Privacy Policy
Your privacy matters to us. This policy explains what data we collect, how we use it, and what control you have over it. We encourage you to read it in full.
01
Who We Are
ThisPrank ("we," "us," or "our") operates the ThisPrank web application (the "Service"), an AI-powered photo manipulation platform for creative entertainment. This Privacy Policy describes how we collect, use, store, and share information about you when you use the Service.
For questions about this policy or your personal data, contact us at hi@thisprank.com.
02
Data We Collect
Information You Provide Directly
| Data Type | Description |
|---|---|
| Account Data | Name, email address, and password (hashed) when you create an account |
| Uploaded Images | Photographs you submit for manipulation, which may include images of yourself or others |
| Text Prompts | The instructions or descriptions you provide to guide the AI editing process |
| Payment Data | Billing information processed by Dodo Payments; we do not store card details directly |
| Communications | Messages you send to our support team |
Data Collected Automatically
| Data Type | Description |
|---|---|
| Usage Data | Pages visited, features used, generation history, session duration |
| Device Data | IP address, browser type, operating system, device identifiers |
| Log Data | Server logs, error reports, API request metadata |
| Cookies | Authentication tokens, preference settings, and analytics cookies (see Section 10) |
Data from Third Parties
We may receive limited data from payment processors (Dodo Payments) and authentication providers (e.g., Google OAuth if you choose to sign in with Google), limited to what is necessary to operate your account.
03
How We Use Your Data
We use collected data for the following purposes:
- Providing the Service: Processing your images, executing AI edits, storing your generation history in Firebase Firestore
- Account Management: Creating and maintaining your account, authenticating your identity
- Payment Processing: Facilitating transactions and managing subscriptions through Dodo Payments
- Safety & Moderation: Detecting and preventing violations of our Terms of Service, including prohibited content
- Service Improvement: Analyzing usage patterns to improve AI quality, performance, and user experience
- Communications: Sending transactional emails (receipts, account notifications) and, with your consent, promotional communications
- Legal Compliance: Meeting our obligations under applicable law, responding to legal requests
We do not sell your personal data to third parties. We do not use your uploaded images to train our AI models without your explicit, separate consent.
04
Legal Basis for Processing
We process your data under the following legal bases (relevant to applicable law in your jurisdiction):
- Contractual necessity: Processing required to deliver the Service you have signed up for
- Legitimate interests: Analytics, fraud prevention, and service improvement, where these do not override your rights
- Consent: Marketing communications and any optional data processing you explicitly agree to
- Legal obligation: Compliance with applicable laws, court orders, and regulatory requirements
05
Data Sharing & Third Parties
We share your data only with the following categories of recipients, and only as necessary:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google (Firebase) | Database, file storage, authentication | Account data, images, generation history |
| Google (Gemini AI) | AI image generation processing | Uploaded images, text prompts |
| Dodo Payments | Payment processing | Billing info, purchase history |
| Analytics Providers | Aggregate usage analytics | Anonymized/pseudonymized usage data |
| Legal Authorities | Legal compliance when required by law | As required by valid legal process |
All third-party service providers are contractually required to process your data only for the specified purposes and in compliance with applicable data protection law.
06
Image Data & Biometric Considerations
Because our Service processes photographs that may contain human faces, we want to be especially transparent about this category of data:
- Face processing: When you upload an image containing a face, our AI pipeline analyzes facial geometry (structure, symmetry, texture) to maintain photorealistic identity consistency in the edited output. This processing occurs transiently during generation.
- No biometric database: We do not create persistent biometric profiles or store face recognition templates derived from your images.
- Image storage: Uploaded input images and generated output images are stored in Firebase Storage associated with your account to support your generation history. You may delete them at any time from your account settings.
- Consent responsibility: You are responsible for ensuring you have appropriate consent from any individuals who appear in images you upload, as required by our Terms of Service and applicable law.
- Retention: Images are retained as described in Section 7 and deleted upon account deletion.
If you reside in a jurisdiction with specific biometric privacy laws (e.g., Illinois BIPA, Texas CUBI, or similar state laws), please contact us at hi@thisprank.com to understand how these laws may apply to your use of the Service.
07
Data Retention
We retain your data for as long as your account is active or as necessary to provide the Service:
- Account data: Retained for the lifetime of your account, plus up to 30 days after deletion to allow for recovery requests
- Uploaded & generated images: Stored until you delete them or delete your account
- Generation history metadata: Retained for up to 12 months after account deletion for fraud prevention and legal compliance
- Payment records: Retained for 7 years as required by financial regulations
- Server logs: Automatically purged after 90 days
08
Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256 via Firebase)
- Firebase Security Rules to prevent unauthorized data access
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security reviews and vulnerability assessments
However, no system is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law, without undue delay.
09
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you
Rectification
Correct inaccurate or incomplete data
Erasure
Request deletion of your data ("right to be forgotten")
Portability
Receive your data in a structured, machine-readable format
Restriction
Request that we limit how we process your data
Objection
Object to processing based on legitimate interests
Withdraw Consent
Withdraw consent for processing where consent is the legal basis
Non-Discrimination
We will not discriminate against you for exercising your privacy rights
To exercise any of these rights, contact us at hi@thisprank.com. We will respond within 30 days. We may need to verify your identity before processing your request.
10
Cookies & Tracking
We use cookies and similar technologies for the following purposes:
- Essential cookies: Required for authentication and core Service functionality (cannot be disabled)
- Preference cookies: Store your settings and preferences across sessions
- Analytics cookies: Help us understand how users interact with the Service (you may opt out)
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising cookies or tracking pixels for ad targeting.
11
Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete that data promptly.
If you believe a minor has provided us with personal data, please contact us at hi@thisprank.com immediately.
12
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice within the Service at least 14 days before the changes take effect.
The "Last Updated" date at the top of this policy reflects the most recent revision. We encourage you to review this policy periodically.
13
Contact & Data Inquiries
For any privacy-related questions, requests, or complaints, please contact our privacy team:
- Email: hi@thisprank.com
- Response time: We aim to respond to all inquiries within 30 days
If you are not satisfied with our response, you may have the right to lodge a complaint with the data protection authority in your jurisdiction.
Privacy questions?
Our team is here to help you understand and exercise your privacy rights.
hi@thisprank.comThisPrank