Privacy Policy
1. Who We Are (Data Controller)
Developer / Data Controller: Rasim Eren Karakaş
Application: StarSport AI
Contact: destek@starsport.ai
If you have any questions about how we handle your data, please contact us at the email address above.
2. Data We Collect
| Category | Data Points | Source | Required? |
|---|---|---|---|
| Account Data | Anonymous user ID, session token, subscription status, credit balance | Generated automatically on first launch | Yes |
| User-Uploaded Images | Selfie / portrait photos submitted for AI generation | Provided by you voluntarily | Yes (for AI features) |
| Generated Content | AI-generated images and videos produced for your account | Created by our AI system | Yes (for history) |
| Profile Data | Avatar image, display stats, sport preference | Provided by you optionally | No |
| Usage Data | In-app actions, template views, generation requests, timestamps | Automatically logged by our backend | Yes |
| Device & Technical Data | Operating system, app version, device locale | Automatically collected | Yes |
| Payment Data | Subscription tier, purchase date, renewal status | Apple App Store / Google Play (we do not see card details) | For premium users |
We do not collect your name, email address, phone number, or government-issued ID unless you voluntarily provide them.
3. How We Use Your Data
We use collected data for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the App's core functionality (AI generation, template delivery) | Contract performance |
| Managing your account, credits, and subscription | Contract performance |
| Processing and storing AI-generated media in your gallery | Contract performance |
| Improving AI model quality and app performance | Legitimate interests |
| Detecting and preventing fraud, abuse, or Terms violations | Legitimate interests / Legal obligation |
| Complying with legal obligations (e.g., retention laws) | Legal obligation |
| Sending transactional in-app notifications (optional push) | Consent |
We do not sell your personal data. We do not use your data for advertising profiling or share it with ad networks.
4. Face Data Policy
To provide our AI generation features, we collect and process facial data from images you upload. We treat this data with extreme care and transparency:
- What we collect: We collect the photos you voluntarily upload to the App to create AI-generated avatars or videos.
- Purpose: This data is used solely to perform the AI face-swap or generation process requested by you.
- Sharing: We transmit your photo to our processing partners, fal.ai and piapi.ai, via encrypted connection. They act as sub-processors and are prohibited from using your data for any other purpose.
- Retention: Your uploaded photo is deleted from our servers and fal.ai's systems immediately after the generation is complete (typically within 1-2 minutes). We do not store your original face data long-term.
- No Training: We do not use your face data to train AI models or for facial recognition/identification.
5. Photo and Biometric Data
Critical Notice: When you upload a selfie for AI generation, the image is transmitted to our AI processing partners (fal.ai and piapi.ai) solely to complete the generation job. User-uploaded images are not retained on our servers or third-party systems after the generation is complete. We do not build biometric profiles, facial recognition databases, or use your images for model training without explicit, separate consent.
Generated output images are stored in your account's gallery until you delete them or delete your account.
6. Data Sharing and Third Parties
We work with the following categories of third-party service providers. All providers are bound by data processing agreements:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (US) | Database, authentication, row-level security | Account data, usage logs, generated media metadata |
| fal.ai (US) | AI image/video inference | User-uploaded image (temporary, per-request) |
| Cloudflare R2 (US/EU) | Cloud object storage for generated media | Generated image and video files |
| Apple / Google | In-app purchase processing and receipt verification | Purchase identifiers only (no payment card data) |
We may disclose your data to law enforcement or regulatory bodies if required by applicable law, court order, or to protect our legal rights.
7. Data Retention
- User-uploaded images: Deleted immediately after generation is complete (within minutes).
- Generated content (gallery): Retained until you delete it or delete your account.
- Account data (anonymous session): Retained for the lifetime of your account.
- Usage logs: Retained for up to 12 months for security and performance purposes.
- Payment records: Retained for up to 7 years as required by applicable financial and tax regulations.
After account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.
8. Children's Privacy
StarSport AI is not directed at children under the age of 13 (or 16 in the European Union / under applicable jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data without verifiable parental consent, we will promptly delete that data. If you believe a child has used our App, please contact us at destek@starsport.ai.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any right, contact us at destek@starsport.ai. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.
In-App Deletion: You can delete your account and all associated data directly within the App via Settings → Delete Account.
10. Security
We implement industry-standard technical and organizational measures to protect your data, including:
- TLS encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Row-Level Security (RLS) policies ensuring each user can only access their own data
- Secure, sandboxed session token storage on device
- Regular access audits and principle of least privilege for internal systems
No security system is impenetrable. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
11. International Data Transfers
Our third-party service providers (Supabase, fal.ai, Cloudflare) are primarily based in the United States. Data transfers to the US are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) where required by GDPR. By using the App, you acknowledge that your data may be processed in countries outside your jurisdiction.
12. Cookies and Tracking
The StarSport AI mobile application does not use tracking cookies. We do not embed third-party advertising SDKs, social media trackers, or analytics SDKs that collect cross-app behavioral data. Session management is handled via secure, anonymous tokens stored locally on your device.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Effective Date" at the top of this page and, where appropriate, via in-app notification. We encourage you to review this Policy periodically.
Continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.
14. Contact Us
Developer: Rasim Eren Karakaş
App: StarSport AI
Privacy Inquiries: destek@starsport.ai
Response Time: Within 30 days
Effective Date: March 17, 2026