top of page

HeyPic Ai

Privacy Policy

HeyPicAI Privacy Policy

Last Updated: July 17, 2025

This Privacy Policy explains how HeyPic (“Company”, “we”, “us”), a company based in Turkey, collects, uses, discloses, and protects your information when you use the HeyPic mobile application (“App” or “Service”). This Policy complies with the General Data Protection Regulation (GDPR) and Turkish Personal Data Protection Law (KVKK).

By using the App, you agree to the terms of this Policy. If you do not agree, please do not use the App.

 

1. Definitions

  • Personal Data: Any information that relates to an identified or identifiable individual.

  • Usage Data: Data collected automatically during app usage (e.g. session duration, filter usage).

  • Face Data: Biometric or visual data derived from photos for AI filter application.

  • Device: Any device capable of accessing the App, such as a smartphone or tablet.
     

  • Service Providers: Third parties who process data on our behalf (e.g. for hosting, analytics).
     

 

2. What Data We Collect

a. Personal Data

When you use the App, we may collect:

  • Email address (optional or required for subscription)
     

  • Photos uploaded by you
     

  • Face data (for filter generation only)
     

  • Payment information (processed by App Store, not stored by us)
     

  • In-app purchase history
     

b. Usage Data

Automatically collected:

  • Device type, OS, and region
     

  • Session timestamps
     

  • In-app interactions
     

  • Filter preferences
     

  • Coin balance and generation logs
     

c. Device Permissions

HeyPic may request access to:

  • Camera
     

  • Photo gallery (read and write access)
     

 

3. How We Use Your Data

We use your data to:

  • Provide the photo and video transformation service
     

  • Apply filters based on uploaded content
     

  • Store and manage generated outputs temporarily
     

  • Analyze app usage and improve features
     

  • Personalize user experience
     

  • Handle payments and subscriptions (via Apple)
     

Your face data is never sold, shared, or used for training AI models, except in anonymized, aggregated form for internal model improvement. All face data is processed either locally or securely via encrypted cloud-based pipelines.

 

4. Legal Basis for Processing

We process your data based on:

  • Your explicit consent (GDPR Art. 6(1)(a); KVKK Art. 5/1)
     

  • Performance of a contract (e.g., subscription features)
     

  • Legal obligations (e.g., record keeping for financial compliance)
     

  • Legitimate interests (e.g., improving our services)
     

You may withdraw your consent at any time by contacting us or deleting your account.

 

5. Data Retention

We retain your personal data only as long as:

  • You have an active account
     

  • It is needed to provide the service
     

  • Required by law (e.g., payment records)
     

  • Needed to detect misuse or abuse
     

Uploaded photos and associated data are stored temporarily and may be deleted at your request.

 

6. User Rights (GDPR & KVKK)

You have the right to:

  • Request access to your data
     

  • Correct inaccurate data
     

  • Request deletion of your data (“right to be forgotten”)
     

  • Restrict or object to processing
     

  • Data portability (where applicable)
     

  • File a complaint with a supervisory authority (e.g., KVKK Board or EU DPA)
     

Contact us at hello@heypicai.com to exercise any of these rights.

 

7. Data Transfers & Storage

HeyPic uses Google Cloud Platform for image processing and secure storage. Your data may be stored or processed outside your country of residence. We ensure that all such transfers comply with GDPR and KVKK, using:

  • Data Processing Agreements (DPAs)
     

  • Standard Contractual Clauses (SCCs) if required
     

 

8. Security Measures

We implement appropriate technical and organizational security measures including:

  • TLS/SSL encryption
     

  • Server-side hashing and storage controls
     

  • Access control and auditing
     

  • Error logging via Crashlytics
     

  • Limited retention of face data
     

In the event of a data breach, we will notify users and relevant authorities in accordance with applicable law.

 

9. Children’s Privacy

HeyPic is not intended for users under the age of 13. We do not knowingly collect personal data from children. If we learn that a child has submitted data, we will delete it immediately. Parents or guardians may contact us to request data removal.

 

10. Analytics and Tracking Tools

We use third-party tools such as:

  • Firebase (Google) – analytics, performance
     

  • Appsflyer – attribution and ad measurement
     

  • Mixpanel – event-based user behavior tracking
     

These tools collect non-personalized usage data, device type, and anonymized app activity.

 

11. Third-Party Services

HeyPic may link to third-party services (e.g., Apple Pay, cloud processors). We are not responsible for the privacy practices of third parties. Please refer to their respective policies.

 

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via:

  • In-app message
     

  • Email (if provided)
     

You are advised to review this policy periodically for any changes.

 

13. Contact Us

If you have any questions about this Privacy Policy or your data rights, contact us at:

hello@heypicai.com

bottom of page