Ridge Privacy Policy

Effective Date:
1. Information We Collect

We collect the following types of information to provide and improve our sunset glow effect services, including sensitive facial data as detailed below:

User-Provided Data
  • Portrait photos and images uploaded or captured via the app (including facial feature data contained within these images, such as facial contours, eye position, nose shape, mouth position, and other biometric facial characteristics that are necessary for applying sunset glow effects)
  • Account registration information (if applicable): email address, username
  • Payment information (for premium subscriptions): transaction details, billing address
Automatically Collected Data
  • Device information: model, operating system, unique device identifiers
  • Usage data: app interaction patterns, feature usage frequency, session duration
  • Log data: IP address, timestamps, crash reports, diagnostic information
  • Location data (if permitted): approximate geographic location for personalized content
Facial Data Collection Details

We collect facial data only from portrait photos/images voluntarily uploaded/captured by users for the sole purpose of applying sunset glow light effects. The specific facial data points collected include:

  • Facial contour coordinates (to map the outline of the face for effect application)
  • Key facial feature positions (eyes, nose, mouth, cheeks, jawline) to ensure precise effect alignment
  • Facial skin tone and texture data (to adjust sunset glow effect intensity and color matching)

Facial data is extracted locally on the user's device first, and only transmitted to our third-party AI services if the user explicitly consents (see Section 3 for details).

Collection methods include:

  • Direct user input: Upload/capture of portrait images containing facial data via the app's camera or photo library access
  • Automated processing: Local extraction of facial feature data from uploaded/captured images using on-device computer vision algorithms
  • Third-party service integrations: Only with explicit user consent (see Section 3)

2. How We Use Your Information (Including Facial Data)

Your data (including facial data) is used exclusively for the following purposes, with no additional or secondary uses:

  • Processing and applying sunset glow light effects to your portrait images:
    • Facial data is used to precisely map sunset glow effects to facial features (e.g., adjusting light intensity on cheeks, highlighting facial contours with sunset hues)
    • Optimizing effect placement and blending to ensure natural-looking results on facial features
    • Customizing sunset glow effects based on facial structure (e.g., adjusting light angles to match facial contours)
  • Providing, maintaining, and improving the Ridge application and its features (including refining facial effect algorithms based on anonymized facial data patterns)
  • Processing premium subscription payments and managing your account
  • Sending important updates, service notifications, and support communications
  • Personalizing your experience with tailored effect recommendations based on facial feature preferences (anonymized)
  • Analyzing anonymized usage patterns (excluding identifiable facial data) to enhance app performance and develop new features
  • Complying with legal obligations and protecting the security of our service
Facial Data Specific Usage Rules

We do NOT use facial data for:

  • Facial recognition or identification of individual users
  • Sharing with advertisers or marketing partners
  • Profiling or behavioral tracking beyond the scope of effect application
  • Any purpose other than the sunset glow effect processing for which the user provided the data

Facial data retention period: We retain facial data only for the duration necessary to process the sunset glow effect (maximum 72 hours after effect creation/completion). After this period, all raw facial data is permanently deleted. Anonymized facial feature patterns (unlinked to individual users) may be retained for algorithm improvement indefinitely.

3. Third-Party AI Service Data Processing (Including Facial Data)
User Consent Requirement: We will not share any user data (including facial data) with third-party AI services without the user's explicit, opt-in consent. Prior to any data transmission, users will be presented with a clear, separate consent prompt that:
  • Discloses exactly what data will be sent (see below)
  • Identifies the third-party service provider (OpenRouter)
  • Explains the purpose of data sharing (AI-powered light effect processing)
  • Allows users to accept or decline the data sharing request
Data Shared with OpenRouter (Third-Party AI Service Provider)

Only with explicit user consent, we share the following data with OpenRouter:

  • Portrait images uploaded to Ridge (containing facial data as detailed in Section 1) – solely for AI-powered sunset glow effect processing
  • Extracted facial feature data (contours, key feature positions, skin tone) necessary for effect generation
  • Image metadata (resolution, format) and processing parameters (effect intensity, color preferences) selected by the user
  • Anonymized usage data (no user identifiers) to improve AI model performance for sunset glow effect generation

Data Storage Location:

  • User facial data shared with OpenRouter is stored on OpenRouter's secure cloud servers located in the United States
  • All facial data is encrypted in transit (TLS 1.3) and at rest (AES-256) (see Section 5 for full security measures)

Third-Party Data Protection: OpenRouter maintains data protection capabilities equal to or exceeding our own standards, including:

  • Compliance with GDPR, CCPA, and Apple's App Store data privacy requirements
  • End-to-end encryption of all user data (including facial data)
  • Strict access controls limiting facial data access to only necessary AI processing systems
  • Commitment to not retain facial data longer than 72 hours (same as our retention policy)
  • Prohibition of using/shared facial data for any purpose other than providing AI effect processing for Ridge

OpenRouter processes this data solely to provide AI-powered light effect generation for Ridge. We have a formal data processing agreement (DPA) with OpenRouter that mandates compliance with all applicable data protection laws and Apple's privacy requirements.

Users may revoke consent for third-party AI data sharing at any time via the app's Settings > Privacy > Third-Party AI Services menu. Revoking consent will immediately stop any further data sharing with OpenRouter and trigger deletion of the user's facial data from OpenRouter's servers (within 24 hours).

4. Information Sharing & Disclosure (Including Facial Data)

We may share your information (including facial data) only in the following limited circumstances (all require explicit user consent unless legally mandated):

  • Service Providers: With trusted third parties who assist in operating Ridge (including OpenRouter for AI processing) – only with explicit user consent, and solely for the purpose of providing the requested sunset glow effect service. We do not share facial data with any other third-party service providers (e.g., payment processors, analytics services).
  • Legal Requirements: When required by law, regulation, or legal process (such as a court order), or to protect our rights, property, or safety. In such cases, we will disclose only the minimum necessary facial data and will notify users (unless prohibited by law).
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets – facial data will be transferred only if the acquiring party agrees to maintain the same strict privacy and security standards outlined in this policy.
  • Consent: With your explicit, informed consent for any other purpose not outlined in this policy (separate consent prompt for each additional purpose).

We do not sell your personal information (including facial data) to third parties for commercial purposes, under any circumstances.

5. Data Security Measures (Including Facial Data)

We implement industry-leading security measures to protect your facial data and other personal information from unauthorized access, disclosure, or misuse:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256) – facial data is encrypted from the moment it leaves the user's device until deletion
  • Local processing of facial data: Initial facial feature extraction is performed on the user's device (no transmission to servers) unless user consents to AI processing
  • Regular security audits and vulnerability assessments (quarterly) focused specifically on facial data protection
  • Strict access controls: Only authorized personnel (with need-to-know access) can access facial data, and all access is logged and monitored
  • Secure data storage on compliant cloud infrastructure (OpenRouter's certified infrastructure for AI processing)
  • Automatic deletion of facial data after 72 hours (see Section 2 for retention details)
  • Employee training on facial biometric data protection best practices and compliance with global privacy regulations
  • Regular penetration testing of systems handling facial data

While we strive to protect your facial information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we commit to notifying users of any unauthorized access to facial data (as required by law) and taking immediate corrective action.

6. User Data Rights (Including Facial Data)

You have the following enhanced rights regarding your facial data and other personal data:

  • Access: Request a copy of all facial data we hold about you (in machine-readable format)
  • Correction: Request correction of inaccurate facial data (e.g., misprocessed facial feature data)
  • Deletion: Request immediate and permanent deletion of your facial data (we will comply within 24 hours, subject to legal exceptions)
  • Restriction: Request restriction of processing your facial data (we will pause all processing until the request is resolved)
  • Data Portability: Request a machine-readable copy of your facial data for transfer to another service (where technically feasible)
  • Withdrawal of Consent: Withdraw any previously provided consent for facial data processing/sharing (effective immediately, with deletion of facial data from third-party services within 24 hours)
  • Opt-Out: Opt out of all non-essential facial data processing at any time via the app's Privacy Settings

To exercise these rights (especially regarding facial data), please contact us at Ridge@gmail.com. We will respond to valid facial data requests within 48 hours (faster than standard data requests) and complete action within 7 days.

7. Children's Privacy

Ridge is not intended for use by children under the age of 13. We do not knowingly collect personal information (including facial data) from children under 13. If we become aware that we have collected facial data from a child under 13 without parental consent, we will take steps to delete that facial data immediately (within 24 hours). If you believe we may have collected facial data from a child under 13, please contact us immediately at Ridge@gmail.com.

8. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any changes related to facial data collection, use, sharing, or retention will be considered material changes and will be notified through:

  • In-app pop-up notifications (requiring user acknowledgment)
  • Email notification to registered users
  • Prominent notices on our website

Your continued use of Ridge after the effective date of the revised policy constitutes acceptance of the changes. For material changes to facial data practices, we will obtain explicit re-consent from users before continuing processing.

9. Facial Data Privacy Summary (For App Review)

Summary of Facial Data Practices:

  • Collected: Facial contours, key feature positions (eyes/nose/mouth), skin tone from user-uploaded portrait images
  • Used For: Precisely applying sunset glow effects to facial features; no facial recognition/identification
  • Shared With: Only OpenRouter (AI service provider) with explicit user consent; no other third parties
  • Stored At: OpenRouter secure cloud servers in the United States – fully encrypted at all times
  • Retained For: Maximum 72 hours after effect creation; then permanently deleted
  • Policy References: Section 1 (collection), Section 2 (use), Section 3 (sharing/storage), Section 4 (disclosure), Section 5 (security), Section 6 (user rights)

For questions, concerns, or requests regarding facial data privacy or this Privacy Policy, please contact us at:

Ridge@gmail.com

We respond to facial data privacy requests within 48 hours.