdom (GDPR)
In addition to the rights above, EEA/UK residents may restrict processing and lodge a complaint with their local data protection authority (see edpb.europa.eu).
8.3 California Residents (CCPA / CPRA)
California residents have the right to know, delete, correct, opt-out of sale/sharing, and limit use of sensitive personal information. We do not sell or share your personal information for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.
8.4 Brazil (LGPD)
Brazilian residents have rights under the LGPD, including confirmation, access, correction, anonymization, portability, and deletion. Contact us at support@cherryai.app.
To exercise any of your rights, email support@cherryai.app with the subject line "Privacy Rights Request." We will verify your identity and respond within the timeframes required by applicable law.
9. Children's Privacy
The App is not intended for individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If you believe your child under 16 has provided us with personal information, contact us immediately at support@cherryai.app.
10. Data Security
We implement commercially reasonable measures including encryption in transit (TLS/SSL) and at rest, row-level security policies, signed URLs with expiration, and secure OAuth authentication. However, no method of transmission over the Internet is 100% secure.
11. Third-Party Links and Services
The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.
12. Push Notifications
You may opt out of push notifications at any time through your device settings or the App's settings.
13. Analytics and Tracking
We use the Meta SDK for analytics. On iOS, we request your permission through Apple's App Tracking Transparency (ATT) framework. Advertiser ID collection and auto-log app events are disabled by default.
14. Changes to This Privacy Policy
We will notify you of material changes by posting the updated policy within the App, updating the "Last Updated" date, and sending a push notification or in-app notice for material changes.
15. Contact Us
Invictus Logic LLC
Email: support@cherryai.app
For privacy-specific inquiries, please include "Privacy" in the subject line.
16. Jurisdiction-Specific Disclosures Summary
| Jurisdiction | Key Rights | Applicable Law |
|---|---|---|
| European Union / UK | Access, deletion, correction, portability, restriction, objection, DPA complaint | GDPR / UK GDPR |
| California, USA | Know, delete, correct, opt-out of sale/sharing, limit sensitive data use | CCPA / CPRA |
| Illinois, USA | Biometric data consent, purpose limitation, retention schedule, no sale | BIPA (740 ILCS 14) |
| Texas, USA | Notice, consent, no sale of biometric identifiers | CUBI |
| Washington, USA | Notice, no commercial use of biometric data beyond service | RCW 19.375 |
| Brazil | Access, correction, anonymization, portability, deletion | LGPD |
| Canada | Access, correction, consent withdrawal | PIPEDA |
| All others | Rights as provided by applicable local law | Varies |