Privacy Policy

OfficeSnap is an iOS app that turns a casual selfie into a studio-grade professional headshot or a passport/visa-spec ID photo. To do that, you upload a photo of a face. We treat that photo as the sensitive data it is. This policy explains, in plain language, exactly what we collect, why, how long we keep it, who processes it on our behalf, and the rights you have.

The data controller is Jindong Chen, the sole independent developer of OfficeSnap. You can reach us at support@officesnap.app.

1. Information we collect

Information you provide

• The photos you upload — selfies or face photos used to generate your headshot or ID photo. These contain biometric facial data (see section 1.1).
• Apple Sign In (optional) — if you choose to sign in, we receive an opaque Apple user identifier and the email address you authorize Apple to share.

Information collected automatically

• An anonymous device identifier — generated on first launch, used to attribute credits and outputs to your device.
• Short-term technical logs — IP address, timestamp, app version, and operating system, for security and debugging.
• Pseudonymous product analytics — screen views and taps, with no identity attached.
• Crash telemetry — stack traces, app version, and the anonymous device id, to diagnose crashes.
• Apple IDFA — collected only if you grant the iOS App Tracking Transparency (ATT) prompt, and used only for the AdMob rewarded "watch an ad for +1 credit" feature. This is the only tracking identifier in the app.

What we do NOT collect

• No precise location.
• No contacts, microphone, or health data.
• No name, phone number, or postal address.

1.1 Biometric data and explicit consent (GDPR Article 9)

A photo of a face is special-category personal data under Article 9 of the GDPR. We process it only with your explicit, in-app consent, given before you upload, under Article 9(2)(a). You can withdraw that consent at any time by deleting your account in the app (Settings → Delete account), which removes all your data and generated outputs. If you do not consent, the app cannot generate a result, because the photo is essential to the service.

2. How we use your information

We use your information to deliver the service and nothing more:

• To generate your headshot or ID photo from the photo you upload.
• To screen the input for safety before generation.
• To attribute credits, validate purchases, and refund credits when a generation fails.
• To keep the service secure, debug problems, and fix crashes.
• To understand, in aggregate and pseudonymously, how features are used.
• To deliver rewarded ads, only after you grant the ATT prompt.

Legal bases (EU/UK, GDPR Article 6 and Article 9):

• Generating your result from your face photo — your explicit consent (Art 6(1)(a) and Art 9(2)(a)).
• Validating purchases and keeping tax records — performance of a contract and legal obligation (Art 6(1)(b), Art 6(1)(c)).
• Security, debugging, crash diagnosis, and pseudonymous analytics — our legitimate interest in operating a reliable, safe service (Art 6(1)(f)).
• IDFA / advertising tracking — your consent via the ATT prompt (Art 6(1)(a)).

2.1 Automated moderation (GDPR Article 22)

Before generation, each uploaded photo is screened by an automated moderation system to block unsafe or prohibited content. This automated screening can prevent a particular image from being processed. It does not produce legal or similarly significant effects on you. If a safe image is wrongly blocked, contact support@officesnap.app and a human will review it.

3. Sub-processors

We rely on a small set of trusted service providers to operate OfficeSnap. All are US-based and are covered by Standard Contractual Clauses (EU 2021/914), the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where applicable.

Service	Data it receives	Tracking?	Purpose
Cloudflare	Photos, generated outputs, device id, IP	No	Hosting, storage (R2), database (D1), and request routing via Workers
Replicate	The photo only, for the duration of generation	No	Runs the gpt-image-2 model that generates your result
OpenAI	The input image (Moderation API)	No	Screens the input for safety; retains no images
Google AdMob	Device id and IDFA, only after ATT consent	Yes, only after ATT consent	Rewarded ads ("watch an ad for +1 credit")
PostHog	Pseudonymous events (screen views, taps); no identity	No	Product analytics
Sentry	Crash stack traces, app version, anonymous device id	No	Crash reporting and diagnostics
Apple	In-App Purchase receipt; optional Apple Sign In identifier and email	No	Purchase validation and optional sign-in

We do not use Stripe, Printify, or RevenueCat. AdMob is the only sub-processor that performs any tracking, and only after you grant the ATT prompt.

3.1 App Tracking Transparency (iOS)

OfficeSnap does not track you across other apps and websites unless you allow it. The IDFA is only collected if you tap "Allow" on the iOS App Tracking Transparency prompt, and it is used solely to deliver the AdMob rewarded ad. If you decline, the app still works fully — you simply will not see tracking-based advertising. You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.

4. Where your data lives

OfficeSnap is operated from the United States, and your data is stored and processed in the United States by the sub-processors listed above. Data is encrypted in transit (TLS) and at rest.

5. How long we keep your data

• Generated outputs — kept for 6 months, then auto-purged. You can delete them sooner on request.
• Device identifier — kept until you delete your account.
• Purchase records — kept for 7 years to meet tax obligations.
• Product analytics — kept for 6 months.
• Crash logs — kept for 90 days.
• Technical logs — kept for up to 90 days.

6. Your rights

Under the GDPR, UK GDPR, and the CCPA, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data — in the app, Settings → Delete account removes all your data and generated outputs.
• Restrict or object to processing.
• Receive your data in a portable form.
• Withdraw consent at any time (this does not affect processing already carried out).

To make a request, email support@officesnap.app with "DSAR" in the subject line. We respond within 30 days. The data controller is Jindong Chen.

You also have the right to lodge a complaint with your local data protection authority. In the EU, find yours via edpb.europa.eu; in the UK, the Information Commissioner's Office at ico.org.uk.

7. International data transfers

Because OfficeSnap is operated from the United States, data from the EU, UK, and elsewhere is transferred to and processed in the US. These transfers are protected by Standard Contractual Clauses (EU 2021/914), the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where applicable, together with encryption in transit and at rest.

Cookies and website tracking

The website officesnap.app sets no cookies and uses no browser trackers or analytics whatsoever.

Security

We protect your data with encryption in transit (TLS) and at rest, and we minimise what we keep — most notably by deleting your uploaded photo the instant the generation completes. No system is perfectly secure, but we work to keep your data safe and to retain as little of it as possible.

Children

OfficeSnap is not directed to anyone under 16. The app requires you to confirm you are 16 or older before use. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact support@officesnap.app and we will delete it.

Changes to this policy

We may update this policy as the app evolves. When we do, we will revise the "Last updated" date above and, for material changes, surface a notice in the app.

Contact

Questions about this policy or your data? Email support@officesnap.app (Jindong Chen, OfficeSnap).

Visit Support Back to home