Política de privacidad
Last Updated: February 24, 2026
1. INTRODUCTION
This Privacy Policy (the "Policy") describes how GOOD RETOUCH LP, located at 1 Lochrin Square, 92-98 Fountainbridge, Edinburgh, EH3 9QA, United Kingdom ("Retouchme," "we," "us," or "our"), collects, uses, stores, and discloses your information. We are committed to protecting your privacy and processing your personal data transparently and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Policy applies when you download, access, or use our mobile application Retouchme (the "App") and any related retouching services (collectively, the "Services"). This Policy explains what personal data we collect, how we use it, the legal bases we rely on to do so, and your rights regarding your data.
2. WHAT PERSONAL DATA WE COLLECT
We collect personal data about you from several sources, as described below.
2.1. Data You Provide Directly
- Photos and Videos. We collect and process the photos and/or videos you upload to the App for use of our retouching Services. We only process the media files you specifically select to upload and edit.
- Account Information. When you create a Retouchme account or log in, we collect the information necessary for authentication. This may be your email address and password, or if you use a third-party service to log in (e.g., Apple ID or Google Account), we receive your user identifier from that service.
- Marketing Contact Information. After a successful login, we may present a separate screen asking for your permission to collect your email address for the purpose of sending you marketing and promotional communications. You provide this data only on the basis of your explicit (opt-in) consent.
- Communications and Support. If you contact us for support or other inquiries at info@retouchme.com, we collect records and copies of your correspondence.
2.2. Data We Collect Automatically
- Device Information. We collect information about your mobile device, such as IP address, unique device identifiers (e.g., IDFA for iOS), operating system and version, and device type.
- Usage Details. We automatically collect information about your interaction with the App, including frequency of use and the features you use.
- Image Data. When you upload a photo or video for processing, our proprietary technologies may generate technical data about the elements of the image, such as the position, orientation, and topology of a face ("Face Data").
- Transaction and Subscription Data. All payments are processed by third-party payment processors (e.g., Apple, Google). We do not collect, receive, or store your full credit card information.
- Client Identifier. We may assign a unique signature to identify you on the Service ("Client ID").
3. HOW WE PROCESS YOUR PHOTOS AND VIDEOS (AND IMAGE DATA)
We use a combination of proprietary automated technology and professional human expertise to provide our Services. This section focuses on how we process your photos, videos, and associated Face Data:
- Human-Led Retouching. The core retouching and editing of your photos and videos are performed by professional human designers. Your content is accessed by our specialists strictly for the purpose of fulfilling your order.
- Proprietary AI Recommendations. We use our own proprietary AI models to analyze uploaded content solely to identify image features (such as body parts or facial attributes) to recommend relevant retouching services to the User.
- Private Infrastructure (AWS). Our proprietary AI models and your data are hosted and run on our secure private servers within Amazon Web Services (AWS). We use AWS strictly as an Infrastructure-as-a-Service (IaaS) provider.
- No External AI Integrations. We do not use any external or third-party AI integrations or APIs for processing your data. All automated analysis is handled by our internal infrastructure.
- Exclusively for Providing Services. Your photos, videos, and derivative Face Data are used exclusively to provide you with the retouching features you request.
- On-Device Processing. To provide some functionalities, we use face recognition technology that is carried out on the user’s device (e.g., using Apple's CIDetector class or Android's FaceDetector).
- Face Data Limitations. Information related to the user's face data processed on-device cannot be used to identify a specific person and is not shared with any third parties. This data is permanently deleted after the order is done.
- No Identification. We do not use your photos, videos, or server-side Face Data to identify you personally.
- No AI Training (Without Consent). We do not use your content (photos or videos) to train our artificial intelligence models unless we have obtained your separate, explicit, and voluntary consent to do so.
4. PURPOSES AND LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
Under the GDPR, we inform you of the purposes for processing your personal data and the legal bases we rely upon:
| Purpose of Processing (Why we use your data) | Types of Personal Data (Examples) | Legal Basis (under GDPR) |
|---|---|---|
| Providing Retouchme Services (including human-led retouching and proprietary AI recommendations). | Photos, videos, Image Data (Face Data). | Performance of a contract (Article 6(1)(b) GDPR). |
| Maintaining and securing your account. | Email address, Apple/Google ID, Client ID. | Performance of a contract (Article 6(1)(b) GDPR). |
| Sending marketing communications. | Email address (for mailing list). | Consent (Article 6(1)(a) GDPR). |
| Communicating with you and support. | Email address, correspondence records. | Our legitimate interest (Article 6(1)(f) GDPR). |
| Processing payments and subscriptions. | Transaction and subscription data. | Contract / Legal obligation (Article 6(1)(c) GDPR). |
| App improvement and analytics. | Usage details, device ID, IP address. | Our legitimate interest (Article 6(1)(f) GDPR). |
5. YOUR CHOICES AND MARKETING COMMUNICATIONS
We respect your choices regarding promotional communications.
- Obtaining Your Consent. We will not send you marketing email messages (information about promotions, special offers, etc.) unless you have given your explicit, affirmative (opt-in) consent. Consent is requested on a separate screen within the App and is not required to use the App's core features. We maintain a record of your consent as required by GDPR.
- Your Right to Opt-Out / Withdraw Consent. If you have previously given consent to receive marketing emails, you have the right to withdraw this consent at any time and free of charge.
- How to Withdraw Consent. You may withdraw your consent (unsubscribe) in one of the following ways:
- By clicking the "Unsubscribe" link, which is located in the footer of every marketing email we send.
- By contacting us directly at the email address provided in Section 13 "Contact Information."
- Consequences of Withdrawal. Withdrawing your consent for marketing communications will not affect the lawfulness of processing based on consent before its withdrawal. Your withdrawal of marketing consent will also not affect your ability to use the core Services of the App, including your account and subscriptions.
6. DATA RETENTION
- General Principle. We retain personal data only for as long as necessary for the purposes set out in this Policy.
- Photos and Videos (Automatic Deletion). All customer images and videos are stored securely and are automatically and permanently deleted from our servers after 30 days.
- Manual and Account Deletion. You can manually delete orders within the App. If you choose to delete your entire account, all your personal data, photos, and videos will be permanently and irreversibly deleted from our systems within 24 hours.
- Legal Obligations. Certain records (e.g., payment data) may be kept longer for tax or accounting purposes.
7. YOUR DATA PROTECTION RIGHTS (EEA AND UK RESIDENTS)
If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have certain rights regarding your personal data under the GDPR:
- The Right to Access. You have the right to request copies of your personal data from us.
- The Right to Rectification. You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The Right to Erasure (Right to be Forgotten). You have the right to request that we erase your personal data, under certain conditions.
- The Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing. You have the right to object to our processing of your personal data based on our legitimate interests.
- The Right to Data Portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The Right to Withdraw Consent. Where we rely on your consent for processing (as in the case of marketing communications described in Section 5), you have the right to withdraw that consent at any time.
- The Right to Lodge a Complaint. You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data infringes the GDPR. You may file a complaint with your member state's authority or with the UK's Information Commissioner's Office (ICO), as we are registered in the UK.
If you wish to exercise any of these rights, please contact us using the details in Section 13.
8. NOTICE TO UNITED STATES RESIDENTS
This section supplements the information contained in our Privacy Policy and applies solely to residents of U.S. states with comprehensive data privacy laws, including, but not limited to, California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA).
8.1. Your Rights and Choices
Depending on your state of residence, you may have the following rights:
- The Right to Know and Access. The right to know what personal data we collect, use, or disclose, and the right to access a copy of that data.
- The Right to Delete. The right to request the deletion of your personal data that we have collected and retained (subject to certain legal exceptions, e.g., if the data is necessary to complete a transaction or comply with a legal obligation).
- The Right to Correct. The right to request the correction of inaccurate personal data we maintain.
- The Right to Opt-Out of "Sale" or "Sharing." Retouchme does not sell your personal data for monetary consideration. We also do not "share" your personal data for purposes of cross-context behavioral or targeted advertising, as those terms are defined under U.S. law.
- The Right to Non-Discrimination. We will not discriminate against you (e.g., by denying services or providing a different price level) for exercising any of your privacy rights.
To exercise these rights, please contact us using the details in Section 13.
8.2. Notice at Collection (CCPA Table)
Over the past 12 months, we have collected (or may have collected) the following categories of personal information, as defined by the California Consumer Privacy Act (CCPA).
| Category of Personal Information (per CCPA) | Do We Collect This? | Primary Purpose of Collection |
|---|---|---|
| A. Identifiers (e.g., Email, IP-address, Apple/Google ID, Device ID, Client ID) | YES | Providing Services, Account Management, Marketing (for email), Support. |
| B. Personal Information (per Cal. Civ. Code 1798.80) (e.g., name, if you provide it in support) | YES | Support. |
| C. Characteristics of Protected Classifications | NO | We do not collect this category of data. |
| D. Commercial Information (Subscription data, purchase history) | YES | Payment processing, Subscription management. |
| F. Internet or other electronic network activity (App usage details) | YES | Analytics, Service Improvement. |
| G. Geolocation Data (Only imprecise, based on IP address) | YES | Analytics. |
| K. Inferences (e.g., about user preferences) | NO | We do not draw inferences to build a profile about you. |
| L. Sensitive Personal Information (Image Data, Face Data, as uploaded by you) | YES | Solely to provide the retouching Services you request. We do not use this data for other purposes. |
We disclose these data categories for business purposes to our service providers (e.g., hosting providers, payment processors, customer support services) who are obligated to process this data only on our behalf.
9. INTERNATIONAL DATA TRANSFERS
Our head office is in the United Kingdom. Your personal data may be stored and processed in any country where we have facilities or where we engage service providers (e.g., in the United States or the European Union).
If you are located in the EEA, your data will be transferred to the UK, which is recognized by the European Commission as providing an adequate level of data protection. When transferring data to countries outside the EEA or UK that do not have an adequacy decision (e.g., the US), we use approved safeguarding mechanisms, such as Standard Contractual Clauses (SCCs).
10. DATA SECURITY
We take reasonable technical, administrative, and organizational measures to protect personal data from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We use measures such as data encryption in transit and at rest, as well as strict access controls to our systems.
However, please be aware that no method of data transmission over the Internet or method of electronic storage is 100% secure.
11. CHILDREN'S PRIVACY
Our Service does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through our Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through our Services without their permission. If you believe that we might have any information from or about a child under 13, please contact us via email at info@retouchme.com.
12. CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy at any time. The policy is updated on our website, and the "Last Updated" date at the top of this page indicates the date of the latest revision. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Services after any changes indicates your acceptance of the new policy, which will not alter the fundamental principles of personal data storage.
13. CONTACT INFORMATION
If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or to exercise your rights, please contact us via email or through the contact form in our Application.
Data Controller: GOOD RETOUCH LP 1 Lochrin Square, 92-98 Fountainbridge, Edinburgh, EH3 9QA, United Kingdom
For all privacy-related inquiries, please email us at: Email: info@retouchme.com