Privacy Policy

Last updated: May 20, 2026

Privacy Policy

Last updated: May 20, 2026

This Privacy Policy describes how Felix Thron ("we", "us", or "our") collects, uses, and protects your information when you use the Relivio mobile application (the "App") and the relivio.io website.

Data controller (GDPR Art. 4(7)): Felix Thron, Kuglerstraße 22, 10439 Berlin, Germany. Contact: info@relivio.io.

1. Information We Collect

1.1 Anonymous Identity (No Account)

No account is required. Relivio is fully anonymous. The App uses Apple's AppTransaction API to obtain an appTransactionId - a stable, anonymous identifier Apple provides for your Apple Account / app pair. It persists across device switches and reinstalls but is not tied to any email, name, or other personal identifier. We do not collect names, email addresses, phone numbers, or other personal details.

When you buy credits, we derive an appAccountToken (a UUID generated from your appTransactionId) and attach it to the App Store transaction so purchases and refunds can be matched to your anonymous identity for credit delivery. It contains no personal data. Our backend keeps a minimal anonymous identity record (keyed by appTransactionId) to maintain your credit balance.

1.2 Photos You Submit for Processing

When you use our restoration, colorization, or animation features:

  • Your photo is uploaded over an encrypted connection to our servers (Google Cloud, EU region) and sent to our AI processing provider (Replicate)
  • The photo is automatically deleted from the AI provider within 1 hour and from our cloud storage within 7 days
  • The processed result is downloaded to your device and stored locally

We do not use your photos to train AI models, and we do not analyze their content beyond producing the result you requested.

1.3 iCloud Sync (Apple CloudKit)

If you are signed in to iCloud, Relivio uses Apple's CloudKit to sync your Relivio library - your original photos, restored and colorized results, and animated videos - across your own Apple devices. This content is stored in your private iCloud database, which belongs to your Apple Account and is governed by Apple's iCloud terms and privacy policy. We cannot read it; Apple processes it on your behalf.

These iCloud copies persist until you delete the item in the App or remove Relivio's iCloud data. They are not covered by the 7-day server deletion in Section 1.2, which applies only to our cloud-processing pipeline. This sync follows your device's iCloud setting; disabling iCloud (or signing out of iCloud) stops it.

1.4 Usage and Diagnostic Data

We collect anonymous usage and diagnostic data through Firebase and Google Analytics 4 (see Section 3):

  • Screen views and feature usage
  • App crashes, errors, and performance traces
  • Device type, operating system version, and app version
  • General location (country/region), derived from your IP address by Google; we do not store precise location

We do NOT collect: photo-content analysis or facial-recognition data, precise location, contacts, or other device data.

1.5 Face Data

The current version of Relivio does not perform facial recognition, face detection, or biometric analysis. The App does not use Apple's Vision framework for face detection, ARKit face tracking, or any on-device facial analysis. (The App does use Apple's Vision framework for rectangle detection - to help you auto-crop scanned photos - but never for face detection, face geometry, or biometric analysis.)

When you submit a photo for restoration or animation, the complete image is processed as a whole by our AI service provider. No face-specific data - such as facial geometry, face embeddings, face landmarks, or biometric identifiers - is ever extracted, isolated, stored, or analyzed separately from the photo. The AI models may detect visual features including faces as part of general image processing, but no face data is returned to us, stored, or used beyond the immediate processing of that single photo.

All photo data (which may incidentally contain faces) follows the same retention and deletion schedule described in Sections 1.2 and 6.

2. How We Use Your Information

We use collected information to:

  • Provide the photo restoration, colorization, and animation services
  • Sync your library across your own devices via iCloud, if you have iCloud enabled
  • Process in-app purchases and manage your credit balance
  • Send silent notifications to your device when processing completes or fails, or when a refund is issued, so the App can download results or update your balance (no marketing push)
  • Diagnose crashes and improve app performance and features

3. Third-Party Services and Recipients

3.1 Apple

  • AppTransaction / StoreKit 2 - anonymous identity and in-app purchases. Payment details are handled entirely by Apple; we never see them.
  • CloudKit / iCloud - private cross-device sync of your library (Section 1.3)
  • Apple Push Notification service (APNs) - silent notifications that wake the App to download finished results

3.2 Firebase and Google Analytics 4 (Google)

We use Firebase Analytics (which reports into Google Analytics 4) and Firebase Crashlytics for anonymous, aggregate usage statistics and crash diagnostics, in a privacy-hardened configuration:

  • No advertising identifier (IDFA); the AdSupport framework is not linked
  • No Firebase vendor identifier (IDFV) reporting
  • No App Tracking Transparency prompt and no cross-app or cross-site tracking
  • No user identifier is set
  • Ad personalization, ad user data, and ad storage are disabled at the SDK level
  • Your photos are never sent to Firebase or Google Analytics

This data is declared in our App Store privacy label as "Not Linked to You" and "Not Used to Track You". Google's data handling: firebase.google.com/support/privacy. Legal basis and your right to object: Sections 4 and 7.

3.3 Replicate

  • AI Processing - photo restoration, colorization, and animation
  • Your photos are processed and automatically deleted within 1 hour

Privacy Policy: replicate.com/privacy

3.4 Google Cloud Platform

  • Cloud Storage - temporary photo storage (EU region, Belgium)
  • Cloud Run - backend services (EU region)

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR (Cloud Data Processing Addendum).

4. Legal Bases (GDPR Art. 6)

  • Providing the App, photo processing, purchases, credit management, and iCloud sync: performance of a contract with you (Art. 6(1)(b)).
  • Analytics, crash reporting, and performance diagnostics: our legitimate interest in operating, securing, and improving the App (Art. 6(1)(f)), processed only in the hardened, non-identifying configuration described in Section 3.2. You may object at any time (Section 7, Art. 21) by contacting us or uninstalling the App. We are adding an in-app control to turn analytics off directly; until it ships, object by email or by uninstalling.
  • Website operation and security (server logs): our legitimate interest in a secure, functional website (Art. 6(1)(f); Section 10).

5. Data Storage and Security

  • Photos and backend data are stored in the European Union (Belgium)
  • Your synced library is stored in your private iCloud, controlled by your Apple Account
  • We use industry-standard encryption in transit (HTTPS/TLS) and rely on platform encryption at rest
  • We implement appropriate technical measures to protect your data

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

Data Type Retention Period
Photos in our cloud storage 7 days (auto-deleted)
Photos at the AI processing provider 1 hour (auto-deleted)
Your iCloud library copies Until you delete them in the App or remove iCloud data (controlled by you via your Apple Account)
Anonymous identity (appTransactionId / backend record) While the App is installed on your Apple Account
Analytics and crash data (Firebase / Google Analytics) Up to 14 months (Google default), then aggregated or deleted

7. Your Rights

EU / EEA (GDPR)

You have the right to Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), and Objection (Art. 21). Deleting the App removes your local data; to delete server-side data tied to your anonymous identity, contact info@relivio.io. Content synced to iCloud is managed by you through your Apple Account.

Right to object (Art. 21): you may object to analytics and crash processing carried out under our legitimate interest at any time - email info@relivio.io or uninstall the App, which stops further collection.

Right to lodge a complaint (Art. 77): the supervisory authority responsible for us is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany; mailbox@datenschutz-berlin.de; datenschutz-berlin.de.

United Kingdom (UK GDPR)

UK residents have the same rights as in the EEA section above. The competent supervisory authority for the UK is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK; ico.org.uk.

California (CCPA / CPRA)

We do not sell your personal information and do not share it for cross-context behavioral advertising. The Firebase and Google Analytics SDKs run with ad personalization, ad user data, and ad storage disabled, and no advertising identifier is collected. You have the right to know what we collect and to request its deletion (info@relivio.io).

8. Children's Privacy

Relivio is not directed to children. We do not knowingly collect personal data from children. In the EU, the digital age of consent is 16 in several Member States, including Germany (GDPR Art. 8); users below the applicable age in their country should obtain parental consent before using the App. If you believe a child has provided us with personal data, contact info@relivio.io and we will delete it.

9. International Data Transfers

Your photos and backend data are processed in the European Union. Analytics and crash data may be processed by Google in the United States. This transfer is covered by the EU-US Data Privacy Framework, under which Google LLC is certified (a European Commission adequacy decision under Art. 45 GDPR); the European Commission's Standard Contractual Clauses (Art. 46 GDPR) apply as a fallback safeguard.

10. Website (relivio.io)

Sections 1-9 describe the Relivio app. The relivio.io website hosts informational and marketing pages and serves its assets from our own domain. The site is hosted on Google Cloud Run, operated in the EEA by Google Cloud EMEA Limited (70 Sir John Rogerson's Quay, Dublin 2, Ireland), in the europe-west1 region (Belgium). To deliver each page and protect against abuse, the hosting infrastructure processes standard server-log data: your IP address, the date and time of the request, the requested URL, the HTTP status code, the referrer URL, and your browser's user-agent string. The legal basis is our legitimate interest in operating a secure, functional website (Art. 6(1)(f) GDPR). These logs are retained for up to 30 days and are not used to identify you. You may object on grounds relating to your particular situation (Art. 21 GDPR; see Section 7). Where log data is accessed from outside the EEA, the transfer is safeguarded by Google's EU-US Data Privacy Framework certification and, as a fallback, the European Commission's Standard Contractual Clauses.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy in the App and updating the "Last updated" date above. We encourage you to review it periodically.

12. Contact Us

For any questions about this Privacy Policy, or to exercise your rights, contact us:

Felix Thron Kuglerstraße 22 10439 Berlin Germany Email: info@relivio.io