Privacy Policy
Effective date: June 1, 2026
This Privacy Policy explains how the CreatePicAI mobile application ("the App", "we", "our") handles information when you use it. By using the App you agree to the practices described below.
1. Who we are
CreatePicAI is an AI-powered image generation mobile application developed and operated by an independent developer. You can contact us at sepbat8@gmail.com.
2. Information we process
To enable account-bound features such as cloud-synced credits and a generation history that follows you across devices, CreatePicAI uses Google Sign-In. The following information is processed when you use the App:
- Google account profile (your Google account ID, email address, display name, and profile picture URL). This is received from Google after you sign in and is stored in our database to identify your account and personalize your profile screen.
- Prompts you type (text describing the image you want). Prompts are sent to our backend proxy and forwarded to our AI provider to generate the image. Prompts are also stored together with the generated image URL in your account's history so you can view past creations.
- Reference images you upload (optional, image-to-image feature). The image is sent to our backend proxy and forwarded to the AI provider. We do not store these images on our backend after the request completes.
- Generated image URLs. Returned by the AI provider and shown in the App. URLs are stored in our database as part of your generation history. The underlying image files are hosted by the AI provider and may expire over time.
- Credit balance. The number of generation credits associated with your account is stored in our database.
- Local app state (selected language, theme, history cache, onboarding status, authentication token). This data is stored only on your device using the operating system's local storage.
- Standard request metadata processed by our hosting providers to deliver the service, such as IP address, request timestamp, and basic HTTP headers. This data is processed only to operate, secure, and debug the service and is not used to build a profile of you.
We do not collect:
- Your phone number, address, or government IDs.
- Your contacts, calendar, or location.
- Photos from your gallery — only the specific image you choose to upload is processed.
- Advertising identifiers; the App does not show ads and does not include third-party advertising SDKs.
3. Third-party processors
To deliver the core feature of the App (AI image generation, sign-in and cloud sync) we use the following third-party services:
- Google LLC — provides Google Sign-In and the OAuth identity service used to authenticate you. See Google's privacy policy: https://policies.google.com/privacy.
- Replicate, Inc. — hosts the AI image generation models (Flux 1.1 Pro Ultra by Black Forest Labs). Your prompt and any reference image you upload are sent to Replicate for the sole purpose of generating the requested image. See Replicate's privacy policy: https://replicate.com/privacy.
- Render Services, Inc. — hosts our backend proxy that securely forwards requests to Replicate without exposing API credentials on your device. See Render's privacy policy: https://render.com/privacy.
- Supabase Inc. — hosts the PostgreSQL database that stores your account, credit balance and generation history. See Supabase's privacy policy: https://supabase.com/privacy.
For non-English prompts, the prompt is translated to English before being passed to the image model, using a language model hosted on Replicate. The translation is performed for image generation purposes only and is not stored.
4. How long we keep data
- Account data and history (account profile, credit balance, prompts, image URLs): kept until you delete individual items or sign out and request account deletion via the support email below.
- On your device: until you delete the data from within the App or uninstall the App.
- On our backend logs: we do not maintain a long-term log database. Standard request logs are kept for a short period for security and debugging and are then rotated.
- At Replicate: retention is governed by Replicate's own policies, linked above.
5. Children
CreatePicAI is not directed to children under the age of 13 (or the applicable minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has used the App in a way that has resulted in data being processed, please contact us so we can take appropriate action.
6. Security
All network requests between the App and our backend, between our backend and Replicate, and between our backend and the database, are made over HTTPS or TLS. API credentials for Replicate and database credentials are stored only on our backend and are never embedded in the mobile App. Sign-in tokens are stored only on your device's secure local storage and on our backend in transit during request authentication.
7. Your rights
You have the following choices regarding your data:
- Delete individual items from your history inside the App.
- Sign out from the App, which removes your authentication token from the device.
- Uninstall the App, which removes all locally stored data. Your account data on our backend is retained unless you request deletion.
- Account deletion: contact us at sepbat8@gmail.com with the subject "Account deletion" and the email address you used to sign in. We will remove your account, credit balance and generation history from our database. If you are located in the EU/EEA, UK, or California, you have the right to ask whether we process personal data relating to you, to request access, correction, or deletion, and to lodge a complaint with your local data protection authority.
8. AI-generated content
Images created with the App are generated by an AI model based on your prompt. You can delete any generated content from your account at any time. If you believe a piece of content violates our policy or applicable law, please contact us at the support email below.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Material changes will be communicated inside the App where reasonable.
10. Contact
If you have any questions about this Privacy Policy, please contact us at sepbat8@gmail.com.
← Back