00SUMMARY
STDIO is a face-AI photo app. You add a photo, you pick a style, you get a transformed image. We don't ask for your name, your email, or any account. We use an anonymous device identifier to count your three free generations and your subscription, and we send your photos to OpenAI to generate the result. We do not store your photos on our servers. We do not sell your data. That's the policy. The sections below are the legally precise version.
01WHO WE ARE
STDIO is a product by the i01.kz team. References to "we", "us", or "STDIO" in this policy mean that team. The app is published on the Apple App Store and the marketing site is hosted at stdio.wtf.
For the purposes of EU, UK, and equivalent data-protection law, the data controller for STDIO is the sole proprietor operating under the i01.kz brand, registered in Almaty, Republic of Kazakhstan. Full legal-entity details available on written request to the contact address below.
For any privacy question, data-deletion request, or general inquiry: support@stdio.wtf.
02WHAT WE COLLECT
Anonymous Device Identifier
On first launch, STDIO generates a random identifier (a UUID) on your device and stores it in the app's local storage. This identifier is not derived from your Apple ID, phone number, IMEI, or any hardware fingerprint — it is a fresh random string that lives only on your device and on our server. We use it to:
- count your three free generations per device;
- enforce your paid monthly quota (30 generations / month for Pro subscribers);
- recognize your subscription state on a fresh install if you restore purchases.
The identifier resets if you delete and reinstall STDIO.
Photos You Submit for Generation
When you tap Generate, the app first displays an explicit confirmation explaining that your photo will be sent to OpenAI (the third-party AI service that performs the image transformation, gpt-image-2 model) by way of our backend on Cloudflare Workers. Generation proceeds only if you accept; if you decline, the photo never leaves your device. If you have already accepted on a prior generation, STDIO remembers your choice and does not prompt again. You can revoke this consent at any time by uninstalling the app.
If you accept, your photo is uploaded to our backend (a Cloudflare Worker), which forwards it to OpenAI's image-generation API as the visual input. We do not persist your photo on our servers. The photo is held in memory for the duration of the generation request only, passed to OpenAI, and discarded once the result is returned. The generated output is held on our object storage only long enough for your device to download it (typically minutes), then deleted by a scheduled cleanup job.
OpenAI's own privacy practices govern any further handling of the photo while it is on their infrastructure — see Sub-processors below. Per OpenAI's API data-usage policy, content sent via the standard API is not used to train OpenAI's models.
Face Data
STDIO's purpose is to transform photos that often contain a person's face. To be precise about what that means in privacy terms:
- STDIO does not perform face detection, face recognition, face landmark extraction, biometric template generation, or any other form of facial analysis on your photo. Our application code does not extract a faceprint, does not measure facial features, and does not match your face against any database.
- The photo you select is treated as ordinary image data. It is uploaded to our backend as a whole image and forwarded to OpenAI's gpt-image-2 image-generation API as the visual input for producing the stylized output.
- OpenAI's gpt-image-2 model performs the image-to-image transformation that yields your result. OpenAI's own data-handling practices govern any analysis that occurs on their infrastructure (see Sub-processors).
- We do not collect, derive, store, or share any biometric identifier from your photo at any point.
- The photo itself is not retained on our servers — see Data Retention below.
Subscription State
If you buy a Pro subscription, Apple — not STDIO — handles the payment. RevenueCat (our subscription-management vendor) mirrors the receipt back to us so we can show your plan status inside the app. The data we receive includes: product identifier (stdio.monthly or stdio.annual), entitlement (pro), renewal date, and whether auto-renew is on. We never receive your credit-card details, your billing address, or your Apple ID.
Push Notification Token
If you grant notification permission so STDIO can tell you when a generation is done, Apple gives the app a push token, which we store against your device identifier. We use it only to send transactional pushes for generations you started. We do not send marketing pushes.
Analytics Events
STDIO sends a minimal stream of usage events (e.g. style_opened, generation_started, paywall_shown) to PostHog so we can understand which styles people love and where the app gets confusing. Events are keyed to your anonymous device identifier. We do not capture screenshots, keystrokes, the contents of your photos, or any free-text input.
Crash and Error Reports
If STDIO crashes or hits a runtime error, Sentry receives a stack trace, the device model (e.g. iPhone 15 Pro), the OS version, the app version, and your anonymous device identifier. This helps us fix bugs. We do not capture your photos in crash reports.
03WHAT WE DO NOT COLLECT
- Your name, email address, phone number, or any account credentials — STDIO has no sign-up.
- Your contacts, calendar, microphone, location, or any sensor data beyond what is needed to take a photo if you choose to use the camera.
- Your photos in any persistent server-side store.
- Your IP address as a tracked field. (Our backend sees the IP of every HTTPS request, as all backends do, but we do not log it against your device identifier or any other record.)
04SUB-PROCESSORS
STDIO uses the following third-party services. Each operates under its own privacy policy; tap the link for the details.
| Service | Purpose | Region | Policy |
|---|---|---|---|
| OpenAI | Image generation (gpt-image-2) | United States | openai.com |
| Apple | App distribution, in-app purchases, push notifications | Global | apple.com |
| RevenueCat | Subscription state management | United States | revenuecat.com |
| Cloudflare | Backend Worker, D1 database, edge network, object storage | Global (data-locality controlled at edge) | cloudflare.com |
| PostHog | Product analytics (anonymous events) | United States (US Cloud) | posthog.com |
| Sentry | Crash and error reporting | European Union (Germany) | sentry.io |
| Expo | App build infrastructure (no runtime user data) | United States | expo.dev |
05DATA RETENTION
- Your photo input: not persisted on our servers; held in memory during the generation request only.
- Generated output: stored in our object bucket long enough for your device to download it (minutes), then auto-deleted by a scheduled job.
- Device identifier and quota state: retained for as long as the device is using STDIO, plus 12 months of inactivity before we purge stale records.
- Subscription receipts (via RevenueCat): retained while the subscription is active, then for any applicable tax / accounting period required by law.
- Analytics events: retained for 12 months, then automatically deleted.
- Crash reports: retained for 90 days.
06YOUR RIGHTS
You can:
- Reset your device identifier by deleting and reinstalling STDIO. This severs the link between your future activity and any prior trial, quota, or analytics records keyed to the old identifier.
- Request deletion of any data we hold against your device identifier by emailing support@stdio.wtf with the identifier (you can find it under Settings → ID in the app). We will action requests within 30 days.
- Manage your subscription directly in iOS Settings (Apple ID → Subscriptions) or via the Manage Subscription link in the STDIO app. Cancellation takes effect at the end of the current billing period.
- Turn off push notifications in iOS Settings.
If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, the UK GDPR, or the CCPA respectively — including access, rectification, restriction, and portability. To exercise any of them, email the support address above.
07SECURITY
All data in transit between your device, our backend, and our sub-processors is protected by HTTPS / TLS 1.3. Our backend runs on Cloudflare Workers (edge-isolated). API credentials for OpenAI, RevenueCat, and our worker are held as encrypted secrets and never shipped in the client app. We follow industry-standard practices, but no system is perfectly secure — if you discover a vulnerability, please email support@stdio.wtf before publicly disclosing.
08CHILDREN
STDIO is rated 13+ on the App Store and is not directed to children under the age of 13. We do not knowingly collect data from anyone under 13. If you believe we have, please email support@stdio.wtf and we will delete the record.
09INTERNATIONAL TRANSFERS
Because STDIO uses sub-processors in the United States and the European Union (see Sub-processors), your data — chiefly the anonymous identifier and the in-flight photo during generation — is transferred internationally. Where required by EU or UK law, transfers rely on the European Commission's Standard Contractual Clauses or the equivalent UK addendum, which our sub-processors maintain.
10CHANGES TO THIS POLICY
If we update this policy, we will change the Last Updated date at the top and, for material changes, post a notice inside the app before the change takes effect. Continued use of STDIO after the effective date constitutes acceptance.
11CONTACT
For any question about this policy or any data we hold: