1. Information We Collect
We collect information to provide better services to all our users. The types of information we collect include:
- Personal Identification Information: Name, email address, phone number (if provided voluntarily by you).
- Usage Data: Information about how you use the Pout app, including features accessed, interaction history, and app usage duration.
- Device Information: Device model, operating system version, unique device identifiers, IP address, and network connection details.
- Location Data: Approximate or precise location data (only if you grant explicit permission).
- Content Data: Photos, videos, or text content you upload or create within the app (if applicable).
- Facial Data: When you take or upload a facial photo through the Pout app, we collect biometric facial data including: facial contour, facial feature points (e.g., eye, nose, cheek position), lip shape, lip contour, lip size, and the state of facial skin (with or without makeup). This data is generated solely from the photos you provide for the app's core functionality and is not collected from any other sources.
2. Purpose of Information Use
We use the collected information for the following legitimate purposes:
- To provide, maintain, and improve the functionality of the Pout app.
- To personalize your user experience and offer customized content, recommendations, and features.
- To communicate with you, including sending service updates, security alerts, and responding to your inquiries.
- To analyze app usage trends and optimize performance and user experience.
- To ensure compliance with legal obligations and protect the security of our users and services.
- To prevent fraud, abuse, or unauthorized access to our platform.
- Specific Purposes for Facial Data:
- AI analysis of facial state (including skin condition, facial features proportion) regardless of makeup status;
- AI analysis of lip state (including lip shape, lip size, lip contour, lip skin condition);
- Generating personalized lip makeup suggestions based on the analyzed facial and lip data;
- Limiting the number of free analyses to one per day per user (verifying the uniqueness of the user's analysis request through facial feature recognition without storing full facial biometrics for this purpose).
We do not use facial data for any other purposes beyond the above, and will not use facial data for targeted advertising, user profiling (except for the core functionality of the app), or any other unstated purposes.
3. Third-Party Service Data Processing
We may engage third-party service providers to assist in operating our app and delivering services. These third parties may process your data on our behalf, subject to strict contractual obligations:
- Third-party analytics providers (e.g., Google Analytics) to track app usage and improve performance. These providers do not have access to raw facial data, only aggregated and anonymized usage data related to the app's feature usage (e.g., number of users using the facial analysis feature).
- Cloud storage providers (AWS Cloud Storage / Apple iCloud Storage, depending on the user's device system) to store user-uploaded photos and derived facial data securely. These cloud storage providers are contractually prohibited from accessing, viewing, or using facial data for any purpose other than providing storage services to us.
- Payment processors (if applicable) to handle financial transactions. These processors do not have access to any facial data.
- Advertising partners (if applicable) to deliver relevant ads (with your consent where required by law). These partners do not receive any facial data from us.
Sharing of Facial Data with Third Parties: We do not sell, rent, or transfer raw facial data to any third parties for their own use. Facial data may only be processed by our contracted cloud storage providers as described above, and such processing is limited to storage services only. No other third parties receive access to your facial data. We will not share facial data with third parties except in the limited scenarios outlined in Section 4 (Scenarios for Information Sharing), and in such cases, facial data will be subject to the same restrictions and protections as other personal information.
All third parties are prohibited from using your personal information for their own purposes and must comply with applicable data protection laws.
4. Scenarios for Information Sharing
We do not sell your personal information to third parties. We may share your information only in the following limited scenarios:
- With your explicit consent (e.g., sharing content with other users via the app; facial data will only be shared if you actively choose to share your analysis results/photos with others, and the shared content is controlled by you).
- With service providers who process data on our behalf (as outlined in Section 3; facial data shared with cloud storage providers is only for storage purposes and subject to strict contractual restrictions).
- To comply with legal requirements, such as responding to court orders, subpoenas, or regulatory requests. In such cases, we will only disclose facial data if legally required, and will take reasonable steps to challenge overbroad requests to protect user privacy.
- To protect the rights, property, or safety of Pout, our users, or the public (e.g., investigating fraud or addressing security threats). Facial data may be used in this scenario only if necessary to prevent harm or address illegal activities, and will not be disclosed to third parties except as required to protect such interests.
- In connection with a business transaction (e.g., merger, acquisition, or sale of assets), where your data may be transferred as part of the transaction (with prior notice where required by law). Any transferee will be bound by the same privacy obligations regarding facial data as outlined in this policy, and we will require the transferee to maintain the same level of protection for facial data.
Storage Location of Facial Data: Facial data collected by the Pout app is stored on secure cloud servers located in the United States (for AWS Cloud Storage) or in the region corresponding to your Apple ID (for Apple iCloud Storage). All facial data storage complies with applicable data protection laws (e.g., GDPR for EU users, CCPA for California users) and is encrypted in transit and at rest (as outlined in Section 5).
5. Security Measures
We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:
- Encryption of sensitive data (e.g., personal identification information, facial data) in transit (via TLS 1.3) and at rest (AES-256 encryption).
- Access controls to limit employee access to personal data (only authorized personnel with a legitimate need to process facial data for app functionality have access, and such access is logged and monitored).
- Regular security audits and vulnerability assessments of our systems, including the systems used to store and process facial data.
- Employee training on data protection and privacy best practices, with specific training on handling facial biometric data.
- Secure data storage practices and regular backups to prevent data loss (backups of facial data are also encrypted and stored in a separate secure location).
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously update our measures to mitigate risks.
6. User Rights Regarding Data
You have the following rights regarding your personal information, subject to applicable data protection laws (e.g., GDPR, CCPA):
- Right to access: Request a copy of the personal information we hold about you, including all collected facial data and details of how it has been used and stored.
- Right to correction: Request correction of inaccurate or incomplete personal data (including facial data-related analysis results, if applicable).
- Right to deletion: Request deletion of your personal information (including all facial data and uploaded photos) (where we have no legal obligation to retain it). Upon request, we will delete facial data within 7 business days, except where retention is required to comply with legal obligations.
- Right to restriction: Request restriction of processing of your data in certain circumstances (e.g., if you dispute the accuracy of your facial data, we will restrict processing until the dispute is resolved).
- Right to data portability: Request transfer of your personal data (including facial data in a machine-readable format) to another service provider (where technically feasible).
- Right to withdraw consent: If you previously consented to data processing, you may withdraw consent at any time (without affecting lawfulness of processing before withdrawal). Withdrawal of consent for facial data collection will result in the inability to use the app's core facial analysis and lip makeup suggestion features.
To exercise these rights, please contact us at the email address provided at the end of this policy.
7. Children's Privacy Protection
The Pout app is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age:
- If we become aware that we have collected personal information (including facial data) from a child without parental consent, we will take steps to delete such information promptly (within 48 hours of discovery).
- Parents or legal guardians who believe their child has provided personal information (including facial data) to us may contact us to request deletion.
8. Policy Update Mechanism
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological developments:
- We will notify you of material changes to this policy (including changes related to facial data collection, use, storage, or sharing) via in-app notification, email (if we have your contact information), or by posting the updated policy on our app/website.
- The updated policy will take effect on the effective date stated at the top of the document, and continued use of the app after this date constitutes acceptance of the updated terms.
- We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data, including facial data.
9. Retention Period of Facial Data
We retain facial data only for the period necessary to fulfill the purposes for which it was collected, as outlined in Section 2. The specific retention periods are as follows:
- Facial data derived from your uploaded/taken photos (including facial contour, lip shape, and analysis results) is retained for 30 days from the date of collection, unless you choose to save the analysis results in the app (in which case the data is retained until you request deletion or delete your account).
- Uploaded photos used to generate facial data are retained for 7 days from the date of upload (to allow you to re-access the analysis results within the 7-day window) unless you choose to save the photos in the app (in which case the photos are retained until you request deletion or delete your account).
- Anonymized and aggregated facial data (data that cannot be linked to any individual user, e.g., aggregate trends in lip shape preferences) may be retained indefinitely for the purpose of improving app functionality and user experience, but such data does not contain any personally identifiable information.
- Upon deletion of your account or request for facial data deletion (as outlined in Section 6), all facial data and uploaded photos are permanently deleted from our servers within 7 business days, and backups are also purged within 14 business days.
- We may retain facial data for a longer period if required by applicable law (e.g., tax, audit, or legal compliance requirements), but only for the minimum period required by law, and will delete the data once the legal obligation expires.