Privacy Policy

Effective Date: February 4, 2026

Last Updated: February 4, 2026

This Privacy Policy describes how Very Good Apps Inc ("we," "us," or "our") collects, uses, and discloses your personal information when you use the REMX (the "App") and our related services.

We take your privacy seriously. This policy is designed to comply with the requirements of the Apple App Store, Google Play Store, and applicable privacy laws including GDPR (Europe), and CCPA/CPRA (California).

By downloading and using the App, you acknowledge that we will process your information as described in this Privacy Policy.

1. Information We Collect

A. Information You Provide to Us

• User Content (Photos and Videos): We collect the images and videos you explicitly choose to upload to the App for processing. We only access images you specifically select; we do not scan your device's library.
• Account Information: If you choose to link an email address to your account, we collect it to allow account recovery and cross-device access.
• Support Communications: If you contact us via email, we collect your message content and contact details to assist you.

B. Information Collected Automatically

• Pseudonymous Device Identifiers: We use identifiers such as the Identifier for Vendors (IDFV) or Android ID to create a pseudonymous account structure. This allows you to use the App without providing personal details like your name or email.
• Usage & Analytics Data: We collect data on how you interact with the App (e.g., features used, session duration, screens visited) to improve user experience.
• Crash & Performance Data: We collect logs regarding app crashes and performance issues (e.g., device type, OS version) to fix bugs.
• Attribution Data: We use third-party tools (such as AppsFlyer) to understand how you found our App (e.g., which ad campaign you clicked on). On iOS, we will only collect the IDFA (Identifier for Advertisers) if you explicitly grant permission via the App Tracking Transparency prompt. If you do not allow tracking, we do not access the IDFA and do not track you across apps and websites owned by other companies.

2. AI Processing & Facial Data

This section explicitly addresses how we handle biometric and AI data to comply with App Store and Google Play policies.

• Cloud AI Processing: When you use our AI features, your uploaded photos/videos are securely transmitted to our servers and processed by trusted third-party cloud AI providers. These providers process the data solely to generate the requested artwork or video and return it to you.
• No Model Training: We do not use your uploaded photos or generated content to train our own artificial intelligence models. Furthermore, our contracts with third-party AI providers prohibit them from using your data to train their general-purpose models.
• Face Detection: In order to generate the requested AI effects, the image processing technology used by our third-party providers analyzes the image to detect the presence and location of a face. We do not use this data to identify specific individuals, nor do we store biometric templates or "face prints." Any technical data related to face location is processed transiently by our providers and is not retained.
• No TrueDepth API: This App does not use the Apple TrueDepth API or collect depth map data from your device's camera sensors.

3. Legal Bases for Processing (GDPR/UK)

If you are located in the EEA or UK, we process your data based on the following legal grounds:

• Performance of Contract: To provide the AI generation services you requested (processing your photos) and to manage your subscription.
• Legitimate Interests: To analyze app usage, ensure security, prevent fraud, and improve our services.
• Legal Obligation: To comply with tax and accounting laws regarding your purchases.
• Consent: Where required (e.g., for tracking technologies or IDFA access), we will ask for your consent, which you can withdraw at any time.

4. Data Retention

We adhere to a strict data minimization policy:

• Original Uploads: Photos and videos you upload are temporarily cached on our secure cloud servers to process your request. They are automatically deleted from our servers and our AI providers' systems within 24 hours after the generation is complete.
• Generated Content: The AI content you create is stored on our servers to allow you to view it in your App History. You may delete this content at any time via the App.
• Server Logs & Backups: Technical logs do not intentionally include your photos. Encrypted database backups may retain certain data (including generated content metadata and, in some cases, content) for up to 30 days for disaster recovery purposes before being securely overwritten.
• Deletion: You can delete all your data immediately using the "Delete Account" or "Erase All Data" button in the App Settings.

5. How We Share Your Information

We do not sell your personal data. We disclose data only to the following categories of service providers ("Processors") who enable the App's functionality:

• Cloud AI Service Providers: To perform the AI image/video generation. They are contractually bound to confidentiality and strict retention limits. A list of current subprocessors is available upon request.
• Cloud Infrastructure: To host our API, store data, and deliver content (e.g., CDNs).
• Analytics & Attribution Partners: To analyze usage trends and marketing performance. AppsFlyer acts as our service provider/processor for attribution and measurement.
• Subscription Processors: To validate your Premium subscription status (e.g., RevenueCat). They do not process your financial details; all payments are handled directly by Apple or Google.
• Legal Compliance: We may disclose your information if required by law (e.g., to comply with a subpoena) or to protect our rights and safety.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and Canada.

• For EEA/UK Users: When we transfer your data outside of Europe, we rely on adequate legal mechanisms, such as the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data remains protected equivalent to GDPR standards.

7. Security

We use commercially reasonable administrative, technical, and physical security measures to protect your information.

• Encryption in Transit: All data sent between the App and our servers is encrypted using SSL/TLS (HTTPS).
• Encryption at Rest: Data stored on our cloud servers is encrypted.
• Access Controls: Access to production servers is restricted to authorized engineers.

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

8. Children’s Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us for immediate deletion.

9. Your Privacy Rights

General Rights

You have the right to access, correct, or delete your personal data. You can exercise the right to deletion instantly within the App Settings.

Notice to California Residents (CCPA/CPRA)

• Categories Collected: We collect Identifiers (Device ID, Email), Visual Information (Photos), and Internet Activity (App Usage).
• Right to Know & Delete: You have the right to request details about the data we collect and to request its deletion.
• Right to Correct: You may correct inaccurate data we hold about you.
• Sensitive Personal Information: While user photos may be considered "Sensitive Personal Information," we limit our use of this data strictly to performing the services reasonably expected by an average consumer (generating your video/photo). We do not use it for inferring characteristics about you.
• No Sale/Share: We do not sell or share personal information as defined by the CPRA, including for cross-context behavioral advertising. We use third-party analytics and attribution partners purely as Service Providers.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Authorized Agents: You may designate an authorized agent to make a request on your behalf. We will require proof of your authorization and verification of your identity.

Notice to European Users (GDPR)

In addition to the rights above, you have the right to data portability, the right to object to processing, and the right to lodge a complaint with your local Data Protection Authority (DPA).

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@verygoodapps.io. We will verify your request by asking you to confirm the email address linked to your account or by verifying your device identifier. We aim to respond to verifiable requests within 45 days (for CCPA) or 30 days (for GDPR).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. We may also provide notice within the App. Your continued use of the App implies acknowledgement of the updated policy.

11. Contact Us

If you have questions about this policy or wish to exercise your rights, please contact us:

Very Good Apps Inc.

• Email: support@verygoodapps.io
• Address: 250-997 Seymour St, Vancouver, BC, V6B 3M1