Privacy Policy

This Privacy Policy explains how Getwellin collects, uses, shares, and protects your information when you use the Getwellin iOS app and the Getwellin website at getwellin.com (together, the "Service"). Getwellin turns your face into AI-generated portraits: you complete a guided multi-angle face scan and choose photos to upload, the app builds a personal model that represents your likeness, and it generates images that look like you placed in scenes and outfits you select. Because the core of the Service relies on your face, this policy gives special attention to how we handle your facial data.

Please read this policy carefully. By creating an account and, where required, by giving the separate consent described in the "Your face scan and biometric data" section, you confirm that you understand how your information is handled. If you do not agree, please do not use the Service. This policy works alongside our Terms of Service.

1. Who we are

The data controller responsible for your information is [TO BE COMPLETED: Company legal entity, registered address] ("Getwellin", "we", "us", or "our"). You can reach us about anything in this policy at [email protected], or for general help at [email protected].

This Service is governed by, and this policy is interpreted under, [TO BE COMPLETED: Governing law / jurisdiction], without prejudice to any mandatory data-protection rights you have under the laws of your own country or state.

2. A quick summary

• We collect only what we need to run the Service: your name and email, your face scan and uploaded photos, the images you create, your purchases, and basic usage and diagnostics data.
• Your face scan is sensitive biometric-style data. We use it only to build your personal model and to check that each generated image looks like you. We never sell it, never share it with advertisers, and never profit from it.
• To generate images, we send your reference imagery to Google's Gemini AI service, which acts as our processor for that step.
• We do not track you across other companies' apps or websites, and we do not show third-party advertising.
• You can delete your creations, withdraw consent, and delete your entire account, including your facial model, from within the app.

3. The information we collect and why

The categories below map directly to what the app actually processes. All of it is linked to your account identity, and none of it is used to track you across other companies' products.

• Name and email address. Collected when you sign in with Apple, Google, or email. Used to create and secure your account, to recognize you across sessions, and to contact you about your account and important Service notices.
• Face scan and biometric-style facial data (sensitive). The multi-angle scan and the facial data derived from it. Used solely to build your personal model and to score each generated result against your capture so the output looks like you. This is special-category / sensitive data and is covered in detail in Section 4.
• Photos and videos you upload. Reference photos you choose to add. Used as inputs to build your model and to generate your portraits.
• Other user content. The images the app generates for you and any creations you choose to post publicly on the discovery wall. Used to provide your library and to power the public discovery and remix features you opt into.
• User ID and Device ID. Identifiers that link your activity to your account and device. Used to operate the Service, secure your account, deliver your content to the right device, and prevent abuse.
• Purchase history. Confirmation of coin purchases and subscription status. Used to grant coins, manage your plan, and provide support. We never receive or store your payment-card details.
• Product interaction. In-app activity such as the looks you save, view, and remix. Used to personalize your discovery feed.
• Crash data and performance data. Diagnostic information about errors and app performance. Used to keep the app stable and to fix problems.

We also use the device's standard local storage (UserDefaults) to save app settings and state on your device, which is a routine, required-reason use of that system and is not used to track you.

We have configured the app so that none of this data is used for tracking as defined by Apple's App Tracking Transparency framework. We do not link it to data from other companies for advertising or measurement, and we do not share it with data brokers.

4. Your face scan and biometric data

This section is the heart of this policy. It also serves as our publicly available written policy establishing the retention schedule and destruction guidelines for biometric data, as required by applicable biometric privacy laws. Your face scan and the facial data derived from it (including the facial geometry and model used to recognize and recreate your likeness) are sensitive personal information and, where the law uses the term, biometric identifiers and biometric information and special-category data. We treat them with a higher standard of care than any other data we hold.

Written notice before collection. Before we ever capture or store your facial data, we inform you in writing, on a separate consent screen: (a) that biometric data is being collected and stored; (b) the specific purpose for which it is collected, stored, and used, described below; and (c) the length of the term for which it will be collected, stored, and used, set out in the retention and destruction schedule below.

Your explicit, written consent. The consent screen is a separate, standalone screen that is not bundled into general account terms. By affirmatively agreeing on that screen (which, under applicable law, constitutes a written release and your explicit consent), you authorize us to collect, store, and process your face scan and the facial data derived from it for the specific purpose and term described here. We maintain a record of your consent. If you do not give this consent, the face-based features of the Service will not operate, and we will not collect your facial data.

The specific purpose.We collect and process your facial data for one purpose only: to build the personal model that represents your likeness, to generate the portraits you request, and to run the face-similarity "identity gate" that scores each generated image against your capture so the result looks like you. We do not use your facial data for any other purpose, and we do not repurpose it for new uses without first obtaining your fresh consent.

The identity gate is a quality check, not a decision about you. The identity gate compares each generated image to your capture and may cause an image to be regenerated so it looks more like you. It does not evaluate you, grant or deny you access to anything, or produce any legal or similarly significant effect, so it is not the kind of solely automated decision-making that would attract additional rights under data-protection law.

We never sell or profit from your biometric data. We do not sell, lease, trade, or otherwise profit from your face scan, your facial data, or any biometric identifiers or biometric information derived from it. We do not use it for marketing, advertising, or use-based data mining, by us or by any third party.

Limited disclosure.We do not disclose or redisclose your facial data except: (a) to the processors strictly necessary to provide the Service, namely Google's Gemini AI service for image generation and our own self-hosted face-scorer service for the identity gate, each bound to use it only on our instructions and to protect it; (b) where you direct or consent to it; (c) where it completes a transaction you requested; or (d) where required by law, subpoena, or valid warrant. We bind every processor that touches facial data to confidentiality and security obligations at least as protective as those in this policy.

Retention and destruction schedule. We keep your facial data only as long as needed for the purpose above, and we do not extend retention in order to maximize collection. We permanently destroy your face scan and the facial model derived from it when the purpose for collecting it has been satisfied, when you withdraw consent or delete your account, or within three (3) years of your last interaction with the Service, whichever occurs first. When facial data is destroyed, the underlying scan frames and personal model are removed from our storage.

Security for biometric data. We store, transmit, and protect your facial data using the reasonable standard of care for our industry, and in a manner that is the same as, or more protective than, the way we store and protect other confidential and sensitive information we hold.

How to delete it or withdraw consent. You can withdraw your consent and delete your facial data at any time by deleting your account in the app. Deleting your account destroys your facial model and the scan frames and removes your personal data under the schedule above; withdrawing biometric consent triggers the same destruction of your facial data. As described in Section 11, certain creations you have made and a small, non-identifying preview blob may persist after deletion; these are not your facial model and are not used to identify you. Withdrawing consent is as easy as giving it, and it does not affect the lawfulness of processing carried out before you withdrew. See Section 11 for full retention details and Section 14 for how to exercise your rights.

5. Legal bases for processing (EU/UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data only where we have a legal basis under the General Data Protection Regulation (GDPR) and UK GDPR:

• Explicit consent (Article 9(2)(a)). For your face scan and biometric data, which are special-category data, we rely on your separate, explicit, freely given, specific, informed, and unambiguous consent, obtained on the standalone consent screen described in Section 4.
• Consent (Article 6(1)(a)). The lawful basis under Article 6 that pairs with the biometric processing above, and for optional features such as posting to the public discovery wall.
• Performance of a contract (Article 6(1)(b)). To create and maintain your account, generate the portraits you request, deliver your content, and process your purchases.
• Legitimate interests (Article 6(1)(f)). To keep the Service secure, prevent abuse and fraud, moderate content, and improve stability and performance, balanced against your rights.
• Legal obligation (Article 6(1)(c)). Where we must retain or disclose data to comply with the law.

You can withdraw consent at any time, and as easily as you gave it, without affecting processing already carried out. Withdrawing consent for biometric processing means the face-based features will stop working.

6. How AI image generation works

To create your portraits, the app sends the input and reference imagery (including your face scan inputs and uploaded photos) to Google's Gemini AI service (model gemini-3-pro-image), a third-party AI processor that generates the output images on our behalf. Google processes this imagery to produce the results and acts as our processor for that step, under its applicable terms and data-processing commitments. We send the minimum imagery needed to perform generation, and we do not authorize the use of your imagery to train third-party models for unrelated purposes.

After generation, our own self-hosted face-scorer service compares the result to your capture (the identity gate). Images you create are AI-generated; where you post them publicly, they are clearly part of an AI-portrait service, and we may label or treat shared content as AI-generated in line with applicable transparency requirements.

7. Sub-processors and third parties

We run our backend on our own self-hosted infrastructure (managed with Dokploy), which includes our application servers, a PostgreSQL database, a Redis cache, MinIO S3-compatible object storage for your scan frames, generations, and avatars, and our face-scorer service. We use a small set of third parties to provide specific functions, each acting as our processor and bound to protect your data:

• Apple. Sign in with Apple, and In-App Purchase billing and refunds.
• Google. Google Sign-In, and the Gemini AI service that performs image generation (receives your reference imagery).
• RevenueCat. Management of subscription and purchase state. RevenueCat does not receive your payment-card details.
• Resend. Sending transactional and account emails, when email delivery is enabled.
• Our own self-hosted infrastructure. The servers, database, cache, object storage, and face-scorer described above, which we operate ourselves.

These sub-processors are the only categories of third parties to whom we disclose personal data, and we disclose it solely so they can perform these business-purpose functions on our behalf. We do not disclose your personal data to any third party for monetary or other valuable consideration.

8. Your content and the public discovery wall

The photos you upload and the images you generate are stored on our servers so the app can show them to you across sessions. Your creations are private by default. If you choose to make a creation public, it appears on the in-app Pinterest-style discovery wall, where other users can view it and "remix" the look onto their own avatar. You control which creations are public, and you can make a creation private or delete it at any time.

We provide tools to keep the discovery wall safe, including in-app reporting, user blocking, and content moderation that combines automated safety checks (including Google's Gemini safety review) with human review. We may remove content, and may suspend or ban accounts, that violate our Terms of Service. A suspended account sees a notice explaining its status.

9. Purchases

Coins and auto-renewing subscriptions (such as Getwellin Plus and Studio) are sold through Apple's In-App Purchase system. Apple handles billing, payment, and refunds, and Apple is the merchant of record. Subscription and purchase state is managed through RevenueCat. We receive confirmation of your purchases and your subscription status so we can grant coins and manage your plan. We never see or store your payment-card details. To cancel a subscription, use Manage Subscriptions in your Apple ID settings; refund requests are handled by Apple.

10. International data transfers

We and our processors may process your data in countries other than your own, including processing by Google's Gemini service and storage on our self-hosted infrastructure. Where we transfer personal data out of the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and the EU-U.S. Data Privacy Framework where a recipient is certified. You may request a copy of the relevant safeguards by emailing [email protected].

11. How long we keep your data

• Face scan and facial model. Destroyed when the purpose is satisfied, on consent withdrawal or account deletion, or within three (3) years of your last interaction, whichever is first (see Section 4).
• Account information (name, email, identifiers). Kept while your account is active and deleted after account deletion, subject to any retention we are legally required to keep.
• Uploaded photos and generated images. Kept while your account is active; you can delete individual creations at any time.
• Account deletion specifics. Deleting your account destroys your facial model and removes your personal data, and revokes the Sign in with Apple token where you signed in with Apple. For technical reasons, certain creations you have generated, and a small, non-identifying preview blob associated with a creation, may persist after account deletion due to how the app stores content and previews; this content does not contain your facial model and is not used to identify you. You can delete individual creations yourself at any time.
• Purchase records and diagnostics. Kept as needed for accounting, fraud prevention, and stability, and for any period required by law.

12. Security and breach notification

We use technical and organizational measures designed to protect your data, including access controls, encryption in transit, isolation of sensitive data, and restricted access to facial data. We protect your facial data using the reasonable standard of care for our industry and at least as protectively as we protect our other confidential information. No system is perfectly secure, but we work to keep your data safe and to respond promptly to any incident. Where a personal-data breach occurs, we will notify affected users and the relevant supervisory authorities to the extent and within the timeframes required by applicable law, including the GDPR and applicable US state breach-notification laws.

13. Your rights

If you are in the EEA, UK, or Switzerland (GDPR / UK GDPR), you have the right to: access your data; have it corrected; have it erased (the right to be forgotten); restrict its processing; receive it in a portable, machine-readable format; object to certain processing; withdraw consent at any time, including consent for biometric processing; and lodge a complaint with your local data-protection supervisory authority.

If you are a California resident (CCPA / CPRA),you have the right to: know what personal information we collect and how we use and share it; access and obtain a copy of it; delete it; correct it; opt out of the "sale" or "sharing" of personal information; limit the use and disclosure of sensitive personal information; and not be discriminated against for exercising your rights. On our website, we honor recognized opt-out preference signals, such as the Global Privacy Control (GPC), as a valid request to opt out of any sale or sharing.

We do not sell or share your personal information, and we do not sell or profit from your biometric data. Because we limit the use of your sensitive personal information (including your facial data) to what is necessary to provide the Service, we do not use it for any purpose you would need to separately limit. The identity gate that scores each generated image is a quality check only; it does not make automated decisions that produce legal or similarly significant effects about you, and we do not subject you to that kind of automated decision-making.

United States biometric privacy. If you are in Illinois (BIPA), Texas (CUBI), Washington, or another state with a biometric privacy law, the protections in Section 4 apply to you, including our public retention and destruction schedule, our written-consent requirement before collection, our no-sale and no-profit commitment, our limits on disclosure, and our security standard for biometric data.

14. How to exercise your rights

You can delete individual creations, make creations private, withdraw biometric consent, and delete your entire account (which destroys your facial model and removes your personal data) directly in the app. To make any other request, or to ask a question, email us at [email protected]. We may need to verify your identity before acting on a request, and we will respond within the timeframes required by applicable law. You will not be treated differently for exercising your rights.

15. Children

Getwellin is rated 16+ and is not directed to children. We do not knowingly collect personal data, and we do not knowingly collect facial data, from anyone under 16 or under the minimum age required in their region. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it.

16. Changes to this policy

We may update this policy as the Service evolves or as the law changes. We will reflect material changes here with a new "last updated" date, and, where required, we will seek your consent again. If a change affects how we process your facial data, we will obtain any further consent the law requires before applying it to you.

17. Contact us

Privacy questions and requests: [email protected]. General support: [email protected]. Our postal address is [TO BE COMPLETED: Company legal entity, registered address].

EU and UK representatives. As required for controllers outside the EU and UK that offer services to people there, you may contact our EU representative at [TO BE COMPLETED: EU Article 27 representative] and our UK representative at [TO BE COMPLETED: UK Article 27 representative]. You also have the right to lodge a complaint with your local data-protection supervisory authority.