Portra Privacy Policy

1. Scope

This Privacy Policy applies to Portra ("Portra", "the App", "we", "us", or "our"), an AI-powered mobile app that helps users create passport, visa, ID, and portrait-style photos. By using the App, you agree to the data practices described in this policy.

2. Information We Process

• Photos and face data: Photos you choose from your library or capture with your camera are processed to generate the requested result. These photos may include your face, facial features, hairstyle, and other visual details needed to create the requested portrait.
• AI generation settings: Selected country or document format, background preference, outfit preference, and generation prompts may be processed.
• Credit and transaction data: Credit balance, purchased product ID, transaction ID, and transaction time may be stored.
• App identity data: Portra uses a login-free user ID, device ID, bearer token hash, and recovery code hash to manage credits and account recovery.
• Purchase data: Purchase records required for App Store and RevenueCat purchase verification may be processed.
• Technical data: IP address, rate limit records, error logs, and security-related technical data may be processed to protect the service.
• Support communications: If you contact us for support, we may process your email address and message content.

3. How Photos and Face Data Are Processed

When you generate a photo, the selected image may be sent through our Cloudflare Worker infrastructure to Replicate, a third-party AI service that runs the OpenAI gpt-image-2 model for image generation. The image sent for processing may include face data such as the visible face, facial features, hairstyle, expression, and other visual characteristics in the photo.

Portra uses this face data only to generate the passport, visa, ID, or portrait-style photo requested by the user. Portra does not use face data for face recognition, biometric identification, identity verification, advertising, tracking, user profiling, or model training. The generated result is returned to the App. In-app history and saved images may be stored locally on your device.

Before a photo is sent for AI processing, the App explains that the selected photo may include face data and asks for the user's permission to send it to Portra's processing server and Replicate.

4. Why We Use Information

• To generate passport, visa, ID, and portrait-style photos.
• To process the selected photo, including any visible face data, only for the AI generation requested by the user.
• To manage credit balances and verify purchases.
• To let users recover credits with a recovery code after reinstalling the App or changing devices.
• To prevent fraud, abuse, excessive requests, and unauthorized access.
• To debug issues, maintain security, and improve service reliability.
• To respond to support requests.

5. Third-Party Services

Portra may use the following service providers:

• Apple App Store: App distribution and in-app purchase processing.
• RevenueCat: Purchase verification, product offerings, and purchase infrastructure.
• Cloudflare Workers and D1: API hosting, credit balance, tokens, recovery code hashes, and rate limiting.
• Replicate / OpenAI model: AI-powered image generation using the selected photo and prompt. The selected photo may include face data. Replicate runs the OpenAI gpt-image-2 model used to create the generated image.

These providers may process information according to their own privacy policies and terms. Portra uses these services only as needed to operate the App. We use service providers that are expected to protect personal data with appropriate safeguards and process it only for the requested service.

6. Device Permissions

• Camera: Used when you choose to take a photo inside the App.
• Photo Library: Used when you choose a photo from your library or save a generated image to your device.

You can change these permissions at any time in your device settings.

7. Data Retention

Credit balances, transaction records, token hashes, and recovery code hashes are stored as needed for account security, purchase verification, and credit management. Photo history may be stored locally on your device. Deleting the App may remove local data from your device. If you keep your recovery code, you may be able to reconnect your credits after a reinstall or device change.

Portra does not store original uploaded photos or face data in its Cloudflare D1 database. Photos and face data are transmitted for the time needed to complete the requested AI generation and return the result. Generated images saved in the App history are stored locally on your device until you delete them or remove the App. Third-party AI processing providers may temporarily process or retain submitted content according to their own service terms and privacy commitments.

8. Sharing and Advertising

Portra does not sell your personal information. The App does not use third-party advertising networks or advertising-based tracking. Information is shared only as needed to operate the App, verify purchases, protect the service, and provide support.

9. Security

Plain bearer tokens are not stored in the server database; token hashes are stored instead. Recovery codes are also stored as hashes. Sensitive identity data on the client side is stored using secure device storage where available. However, no internet service can be guaranteed to be completely secure.

10. Your Rights and Choices

You may contact us to request access, correction, or deletion of information associated with your use of Portra. Purchase and payment records may also be maintained by Apple and can be managed through your Apple account.

11. Children's Privacy

Portra is not intended for children under 13. If you believe that we have processed personal information from a child under 13, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide notice in the App or on this page.

13. Contact

For privacy questions, contact us at: fatihtanis88@gmail.com