Privacy Policy
Last updated: July 14, 2026
ModyPixl (“we”, “our”, “us”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, how long we keep it, and what rights you have, when you use the ModyPixl app and website (“Services”).
Short version
We collect the minimum needed to run your account, AI generations, and credit billing. AI inputs (your photos, prompts) are sent only to our own servers, auto-screened for safety, processed, and not retained beyond the request — generated results are delivered to you and purged from our servers within minutes. We do not use your content to train AI models. We do not sell your data. You have full GDPR / DPDP / CCPA rights to access, export, and delete your data.
1. Data We Collect
We collect information you provide directly and information collected automatically:
- Account data: Name, email address, and authentication credentials (Firebase Auth) when you sign up.
- Wallet data: Your credit balance, top-up history, and per-generation credit ledger entries (stored in Firestore). We do not store payment card details — those are held by our payment processors (Paddle, Apple, Google).
- Generation inputs (transient): Photos, prompts, audio reference, and language preferences you send when using AI templates. These are processed and discarded — see Section 3.
- Generation outputs: The AI image / video / audio result is delivered back to your device. We do not store the output server-side after delivery.
- Usage and security data: Feature usage, generation success/failure counts, hashed IP, device fingerprint (one-way hash), crash reports, and security-event logs used to detect abuse and run our rate-limit / anomaly guard. Used to keep the Services safe and reliable.
- Device data: Device type, OS version, app version, locale — for compatibility and bug triage.
2. How AI Generations Are Processed
When you tap “Generate” on an AI template, the following happens:
- Your inputs (template ID, your photo if any, prompt, language) are sent securely from your device to our backend (HMAC-signed and AES-256-GCM-encrypted at the app layer, plus TLS in transit).
- Our backend runs a content-moderation check on the prompt. Prompts that violate our content policy are rejected before any model is invoked.
- Automated safety screening of uploads: every uploaded image and video is automatically analysed by an on-server safety classifier solely to screen for prohibited content (nudity / sexual content and related policy violations) at generation time. Screening is fully automated, happens in memory as part of the request, and is not used for profiling, identification, advertising, or any other purpose. Requests that fail screening are blocked before generation and the credits are refunded.
- The request is dispatched to our self-hosted GPU AI worker. The worker holds the inputs in memory only for the duration of the generation.
- The output (image / video / audio) is returned to your device with embedded machine-readable AI-provenance metadata (see Terms §4).
- The inputs and outputs are not retained on our worker or backend after delivery. Results are held in memory only until they reach you and are purged within minutes. All that remains is a short-lived security and abuse-detection log recording template ID, success/failure, and elapsed time — no prompt or image content.
We do not use your inputs or outputs to train any AI model, nor do we share them with third-party model providers. All inference runs on AI infrastructure we operate.
3. Face and Voice Data — Consent and Sensitivity
Photos containing faces and audio containing voices receive additional protections under GDPR (Art. 9 special categories) and India's DPDP Act:
- You must affirm consent before uploading a face or voice (the in-app consent checkbox).
- Face and voice inputs are processed strictly for the requested generation and discarded immediately afterward.
- We do not perform identity recognition, face matching, or any biometric profiling against your uploads.
- We do not retain face / voice embeddings beyond the generation.
You are responsible for ensuring that any face or voice you upload belongs either to you or to a person who has given you clear permission — see Terms §7.
4. On-Device Processing (No Server Calls)
Several editor features run entirely on-device using Google ML Kit and the Flutter image package — no inputs leave your phone:
- Body Editor (pose-detection-based mesh warping)
- Face contour detection inside the photo editor
- Background blur, healing/clone, filters, adjustments, crop, rotation
- Canvas editor — layers, text, shapes, drawing, exports
No biometric, body-measurement, or sensor data from these features is transmitted to our servers.
5. Cookies and Tracking
The ModyPixl website uses essential cookies for authentication and preferences. We use minimal analytics cookies (anonymised usage metrics) to improve the product. You can manage cookie preferences in your browser settings. See our Cookie Policy for details.
6. Third-Party Services
We use the following third-party services and rely on each provider's own privacy practices:
- Firebase Auth / Firestore (Google) — account authentication, App Check, and storage of wallet balances + credit ledger.
- Self-hosted GPU AI workers — AI generation (no third-party AI provider has access to your inputs).
- Paddle.com — web payments (Merchant of Record — handles tax and chargebacks).
- RevenueCat — mobile in-app purchase receipt validation.
- Apple App Store / Google Play — mobile credit purchases.
- Google AdMob — advertising in some free-tier surfaces (subject to your consent where required).
- Cloudflare — DDoS protection, edge caching, and traffic filtering for our backend.
- Google ML Kit — on-device only; no data is sent to Google for these features.
7. Data Retention
We retain data for the minimum necessary period:
- Account data — for as long as your account is active. Deleted within 30 days of account closure (some financial records kept up to 7 years for tax / accounting compliance under Indian law).
- Credit ledger — retained for the financial-records period (typically 7 years) for audit and refund/chargeback dispute resolution.
- Generation inputs (prompts / photos / audio) — not retained beyond the generation request.
- Generation outputs — not retained server-side after delivery to your device.
- Security / abuse logs — retained up to 90 days for anomaly detection.
- Cloud sync of local design files — only stored if you explicitly enable cloud sync (off by default).
8. Your Rights (GDPR / DPDP / CCPA)
Depending on your location, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (“right to be forgotten”) — subject to lawful retention obligations for financial records.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing or withdraw consent.
- Opt out of the sale or sharing of personal information (CCPA / CPRA). We do not sell your personal information.
- Lodge a complaint with your local data-protection authority (GDPR / DPDP supervisory authority).
- Nominate a representative to exercise rights on your behalf in the event of incapacity or death (India DPDP Act 2023).
To exercise any of these rights, email us at contact@mvirai.com. We respond within 30 days (or 45 days for complex requests, with notice). There is no charge for reasonable requests.
9. International Data Transfers
Our backend and AI workers may be hosted in multiple regions (currently primarily EU and North America). Where personal data is transferred outside your home jurisdiction, we rely on standard contractual clauses or other recognised safeguards where required by GDPR / DPDP / UK GDPR.
10. India DPDP Act — Specific Disclosures
ModyPixl processes personal data within the meaning of India's Digital Personal Data Protection Act, 2023 (“DPDP”). The grounds we rely on for processing:
- Consent — for AI generation using face / voice uploads (see Section 3).
- Legitimate use — for account operation, security, fraud prevention, and abuse detection.
- Performance of a contract — for delivering paid generations using your credits.
You can withdraw consent at any time by emailing us. Withdrawal does not affect processing done before withdrawal but stops the relevant processing going forward.
11. EU AI Act — Synthetic Content Labelling
ModyPixl embeds machine-readable AI-provenance metadata in every AI-generated output — PNG provenance text chunks for images and equivalent container metadata for video and audio, including the IPTC digital source type trainedAlgorithmicMedia — supporting Article 50 of the EU AI Act for generative AI systems. This labelling is always applied and must not be removed when you share the output. When you publish AI Output on third-party platforms, you must also set those platforms' AI-content disclosure flags — see Terms §9.
12. Children's Privacy
ModyPixl is not intended for children under 13 years of age (or 16 where local law requires a higher age, such as some EU member states). We do not knowingly collect personal information from children under those ages. If you believe a child has provided us with personal data, contact us and we will delete it immediately.
13. Data Security
We implement defence-in-depth security measures including:
- TLS encryption for all data in transit.
- HMAC-SHA256 signing on every API call to prevent tampering and replay.
- AES-256-GCM application-layer payload encryption on sensitive endpoints.
- Firebase Auth + Firebase App Check (prevents non-app clients from calling the backend).
- Encrypted credentials for upstream AI infrastructure (the key never appears in client-readable form).
- IP allowlists, Cloudflare edge filtering, anomaly guard, circuit breaker, and rate limiting.
- Multi-language content moderation on every prompt and reference image.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security; but we work continuously to improve.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Services after changes constitutes acceptance.
15. Contact Us
For privacy questions, data-subject requests, or to contact our Grievance Officer (India DPDP Act), email us at contact@mvirai.com. We respond within 30 days for routine requests and within 7 days for the initial acknowledgement.