1. Introduction

This Privacy Policy explains how RioBlocks ("RioBlocks," "we," "us," "our"), the operator of AfterPic, collects, uses, shares, and protects information when you use our websites, mobile applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1. Account Information

When you create an account using third-party authentication providers, we collect:

Google Sign-In:

• Link to your publicly available profile picture
• Email address
• Name as provided by Google

Telegram Sign-In:

• Link to your publicly available profile picture
• Telegram handle
• Name as provided by Telegram

2.2. User Content

Uploaded Images: Images you upload for generation purposes are processed transiently and permanently deleted immediately after processing. We do not store uploaded images on our servers.

Biometric Data Clarification: While we process images that may contain human faces, we do not use facial recognition technology to uniquely identify individuals, nor do we create or store sensitive biometric data such as facial templates.

Prompts: Text prompts you create may be saved in one of two ways based on your preference:

• Server Storage (Default): Prompts are stored encrypted on our servers, associated with your account, accessible only by you, and never used for any other purpose including model training or service improvement.
• Local Storage: Prompts are saved only on your device if you change this setting in your profile preferences.

Generated Outputs: We do not store the images generated by the Service on our servers. Outputs are delivered directly to your device, and you are responsible for saving them.

2.3. Usage Information

We automatically collect certain information when you use the Service, including:

• IP address
• Browser type and version
• Device information (operating system, device identifiers)
• Access times and dates
• Pages viewed and features used
• Generation parameters (image size, quality settings, mode selection)
• Job metadata (queue times, processing duration, success/failure status)

2.4. Payment Information

We use Stripe as our third-party payment processor. We receive limited transaction information from Stripe, including:

• Transaction ID
• Amount paid
• Payment status
• Timestamp

We do not store your full credit card numbers or sensitive payment information. All payment data is handled securely by Stripe.

2.5. Feedback Data

When you submit feedback about generated outputs:

• The specific images associated with that generation job
• Your written comments and feedback
• Timestamp and account ID

This data is stored securely and used solely to improve our services.

2.6. Moderation Logs

When our automated content moderation system detects a violation of our Terms of Service, we may log:

• Account ID
• Timestamp
• AI moderation agent's explanation of why content was blocked

We do not store the flagged images themselves.

2.7. Cookies and Similar Technologies

We use cookies and similar tracking technologies (like local storage) to:

• Maintain your session and keep you logged in;
• Remember your preferences and settings;
• Analyze Service usage and performance;
• Ensure security.

You can control cookie settings through your browser, but disabling certain cookies may limit your ability to use some features of the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1. Service Delivery

• To create and manage your account;
• To process your image generation requests;
• To deliver generated outputs to your device;
• To manage your credits and subscription.

3.2. Service Improvement

• To analyze usage patterns and improve the Service;
• To develop new features and functionality;
• To evaluate feedback (including submitted images) and address technical issues;
• To optimize generation quality and performance.

3.3. Security and Compliance

• To detect and prevent fraud, abuse, and security incidents;
• To enforce our Terms of Service and Acceptable Use Policy;
• To comply with legal obligations.

3.4. Communication

• To send you service-related notifications;
• To respond to your support requests;
• To send promotional communications (only with your consent, where required by law)

3.5. Payment Processing

• To process payments and manage subscriptions through Stripe
• To maintain transaction records for accounting and tax purposes

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

4.1. Service Providers

We share information with trusted third-party service providers (data processors) who assist us in operating the Service:

Authentication: Google and Telegram (for account creation and login)

Payment Processing: Stripe (for processing payments and subscriptions)

Infrastructure: Cloud hosting providers for our servers and processing infrastructure

All service providers are bound by Data Processing Agreements (DPAs) that obligate them to use your information only for the purposes we specify and to protect your information in accordance with this Privacy Policy and applicable laws..

4.2. Content Moderation

Important: All content moderation happens entirely on our own servers. No third-party services or humans have access to your content during the moderation process.

4.3. Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety
• Protection of the rights, property, or safety of our users or the public

4.4. Business Transfers

If AfterPic is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

5.1. Account Information: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your account information immediately, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial records). Important: All Credits associated with your account (including Purchased Credits, Subscription Credits, and Bonus Credits) will be permanently forfeited upon account deletion and cannot be recovered. If you recreate an account, even with the same email address, you will not receive Credits from your previously deleted account.

5.2. Uploaded Images: Uploaded images are held temporarily in memory during generation and are permanently deleted immediately after processing completes. We do not retain uploaded images.

5.3. Prompts: Server-stored prompts are retained until you delete them or delete your account. Locally-stored prompts never reach our servers.

5.4. Generated Outputs: We do not store generated outputs on our servers.

5.5. Feedback Data: Feedback data (images and comments) is retained for a reasonable period to facilitate service improvements, typically up to 12 months, after which it is deleted or anonymized.

5.6. Logs and Analytics: Usage logs, analytics data, and moderation logs are typically retained for up to 12 months, or longer if required by law or to investigate abuse.

5.7. Payment Records: Transaction records are retained for at least 7 years to comply with tax and accounting obligations.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Access Controls: Strict access controls limit who can access user data
• Authentication: Secure authentication mechanisms and session management
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Secure Processing: Image generation happens in isolated, secure processing environments
• Regular Audits: Regular security assessments and vulnerability testing

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1. Access and Correction: You can access and update your account information at any time through your profile settings. You may also request a copy of the personal information we hold about you.

7.2. Deletion: You can delete your account at any time through your account settings. Upon deletion, we will remove or anonymize your personal information within 30 days, except where retention is required by law.

7.3. Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.

7.4. Opt-Out of Communications: You can opt out of promotional emails by clicking the "unsubscribe" link in any marketing email. You cannot opt out of service-related communications.

7.5. Prompt Storage Preference: You can change whether prompts are stored on our servers or locally on your device through your profile settings.

7.6. Cookie Controls: You can manage cookie preferences through your browser settings.

7.7. Model Training Opt-In: By default, your content is not used for model training. If we ever offer an opt-in program, you will have full control over whether to participate.

7.8. Exercising Your Rights: To exercise any of these rights, please contact us. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Children's Privacy

The Service is strictly intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information and terminate the account

9. International Data Transfers

Your information may be processed and stored in countries other than your country of residence, including Brazil. These countries may have data protection laws that differ from those in your country.

When we transfer information internationally, we implement appropriate safeguards, including:

• EU Standard Contractual Clauses (SCCs) for transfers from the EU/EEA
• UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs for transfers from the UK
• Other legally recognized transfer mechanisms

By using the Service, you consent to the transfer of your information to countries outside your country of residence.

10. Region-Specific Rights

10.1. European Economic Area (EEA), United Kingdom, and Switzerland

Data Controller: RioBlocks is the data controller for your personal information.

Legal Basis for Processing:

• Contractual Necessity: Processing necessary to provide the Service (e.g., account management, image generation);
• Legitimate Interests: Processing necessary for our legitimate interests (e.g., security, fraud prevention, service improvement);
• Consent: Where required, we obtain your consent (e.g. marketing communications or non-essential cookies)
• Legal Obligation: Processing necessary to comply with legal requirements

Additional Rights:

• Right to object to processing based on legitimate interests
• Right to restrict processing in certain circumstances
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

10.2. California (CCPA/CPRA)

Your California Rights:

• Right to Know: Request information about the personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: We do not "sell" or "share" personal information as defined by CCPA/CPRA
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

Do Not Sell or Share: We do not sell or share personal information. If we ever engage in such practices, we will provide a "Do Not Sell or Share My Personal Information" link and honor Global Privacy Control (GPC) signals.

10.3. Brazil (LGPD)

Legal Basis for Processing: Performance of a contract, compliance with legal obligations, legitimate interests, consent (where required)

Your Rights:

• Confirmation of processing
• Access to your data
• Correction of incomplete or inaccurate data
• Anonymization, blocking, or deletion
• Data portability
• Information about sharing with third parties
• Revocation of consent

Data Protection Officer: Under ANPD Resolution CD/ANPD No. 2/2023 for small processing agents, we are not currently required to appoint a Data Protection Officer (Encarregado). We maintain a dedicated contact channel.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.

When you use third-party authentication (Google, Telegram), you are subject to their respective privacy policies and terms of service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy. For material changes, we will provide additional notice (e.g., in-app or email notification)

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email:Click to reveal

Support:Click to reveal

Security Issues: [security@afterpic.com]

Abuse Reports: [abuse@afterpic.com]

Postal Address: [Your Company Address]