Legal Document

Privacy Policy

Effective: June 1, 2025Last Updated: June 1, 2025Version: 1.0

Your privacy matters to us. This policy explains what data we collect, how we use it, and what control you have over it. We encourage you to read it in full.

01

Who We Are

ThisPrank ("we," "us," or "our") operates the ThisPrank web application (the "Service"), an AI-powered photo manipulation platform for creative entertainment. This Privacy Policy describes how we collect, use, store, and share information about you when you use the Service.

For questions about this policy or your personal data, contact us at hi@thisprank.com.

02

Data We Collect

Information You Provide Directly

Data TypeDescription
Account DataName, email address, and password (hashed) when you create an account
Uploaded ImagesPhotographs you submit for manipulation, which may include images of yourself or others
Text PromptsThe instructions or descriptions you provide to guide the AI editing process
Payment DataBilling information processed by Dodo Payments; we do not store card details directly
CommunicationsMessages you send to our support team

Data Collected Automatically

Data TypeDescription
Usage DataPages visited, features used, generation history, session duration
Device DataIP address, browser type, operating system, device identifiers
Log DataServer logs, error reports, API request metadata
CookiesAuthentication tokens, preference settings, and analytics cookies (see Section 10)

Data from Third Parties

We may receive limited data from payment processors (Dodo Payments) and authentication providers (e.g., Google OAuth if you choose to sign in with Google), limited to what is necessary to operate your account.

03

How We Use Your Data

We use collected data for the following purposes:

  • Providing the Service: Processing your images, executing AI edits, storing your generation history in Firebase Firestore
  • Account Management: Creating and maintaining your account, authenticating your identity
  • Payment Processing: Facilitating transactions and managing subscriptions through Dodo Payments
  • Safety & Moderation: Detecting and preventing violations of our Terms of Service, including prohibited content
  • Service Improvement: Analyzing usage patterns to improve AI quality, performance, and user experience
  • Communications: Sending transactional emails (receipts, account notifications) and, with your consent, promotional communications
  • Legal Compliance: Meeting our obligations under applicable law, responding to legal requests

We do not sell your personal data to third parties. We do not use your uploaded images to train our AI models without your explicit, separate consent.

04

Legal Basis for Processing

We process your data under the following legal bases (relevant to applicable law in your jurisdiction):

  • Contractual necessity: Processing required to deliver the Service you have signed up for
  • Legitimate interests: Analytics, fraud prevention, and service improvement, where these do not override your rights
  • Consent: Marketing communications and any optional data processing you explicitly agree to
  • Legal obligation: Compliance with applicable laws, court orders, and regulatory requirements

05

Data Sharing & Third Parties

We share your data only with the following categories of recipients, and only as necessary:

RecipientPurposeData Shared
Google (Firebase)Database, file storage, authenticationAccount data, images, generation history
Google (Gemini AI)AI image generation processingUploaded images, text prompts
Dodo PaymentsPayment processingBilling info, purchase history
Analytics ProvidersAggregate usage analyticsAnonymized/pseudonymized usage data
Legal AuthoritiesLegal compliance when required by lawAs required by valid legal process

All third-party service providers are contractually required to process your data only for the specified purposes and in compliance with applicable data protection law.

06

Image Data & Biometric Considerations

Because our Service processes photographs that may contain human faces, we want to be especially transparent about this category of data:

  • Face processing: When you upload an image containing a face, our AI pipeline analyzes facial geometry (structure, symmetry, texture) to maintain photorealistic identity consistency in the edited output. This processing occurs transiently during generation.
  • No biometric database: We do not create persistent biometric profiles or store face recognition templates derived from your images.
  • Image storage: Uploaded input images and generated output images are stored in Firebase Storage associated with your account to support your generation history. You may delete them at any time from your account settings.
  • Consent responsibility: You are responsible for ensuring you have appropriate consent from any individuals who appear in images you upload, as required by our Terms of Service and applicable law.
  • Retention: Images are retained as described in Section 7 and deleted upon account deletion.

If you reside in a jurisdiction with specific biometric privacy laws (e.g., Illinois BIPA, Texas CUBI, or similar state laws), please contact us at hi@thisprank.com to understand how these laws may apply to your use of the Service.

07

Data Retention

We retain your data for as long as your account is active or as necessary to provide the Service:

  • Account data: Retained for the lifetime of your account, plus up to 30 days after deletion to allow for recovery requests
  • Uploaded & generated images: Stored until you delete them or delete your account
  • Generation history metadata: Retained for up to 12 months after account deletion for fraud prevention and legal compliance
  • Payment records: Retained for 7 years as required by financial regulations
  • Server logs: Automatically purged after 90 days

08

Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256 via Firebase)
  • Firebase Security Rules to prevent unauthorized data access
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security reviews and vulnerability assessments

However, no system is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law, without undue delay.

09

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data ("right to be forgotten")

Portability

Receive your data in a structured, machine-readable format

Restriction

Request that we limit how we process your data

Objection

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent for processing where consent is the legal basis

Non-Discrimination

We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at hi@thisprank.com. We will respond within 30 days. We may need to verify your identity before processing your request.

10

Cookies & Tracking

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication and core Service functionality (cannot be disabled)
  • Preference cookies: Store your settings and preferences across sessions
  • Analytics cookies: Help us understand how users interact with the Service (you may opt out)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising cookies or tracking pixels for ad targeting.

11

Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete that data promptly.

If you believe a minor has provided us with personal data, please contact us at hi@thisprank.com immediately.

12

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice within the Service at least 14 days before the changes take effect.

The "Last Updated" date at the top of this policy reflects the most recent revision. We encourage you to review this policy periodically.

13

Contact & Data Inquiries

For any privacy-related questions, requests, or complaints, please contact our privacy team:

  • Email: hi@thisprank.com
  • Response time: We aim to respond to all inquiries within 30 days

If you are not satisfied with our response, you may have the right to lodge a complaint with the data protection authority in your jurisdiction.

Privacy questions?

Our team is here to help you understand and exercise your privacy rights.

hi@thisprank.com

ThisPrank