PERSONAL INFORMATION WE COLLECT

When you use the App, we may collect information about you, including:

• Photographs you provide when you use the App, via your camera or camera roll (if you have granted us permission to access your camera or camera roll). We obtain only the specific images you chose to modify using the App; we do not collect your photo albums even if you grant us your access to them. For certain AI features requiring cloud processing, selected photos are temporarily uploaded (see “Apply effects and processing photos on cloud services” below). Please note that while we do not require or request any metadata attached to the photographs you upload, metadata (including, for example, geotags) may be associated with your photographs by default. We take steps to delete any metadata that may be associated with a photograph you provide when you use the App.
• Other Files and Media (including Music Files, Other Audio Files, Videos, Voice or Sound Recordings): Features within the app might require access to other media types *if you explicitly choose to use such features*. For example, if a feature allows importing audio or video, we will only access the specific files you initiate these actions for. Note: As per our current design, most video editing might be processed locally on your device.
• Facial Feature Data: As described in the “Face recognition technologies & AI and face detection” sections, we process facial feature data from the photos you provide to enable editing features. This data is processed locally on your device where possible, or temporarily on cloud servers for specific features, and is not used to identify specific individuals unless required by law.
• App usage information, such as information about how you use the App and interact with us, including your preferred language, the date and time when you first installed the App and the date and time you last used the App, crash logs, diagnostics, and other performance data.
• Purchase history, if you choose to purchase an App subscription, such as confirmation that you are a paid subscriber to the App.
• Social media information, if you choose to login to the App via a third-party platform or social media network (for example, Facebook), or otherwise connect your account on the third-party platform or network to the App. We may collect information from that platform or network, such as your social media alias, first and last name, number of “friends” on the social media platform and, if depending on your Facebook or other network settings, a list of your friends or connections (though we do not use or store this information). Our collection and processing of the information we obtain from social media platforms is governed by the requirements these social media platforms impose on us in their relevant terms and conditions.
• Device data and Identifiers, such as your computer and mobile device operating system type and version number, manufacturer and model, device ID, push tokens, Google Advertising ID (AdID) (used for personalized advertising and analytics), Apple ID for Advertising (IDFA) (used for personalized advertising and analytics), browser type, screen resolution, IP address (and the associated country/approximate location in which you are located), network connection state (WiFi/cellular), the website you visited before visiting our Site; and other information about the device you are using to visit the App. This also includes identifiers collected via SDKs for analytics, advertising, and app functionality.
• Online activity data, such as information about your use of and actions on the App and the Sites, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and certain third parties (e.g., online advertising networks and their clients) also may collect this type of information over time and across third-party websites and mobile applications. This information may be collected on our Site using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies. We may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our App. This information may be collected directly by us or through third-party Software Development Kits (“SDKs”) for purposes such as analytics and advertising.
• Cookie Information: Information collected via cookies when you visit our Site (see “Web browser cookies” below).

Device permissions for Personal Data access

Depending on the User’s specific device, this Application may request certain permissions that allow it to access the User’s device Data as described below. By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document. The exact procedure for controlling app permissions may be dependent on the User’s device and software. Please note that the revoking of such permissions might impact the proper functioning of this Application.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.

• Camera permission (android.permission.CAMERA): Used for accessing the camera or capturing images and video from the device for editing or other features.
• Storage Permissions (android.permission.READ_EXTERNAL_STORAGE, android.permission.WRITE_EXTERNAL_STORAGE, android.permission.READ_MEDIA_IMAGES, android.permission.READ_MEDIA_VISUAL_USER_SELECTED): Allows access to read, write, or select files (photos, videos, media) from the User’s device storage or Photo Library, as initiated by the user for importing, editing, or saving content. The specific permission depends on the Android version and the type of media being accessed.
• Internet & Network State Permissions (android.permission.INTERNET, android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE): Required to access the internet for app functionality, downloading/uploading content (e.g., for cloud AI processing), communicating with our servers and third-party services (like analytics, ads), and optimizing performance based on network connectivity.
• Advertising ID & AdServices Permissions (com.google.android.gms.permission.AD_ID, android.permission.ACCESS_ADSERVICES_AD_ID, android.permission.ACCESS_ADSERVICES_ATTRIBUTION, android.permission.ACCESS_ADSERVICES_TOPICS): Used by the app and third-party advertising and analytics partners to provide personalized advertising (in the free version), measure ad effectiveness, perform attribution analysis, and comply with platform requirements for advertising functionalities. User controls for ad personalization are available in device settings.
• Billing Permission (com.android.vending.BILLING): Necessary to handle in-app purchases and subscriptions through the Google Play Store.
• Foreground Service & Background Execution Permissions (android.permission.FOREGROUND_SERVICE, android.permission.RECEIVE_BOOT_COMPLETED, android.permission.WAKE_LOCK): Allows the app to perform essential tasks reliably, such as processing large images or applying complex effects, managing uploads/downloads, sometimes continuing briefly after the user leaves the app or after the device restarts, to ensure tasks complete successfully. WAKE_LOCK helps prevent the device from sleeping during critical operations.
• Notifications Permission (android.permission.POST_NOTIFICATIONS): Allows the app to send push notifications for updates, alerts, or marketing messages, if the user opts-in (on supported Android versions).
• Vibrate Permission (android.permission.VIBRATE): Used to provide haptic feedback for user actions within the app.
• Install Referrer Permission (com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE): Used primarily for analytics and marketing attribution to understand how users discovered and installed the app via the Google Play Store.

Face recognition technologies & AI and face detection

We use face detection and analysis technologies within the App to enable features that allow users to edit portraits and apply transformations using neural networks. These algorithms detect facial features and landmarks in the photos you choose to process.

The facial feature data generated is used solely to provide these editing features within the App. Where possible, processing occurs locally on your device. For features requiring more computational power, data may be processed in the cloud (see below). This facial feature data is generally not capable of identifying a specific person and is discarded after processing or when you close the App session related to that processing. We do not use this data for identification purposes, nor do we share it with third parties for such purposes.

However, if applicable law considers images processed by the App or the generated facial feature data as biometric identifiers or a similar category, by using these features, you provide your informed consent to this processing as described in this Policy.

Managing Device Permissions

PhotoBoost only uses permissions you explicitly grant. To revoke permissions:

• Android: Settings → Apps → PhotoBoost → Permissions → disable the specific permission (e.g., Camera, Storage/Photos, Notifications).

• iOS: Settings → Privacy & Security → [Permission Type e.g., Camera or Photos] → toggle off PhotoBoost.

Revoking permissions may limit or disable related App features.

HOW WE USE YOUR PERSONAL INFORMATION

We do not use the photographs you provide when you use the App for any reason other than to provide you with the photo editing and related functionality of the App. We may use information other than photographs for the following purposes:

To operate and improve the App:

• Enable you to use the App’s features, including photo editing and applying AI effects;
• Establish and maintain your account, if you choose to login to the App using your social media account;
• Communicate with you about the App, including by sending you announcements, updates, and security alerts, which we may send through a push notification, and responding to your requests, questions and feedback;
• Provide technical support and maintenance for the App; and
• Perform statistical analysis about use of the App (including through the use of third-party analytics providers like Google Analytics, Firebase Analytics, AppsFlyer, Mixpanel, Amplitude, as detailed below), which may involve the use of device identifiers and usage data to understand user behavior, fix crashes (using services like Firebase Crashlytics), and improve features (using services like GrowthBook for A/B testing).

To send you marketing and promotional communications. We may send you marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing section below.

To display advertisements to you. If you use the free version of the App, we work with advertising partners (like Google AdMob/DoubleClick) to display advertisements within the App. These advertisements are delivered by our advertising partners and may be targeted based on your use of the App, your activity elsewhere online, and your device’s advertising ID (AdID/IDFA) and potentially information derived from AdServices APIs. We may use tools like Google’s User Messaging Platform (UMP) via `fundingchoicesmessages.google.com` to manage consent for advertising. To learn more about your choices in connection with advertisements, please see the section below titled “Opt‑Out of Targeted Advertising, Sale and Profiling.”

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or Appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. This may involve using device identifiers and network information.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information like photos you process, in order to improve our AI models and features in the app and in other photo-related apps provided by us, and offer a better service for editing and enhancing your images (for example, by using your images to train and validate our AI algorithms in the app and in other similar mobile and web apps provided by us, and by examining and labelling your images to improve the performance of our enhancement features). The legal basis for the processing is your consent (art. 6(1)(a) of the GDPR). If you have an account and upon your consent, we will receive images, videos and audio-recordings uploaded by you.

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

HOW WE SHARE YOUR PERSONAL INFORMATION

We do not disclose user photographs to third parties except as necessary to provide the app’s features (e.g., uploading encrypted data to our cloud providers like Google Cloud Platform, Amazon Web Services, and Cloudflare for processing and temporary storage as described in “Apply effects and processing photos on cloud services”). We may share your non-photograph information in the following circumstances:

Affiliates. We may share App usage information with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information (excluding raw photos unless needed for a specific service you request and consent to, like cloud AI processing) with service providers that perform services on our behalf or help us operate the App (such as customer support, hosting, analytics, crash reporting, A/B testing, email delivery, marketing, database management, and payment processing). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose. This includes providers listed in the table below and others necessary for app operation. These providers may access data via SDKs integrated into the app and communicate with their respective endpoints (e.g., `appsflyersdk.com`, `mixpanel.com`, `growthbook.io`, various `googleapis.com` subdomains for Firebase and Google services).

Advertising partners. When we use third-party cookies, SDKs, and other tracking tools (e.g., Google AdMob/DoubleClick, potentially others), our advertising partners may collect information from your device (such as AdID/IDFA, IP address, app usage data, AdServices API data) to help us analyze use of the Site and the App, display advertisements on the App (in the free version), measure ad performance, conduct attribution, and advertise the Site and App (and related content) elsewhere online. These partners operate under their own privacy policies. Data may be sent to endpoints like `googleads.g.doubleclick.net`.

Third-party platforms and social media networks. If you have enabled features or functionality that connect the App to a third-party platform or social media network (such as by logging into the app using your account with the third-party, providing your API key or similar access token for the App to a third-party, or otherwise linking your account with the App to a third-party’s services), we may disclose the personal information that you authorized us to share. We do not control the third-party platforms’ use of your personal information, which is governed by that third party’s privacy policy and terms and conditions.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

THIRD-PARTY SERVICES & SDKs

We utilize various third-party services and Software Development Kits (SDKs) to provide and improve the App, enable functionality, perform analytics, display advertising (in the free version), and ensure stability. These third parties may collect data directly from your device via their SDKs and interact with their own servers (endpoints). Below is a list of key third-party services we use, along with links to their privacy policies. Please note that data collected by these third parties is governed by their respective privacy policies.

In addition to the services listed above, our app incorporates numerous other SDKs that are essential for core application development, functionality, user interface, and performance. These include libraries from AndroidX (part of Android Jetpack for fundamental app components like activities, UI elements, camera handling, lifecycle management, navigation, etc.), networking libraries (like OkHttp, Retrofit), image loading libraries (like Glide), utility libraries (like Gson, RxJava, Kotlin Coroutines), and UI component libraries (like Material Components, Lottie for animations). While these SDKs are integral to the app’s operation, they generally do not collect personal data for their own independent purposes but facilitate the app’s interaction with your device and our services.

The endpoint `::1` detected relates to localhost communication, which is standard for internal device processes.

YOUR CHOICES

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
• Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
• Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document (primarily [email protected], or specific regional emails where provided). These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month, subject to applicable law.

Third-party platforms or social media networks. If you choose to connect to the App via a third-party platform or social media network, such as by using Facebook login, you may have the ability to limit the information that we may obtain from the third-party at the time you login to the App using the third-party’s authentication service or otherwise connect your account. Subsequently, you may be able to control your settings through the third-party’s platform or service. For example, you may access and change your settings through the Facebook settings page for Apps and Websites. If you withdraw our ability to access certain information from a third-party platform or social media network, that choice will not apply to information that we have already received from that third party.

Opt‑Out of Targeted Advertising, Sale and Profiling

PhotoBoost does not “sell” or “share” your Personal Data (as defined under relevant laws like CCPA/VCDPA) in the traditional sense. However, sharing data with advertising partners for personalized ads in the free version might be considered “sharing” or a “sale” under some definitions. Under applicable laws like VCDPA and CCPA, you may have the right to opt out of:

• Targeted advertising (profiling for advertising purposes)
• Sale of your Personal Data (Note: We state we do not sell personal data in the traditional sense)
• Profiling that produces legal or similarly significant effects

To exercise these rights where applicable, or manage your advertising preferences, choose one of the following:

1. In‑App: Check for relevant privacy settings under Settings → Privacy (if available).
2. Device controls (for limiting Ad ID use):

   • iOS: Settings → Privacy & Security → Apple Advertising → disable “Personalized Ads”

   • Android: Settings → Privacy → Ads → select “Delete advertising ID” or “Opt out of Ads Personalization” (options may vary by device/OS version)

3. Email [email protected] with subject line “Opt‑Out of Targeted Advertising/Profiling Request” (if applicable under your jurisdiction). Provide necessary details for us to identify you.

Requests will be handled in accordance with applicable law. No user will be discriminated against for exercising their privacy rights.

OTHER SITES, MOBILE APPLICATIONS AND SERVICES

The App may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

SECURITY PRACTICES

We use commercially reasonable security practices, including appropriate technical and organizational measures, to help keep the information collected through the App secure and take reasonable steps (such as requesting proof of identity) to verify your identity before granting you access to your account or processing data rights requests. However, PhotoBoost cannot ensure the security of any information you transmit to us or guarantee that information on the App may not be accessed, disclosed, altered, or destroyed.

Please do your part to help us. You are responsible for maintaining the confidentiality of any login information and device identifiers, and for controlling access to communications between you and the app, at all times. Your privacy settings may also be affected by changes the social media services you connect to the app make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.

RETENTION

We configure our cloud service providers (like Cloudflare, Amazon Web Services, Google Cloud Platform) to delete photographs uploaded for specific cloud-based AI features within approximately 1 hour after they were last processed using the App. Processed photos saved to your device are under your control. Facial feature data generated for editing is typically discarded after the processing session ends or the App is closed.

With respect to other non-photograph information that we may collect (like analytics data, account information, device identifiers, usage data, diagnostics, crash logs), we will retain such information in a personally identifiable format only for as long as necessary to fulfill the purposes we have set out in this Privacy Policy, provide the Services, improve them, ensure security, comply with our legal obligations, resolve disputes, and enforce our agreements, or until we receive a valid deletion request (subject to legal exceptions). Aggregate and anonymized data may be retained indefinitely.

CROSS-BORDER DATA TRANSFERS

We store the information we collect in connection with the App primarily on servers provided by our service providers (like Amazon Web Services, Google Cloud Platform, Cloudflare) which may be located outside of your home country, including in the United States. Your personal information may be accessed by our personnel or service providers in these locations. Where required by law (e.g., GDPR), we ensure that transfers of personal information are subject to appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, or rely on adequacy decisions.

CHILDREN

The App is not directed at children under the age of 13 (or a higher age threshold where applicable by local law, e.g., 16 in the EEA/UK), and our Terms of Use do not allow children under the relevant age threshold to use the App. If we learn that we have collected personal information of a child under the applicable age without required parental consent, we will take steps to delete it as soon as possible. We encourage parents with concerns to contact us at [email protected].

CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the App and/or Site. We may, and if required by law, will, provide notification of changes in another way that we believe is reasonably likely to reach you, such as through the App or via email (if we have your address).

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of the App after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Data Controller & Data Protection Officer

For privacy questions:

Data Controller

Smart Media Internet Marketing Ltd.

Sderot Hayahasut 11, Beer Sheva, Israel

Contact: [email protected]

Data Protection Officer (DPO)

Yoav Tzori, DPO

[email protected]

NOTICE TO EUROPEAN USERS

The information provided in this “Notice to European Users” section applies only to individuals whose processing of personal data is subject to the GDPR (e.g., residents of the European Economic Area, UK, Switzerland).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

NOTICE TO CALIFORNIA RESIDENTS

We are required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information.

We do not “sell” personal information or “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA, in the traditional sense. As we explain in this Privacy Policy, we use third-party partners (like advertising networks via SDKs) to facilitate advertising in the free version of the App, which may involve the sharing of identifiers (like Ad ID) and usage data that could be considered “sharing” under the CCPA’s broad definition. If you would like to opt out of this type of sharing for targeted advertising purposes, please review the instructions provided in the Opt‑Out of Targeted Advertising, Sale and Profiling section.

The following chart further describes our privacy practices by referencing the categories of personal information enumerated by the CCPA. For details on the sources, purposes, and disclosures, please refer to the main sections of this Privacy Policy (“Personal Information We Collect”, “How We Use Your Personal Information”, “How We Share Your Personal Information”, “Third-Party Services & SDKs”).