Privacy Policy

1. Introduction

Welcome to [Cotor]! This Privacy Policy explains how [Cotor] ("we," "us," or "our") collects, uses, shares, and protects information when you use our products or services ("Service"). This policy applies to all visitors, users, and others ("Users," "you," or "your") who use our mobile application ("App"), visit our website, or interact and communicate with us through our online or social media channels.

Our Service is provided and controlled by ourself, and we are the data controller. To ensure the highest standards of privacy and data security, we have appointed a dedicated Data Protection Officer (DPO). Our DPO is responsible for overseeing our data protection strategy and ensuring that all personal data collected from you is handled in accordance with applicable privacy laws and regulations. Our DPO is also responsible for ensuring that you can exercise your data protection rights, such as accessing your data, requesting corrections, or asking for deletion of your personal data. Our DPO can be reached at [chuhai202602@163.com].

By clicking “I Agree” or using our Service, you consent to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

We collect various types of information to provide and improve our Service to you.

A. Information You Provide to Us:

• Account Information: When you create a [Cotor] account, we collect your avatar, email address, username, age and password.
• Communications: If you contact us directly (e.g., for customer support), we will receive your name, email address, the contents of your message, and any other information you choose to provide.
• User Input: When you use our Service, we may collect your text input, prompt, uploaded files, feedback, chat history, or other content that you provide to us. We generate responses (“Outputs”) based on your Inputs.

B. Information We Collect Automatically:

• Device and Technical Information: We collect your IP address and information about your mobile device (hardware model, operating system, unique device identifiers and system language). The information we collect may vary based on your device type and settings.
• Service Log Information: When you use our Service, we automatically collect and store certain information in server logs. This includes details of how you used our service, your IP address, and device event information such as crashes and system activity.
• Usage Data: We collect information about your activity on our Service, such as the types of content that you view or engage with, feature usage, session times, and interactions within the app.
• Transaction Information: If you choose to purchase (a product or prepaid service) or subscription (such as advanced membership), we will receive your transaction information such as orders and transaction status. We do not have access to your sensitive payment details, such as your credit card number or banking information.
• Cookies and Similar technologies: We use cookies and similar technologies (e.g., web beacons, pixels) to collect and use your information. Cookies are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your settings and preferences, enable functionality, help us understand and analyze user activities, and facilitate online advertising. You can manage or disable cookies through your browser or device settings.

C. Information We Collect with Your Permission:

• Camera Access: We request camera access to enable you to use features such as taking photos and recording videos within the App. This may include collecting your personal photos and videos that you choose to capture.
• Photo and Media Library Access: We request photo and media library access so you can upload existing personal photos and videos from your library to the App or save content from the App to your device. For instance, this allows you to select a new profile picture, share images and edit media.
• Clipboard Access: To improve your experience, we may request access to your clipboard. This allows you to easily paste content, such as shared links or referral codes, directly into the App. We will only read from the clipboard when you perform a "paste" action within our App.
• Location Access: For features that require exact/approximate positioning, such as search results for things near you, and ads based on your location, we will ask for permission to access your precise/approximate location information.
• Microphone Access: We request Microphone access when you use the features like recording. We will collect your voice or audio information only when you start recording.
• File Read/Write Access: We request file read/write access when you import/export files for editing and rendering. We only access files you explicitly select for import or export and do not browse your gallery without your action.

D. Information from Third-Party Services:

• Third-Party Login: You can choose to log in to our Service using third-party accounts, such as Google or Facebook. If you authorize this, we will receive access to certain profile information from that third party, such as your name, email address, friend list, and profile picture. The information we receive depends on your privacy settings with the third-party service.
• Third-Party Payment: If you subscribe to our paid services, we use third-party payment processors like Google Pay. Your payment is processed by Google Pay directly. We do not collect or store your full payment card details, but we may receive transaction confirmations from Google Pay.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, Operate, and Maintain Our Service, including to:
  • process transactions and manage subscriptions for our paid services;
  • provide the essential features of our application;
  • ensure that our services are working as intended;
  • provide personalized content, services, and recommendations;
  • facilitate and deliver AI-powered features, such as generating content and providing interactive responses. When you interact with the AI features of our Service, we collect the text, prompts, images, or files you input ("Inputs"). We may share your Inputs and certain technical identifiers with the third-party AI service providers. These Inputs are necessary for the third-party AI service providers to generate responses ("Outputs"). Please note that we do not use your personal data to train our own models without your consent. However, your interactions may be processed by third-party providers to deliver the Service.
• Manage Your Account: We use your data to create, secure, and manage your user account, allowing you to log in securely to access to different functionalities of the Service that are available to you.
• Improve and Optimize Our Service, including to:
  • understand how our services are used and which service can be improved;
  • help us develop new products or features;
  • train and improve our AI technology, such as our machine learning models and algorithms.
• Market and Advertise (with your consent), including to:
  • send you promotional emails or push notifications about new features, special offers, and events;
  • display contextual ads which are shown based on the content you are currently viewing, not your personal profile;
  • show you personalized ads based on your interests and activity across our Service: We show you personalized ads depending on your settings; We don’t show you personalized ads based on sensitive information, such as race, religion, sexual orientation or health;
  • monitor the performance of the advertising campaigns: we use data about the ads that you interact with to help us and our advertising partners understand the performance of our ad campaigns.
• Ensure the Safety and Reliability of Our Service: For example, we prevent and detect abuse, fraud, and illegal activity which could harm us, our users or the public by conducting troubleshooting, data analysis, testing, and research.
• To communicate with you, including for customer support and to send you service-related notices.
• To comply with legal obligations, including to:
  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our compliance with legal and contractual requirements and internal policies.

We’ll ask for your consent before using your information for a purpose that isn’t covered in this Privacy Policy.

4. Legal Basis for Processing (For Users in the EEA, UK, and Brazil)

If you are a user in the European Economic Area (EEA), United Kingdom (UK), or Brazil, we process your personal information based on the following legal grounds under applicable laws(e.g., GDPR and LGPD):

• Consent: We process certain information based on your explicit consent, such as:
  • access to camera, microphone, photo/media library, file, clipboard, location, SD card storage;
  • sending targeted marketing communications and promotional offers;
  • showing personalized ads.
• Performance of a Contract: We process your personal information to fulfill our contract with you, such as:
  • creating and managing your account;
  • providing app functionalities and services you request;
  • processing subscriptions and purchases.
• Legitimate Interests: We process information for our legitimate interests, such as:
  • service improvement, troubleshooting, and analytics;
  • fraud detection and service security;
  • measuring ad campaign performance.
• Legal Obligation: We process your information to comply with our legal obligations, such as:
  • responding to lawful authority requests;
  • meeting financial and audit requirements.
• Protection of Vital Interests: We process your information in emergency or safety-related situations.
• Exercise of Rights in Legal Proceedings: We process your information to defend our rights in legal disputes.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object to such processing.

5. Sharing and Disclosure of Information

1、We are committed to protecting your privacy. We do not sell, rent or lease your personal information to third parties. We do not transfer your personal information to any company, organization, or individual, except in the following cases:

• With Your Separate Consent: We may share your information with third parties when we have obtained your separate and explicit consent to do so.
• Service Providers: We share information with third-party vendors that perform services on our behalf and we may integrate third-party software development kits (“SDKs”) and third-party application programming interfaces (APIs) for purposes such as analytics, crash reporting, authentication, cloud storage, emails delivering, payment process, AI funtioning, customer support and advertising. Our third-party service providers are as follows:
  SDK list
  We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.
• Business Transfers: We will not transfer your personal information to any third party, except in the case of a merger, acquisition, asset sale, or judicial liquidation where your information may be transferred as part of the transaction. We will ensure the confidentiality of such information during the transfer process and require the new holder to continue to be bound by this Privacy Policy.
• Legal Compliance and Safety: We may disclose your information if required to do so by law or to protect the safety of any person or our rights or property.
• Professional Advisors, such as lawyers and accountants, where doing so is necessary to facilitate the services they render to us.
• Affiliates: We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with us. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy.
• Your Sharing: Through the Services, you may be able to make your personal information available to others if you choose to do so, including:
  • other users and the public, when you share or post content, or chose to engage in public transactions through our Service;
  • social media platforms, when you choose to share content on social media.

2、AI Service Disclosure:

When you use AI-powered features in our app, your uploaded content (including images which may contain facial data) may be transmitted to third-party AI service providers for processing.

• Google Gemini – used for AI analysis and content generation

What data is shared:

• Images uploaded by users (which may include facial data)
• Text prompts or inputs necessary for AI processing

Purpose:

• To provide AI-powered features and generate results requested by users

We only share the minimum data required. These third-party providers are required to protect your data and are not permitted to use it for any other purpose.

6. Cross-Border Data Transfers

Our primary server is located in [California, United States]. To keep our service safe and reliable, we may also back up or process data in other locations where our cloud providers operate. Please note that the Personal Information we collect from you may be stored on a server located outside of the country where you live and such jurisdiction may not provide the same protections as the data protection laws in your home country. By using our Service, you agree to transfer your information to countries where we and/or our service providers operate. Where required, relevant safeguards are in place to afford appropriate protection for your personal information and we will comply with applicable data protection laws. If you are a user in the EEA, UK, Brazil, please be aware that we rely on Standard Contractual Clauses (SCCs) for transfers of data from these regions. For more information about how we transfer personal information internationally, please contact us at [chuhai202602@163.com].

7. Data Security

• We store your personal information on a secure server, with the latest firewall protection, saved in secure facilities. In addition, we implement administrative, technical and physical safeguards in line with commercially applicable and industry standards to protect the confidentiality and security of your personal information and to prevent unauthorized access.
• We have implemented appropriate, reasonable measures designed to protect the security of any personal information that we process, including:
  • In certain services(for example, services involving the collection of your personal photos and other sensitive information), we will use encryption technology (SSL) to protect your information, and isolate it using isolation technology;
  • We will employ multiple data anonymization techniques to enhance the security of information during use;
  • We will implement strict data access permission controls and multi-factor authentication technologies to protect information and prevent unauthorized use;
  • We will establish data classification and grading systems, data security management standards, and data security development standards to regulate the storage and use of information;
  • We will enforce comprehensive security controls through confidentiality agreements with information handlers and mechanisms about monitoring & audit;
  • We will organize security and privacy protection training programs to enhance employees' awareness of the importance of protecting personal information.
• However, despite our security measures and efforts to protect your information, any electronic transmission or information storage technology through the Internet cannot guarantee 100% security. We cannot promise or guarantee that no hackers, cyber criminals or other unauthorized third party destroy our security measures, nor can we promise that no third party improperly collect, access, steal or modify your information. Although we will do our best to protect your personal information, the risk of transferring your personal information to or from our services is at your own expense. You should access the service only in a secure environment. If you have any reason to believe that your interaction with us is no longer safe, please notify us by email immediately.

8. Data Retention

In short: We will retain your information if necessary to achieve the purpose outlined in this Privacy Policy, unless otherwise required by law.

• We will retain your personal information only for the time required for the purposes specified in this Privacy Policy, unless legally required or permitted for longer retention periods (e.g., tax, accounting or other legal requirements).
• Anonymous, aggregated, and other data uncertain of your personal identity, such as your activity data, may be retained indefinitely and shared in any way with third parties.
• When we have no ongoing legal business to process your personal information, we will delete or anonymize such information, or if this is impossible (for example, because your personal information is stored in a backup file), we will securely store your personal information and isolate it from any further processing until it can be deleted.

Facial Data Retention Notice:

• We do not permanently store facial data.
• Images containing facial data are processed temporarily.
• All such data is deleted immediately after processing is completed.

9. How We Handle Facial Data

Special Notice

• When you use the AI image generation feature, we will analyze the photos you upload and extract key facial feature points (such as those of the eyes, nose, mouth, etc.) to perform face-processing operations. Please note that we do not use facial data for identity recognition. Upon completion of the analysis process, all relevant data will be permanently deleted. If you refuse to provide such information, you may be unable to use the core features of this app, but this will not affect your access to other functions and services.

Purpose and Process of Facial Data Usage

To provide image or video template generation functionality and related effects, we need to detect key facial feature points, including the eyes, nose, and mouth. The complete process is as follows:

• The photo you select will be securely transmitted in an encrypted format.
• The image may be processed by our servers and third-party AI service providers (including Google Gemini) to generate results based on your selected template.
• After rendering is completed, the final generated content (i.e., your "creation") will be returned to the application.
• The generated content will be temporarily stored in encrypted storage and permanently deleted once the rendering process is finished. Meanwhile, the original photo you uploaded will be immediately deleted after processing.

Sharing and Storage of Facial Data

• Facial data may be transmitted to third-party AI service providers (including Google Gemini) solely for the purpose of processing and generating results requested by the user.
• We do not sell, share, or use facial data for advertising, marketing, or identity recognition purposes.
• We do not retain facial data. All uploaded images are deleted immediately after processing is completed.

User Consent

• We obtain user consent before processing any images that may contain facial data.
• If you do not agree, the feature will not be available.

Third-Party Processing Disclosure:

To provide AI functionality, facial data may be securely transmitted to third-party AI services including Google Gemini for processing.

10. Your Privacy Rights

We believe in giving you control over your information. For users from certain jurisdictions (e.g., EU/EEA, UK, California), additional rights or requirements may apply in accordance with local privacy laws. This section outlines your rights and the choices you have regarding your personal information. You can exercise these rights yourself through the app and your device, or by contacting us directly. Note that some of these rights may not be absolute. For example, if this means that we will no longer be able to fulfill our contractual obligations to you, or if this will prevent us from fulfilling our legal obligations, we may reject the request.

A. Rights You Can Exercise Yourself

You can access and manage much of your information directly through your account and device settings:

• Access and Update Your Account Information: You can review and change your account information, such as your avatar, username, and password, at any time through your account settings.
• Manage Device Permissions: You have control over the data you share with us through your device's permissions system. You can enable or disable our access to your Camera, Photo and Media Library, Clipboard, Location, Microphone, Contacts, Files, Audio Files, Bluetooth, and External/SD Card Storage at any time through your mobile device's settings menu. Please note that disabling certain permissions may affect the functionality of some features within the app.
• Delete Your Account: You can permanently delete your account and associated personal information via the “Delete Account” option in account settings.
• Manage Cookies: You can manage or disable cookies and similar tracking technologies through your web browser or device settings.
• Opt-Out of personalized Advertising: You can control whether you see personalized ads. Navigate to the advertising settings within the app to manage your preferences. You will still see ads, but they will be contextual (based on what you're currently viewing) rather than based on your personal interests and activity.
• Opt-out of Marketing Notifications: You can disable promotional emails or push notifications in the app settings or through unsubscribe links.
• Manage Third-Party Logins: You can manage the information we receive from third-party services like Google or Facebook by reviewing and adjusting your privacy settings on those platforms. You can also disconnect your third-party account from our Service through your account settings.

B. Rights You Can Exercise by Contacting Us

To exercise the rights below, or if you have any questions about them or you have special request, please contact us via email at [DPO or contact email address]. For your protection, we may need to verify your identity before fulfilling your request.

• Right to Access and Data Portability: You have the right to request a copy of the personal information we hold about you. You may also have the right to receive this information in a structured, commonly used, and machine-readable format to transmit to another service.
• Right to Deletion: You can request the deletion of your account and personal information. Upon receiving and verifying your request, we will delete your data, subject to certain exceptions. For instance, we may be required to retain some information to comply with legal obligations, resolve disputes, or for security and fraud prevention purposes.
• Right to Correct Inaccurate Information: If you believe that any personal information we hold about you is incorrect or incomplete, you have the right to request that we correct it.
• Right to Review AI-Generated Content: You have the right to know when you are interacting with an AI and to request human review of automated decisions that significantly affect your legal rights.

C. Region-Specific Rights

Depending on where you reside, you may have additional rights under local law. To exercise the rights below, or if you have any questions about them or you have special request, please contact us via email at [chuhai202602@163.com].

• For Residents of California and Virginia of the USA (under CCPA/CPRA and VCDPA)
  In addition to the rights above, residents of California and Virginia have the following rights:
  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collecting it, and the categories of third parties with whom we have shared it.
  • Right to Opt-Out of "Sale" or "Sharing": You have the right to direct us not to “sell” or “share” your personal information as defined by California law.
  • Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit the use and disclosure of your sensitive personal information. As stated in our policy, we do not use sensitive information like race or religion for personalized advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying you services, charging you different prices, or providing you a different level or quality of service.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.
  • Right to Object (under VCDPA): You have the right to object to our processing of your personal information when it is based on our legitimate interests.
  • Right to Review Automated Decision-Making(under VCDPA): You have the right to request information about automated decisions and profiling that significantly affect you, and ask for human review.
• For Residents of the European Economic Area (EEA), United Kingdom, and Switzerland (under GDPR/GDPR(UK)/FADP)
  If you are a resident of the EEA, UK, or Switzerland, you have the following data protection rights:
  • Right to Object: You have the right to object to our processing of your personal information when it is based on our legitimate interests. You also have an absolute right to object to your data being processed for direct marketing purposes.
  • Right to Restrict Processing: You can ask us to suspend the processing of your personal information in certain circumstances.
  • Right to Withdraw Consent: Where we have collected and processed your information with your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
  • Right to Object Automated Decision-Making: You have the right to object automated decisions and profiling that significantly affect you, or ask for human review for such decisions.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.
• For Residents of Brazil (under LGPD)
  If you are a resident of Brazil, you have the following rights under the Lei Geral de Proteção de Dados (LGPD):
  • Confirmation of Processing: You have the right to confirm the existence of processing of your data.
  • Anonymization, Blocking, or Deletion: You have the right to request the anonymization, blocking, or deletion of unnecessary or excessive data or data processed in noncompliance with the LGPD.
  • Information on Data Sharing: You have the right to request information about the public and private entities with which we have shared your data.
  • Information on Consent: You have the right to be informed about the possibility of denying consent and the consequences of such denial.
  • Revocation of Consent: You have the right to revoke your consent at any time.
  • Review Automated Decision-Making: You have the right to request information about automated decisions and profiling that significantly affect you, and ask for human review.
  • Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.

11. Social Media and Third Party Services

We may offer a blog with ‘comments’ section and various social media features, such as a ‘share’ button or links to third party websites and services, including Twitter, LinkedIn, Google and Facebook. When using any such features, certain information may be collected by such third parties, and such third parties may set a cookie to enable the feature to function properly. Any data collected by such third parties is governed by such third party’s privacy policy. You are encouraged to carefully review such third party privacy policies before using such features.

12. Children's Privacy

Our Service is not directed to children, and we do not knowingly process personal information from them. If we learn that we have collected personal information online from a child or an adolescent under age threshold of parent consent required by local laws(normally, the age threshold is 13, but it may vary in certain countries or regions), we will promptly delete that information. If you believe that we processed Personal Information about or collected from a child without parent consent, please contact us by sending email to [chuhai202602@163.com].

Children or adolescents("Minors") below the age threshold requiring parental consent under local laws (typically 13 years old, though this may vary by country or region) are not permitted to use our Service without verifiable parental consent. For users identified as minors, we automatically disable data collection for personalized advertising and may further restrict data processing in compliance with local regulations (e.g., limiting profiling or disabling certain ad features).

Minors may request privacy notices in clear, age-appropriate language. Both the child and their parent/guardian can access, modify, or delete the child’s personal information at any time. Parents/guardians also retain the right to withdraw previously granted consent for their child’s data. To exercise these rights, contact us at: [chuhai202602@163.com].

13. Changes to This Privacy Policy

Our Privacy Policy may be amended or updated.

• Without your explicit consent, we will not reduce the rights you are entitled to under this Privacy Policy. We will post any changes to this Privacy Policy on this page.
• If this Privacy Policy is updated or undergoes significant changes, we will notify you via app push notifications or pop-up prompts to explain the specific changes to this Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• For general inquiries: [chuhai202602@163.com]
• For privacy-specific requests and to contact our Data Protection Officer (DPO): [chuhai202602@163.com]