Privacy Policy

Miyra - Portrait Decorator App

Effective Date: February 04, 2026

Introduction

This Privacy Policy explains how Miyra ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use our mobile application, including photo capture, upload, icon decoration, image editing, and related services. We are committed to protecting your privacy and personal data in compliance with applicable global data protection laws (including Apple's App Store Review Guidelines and GDPR, CCPA).

By using Miyra, you consent to the practices described in this policy.

Types of Information We Collect

We collect only the information necessary to provide and optimize our portrait decoration services, with clear classification of data types, collection methods and transmission rules as follows:

  • Device Information:
    Collection Method: Automatically collected by the app during installation and launch, through the native system API of the device.
    Specific Data: Device model, operating system version (e.g., iOS 17.0), screen resolution, iOS advertising identifier (IDFA, only if you authorize), unique device identifier (IDFV), and application crash logs.
    Transmission Rule: Crash logs are only transmitted to the server when the user explicitly consents to "send crash reports"; other device information is stored locally by default and will not be transmitted unless it is necessary for version adaptation optimization (with prior user notice and consent).
  • Photo & Media Data (Including Facial Data):
    Collection Method: Collected only when you voluntarily initiate the operation (e.g., click "shoot" to take a portrait photo, select "upload" to import photos from the device album).
    Specific Facial Data: Only the facial feature information contained in the portrait photos you actively shoot/upload (e.g., facial contour, position of eyes/nose/mouth) — we do not collect 3D facial data, facial recognition feature values, or biometric information that can independently identify individuals.
    Transmission Rule: All photo/media data (including facial data) is stored locally on your device by default; transmission to external servers will only occur if you explicitly enable "AI-assisted decoration" function (related to OpenRouter service).
  • Usage Data:
    Collection Method: Collected in real time during your use of the app, through the native event tracking of the app (no third-party tracking tools are used without consent).
    Specific Data: Interaction records with decorative icons (e.g., the type of icons selected: stars/hearts/flowers, the number of uses), editing tool usage frequency, interface operation behavior (e.g., click, slide, export), and functional usage duration.
    Transmission Rule: Stored locally by default; aggregated and anonymized usage data (excluding any personal identifiable information) may be transmitted to the server for overall user experience optimization (no individual user data is associated).
  • Account & Payment Data:
    Collection Method: Collected only when you purchase premium services, through the official in-app purchase API of the App Store (we do not directly collect payment information).
    Specific Data: Transaction records provided by the App Store (e.g., order number, purchase time, premium icon pack type), subscription status (active/expired).
    Transmission Rule: Only the transaction result (success/failure) and subscription status are transmitted to our server to unlock corresponding premium functions; no full payment details (e.g., credit card number, CVV) are collected or transmitted.

Purposes of Information Usage (Including Facial Data)

We use your collected information (including facial data) solely for the following legitimate, specific and limited purposes, and will not expand the scope of use without your explicit consent:

  • Core Decoration Function Implementation (Primary Purpose of Facial Data):
    1. Identify the position of facial features in the portrait photo (locally on the device) to provide precise reference for manual placement of decorative icons (stars/hearts/flowers) (e.g., prompt the user to place small icons near the hairline, cheek corners, etc., without automatic recognition or modification of facial features);
    2. Ensure that the decorative icons you manually place can be displayed normally on the portrait photo, and support functions such as zooming, rotating and moving the icons to match the facial position;
    3. When you enable the "AI-assisted decoration" function (optional), the facial data in the photo will be used to generate personalized decoration suggestions (e.g., recommended icon types and placement positions that match the facial contour) — this process is completed through the OpenRouter service, and the facial data is only used for this one-time suggestion generation and will not be used for other purposes.
  • App Performance & Experience Optimization:
    1. Use device information to adapt the app to different iOS versions and device models, fix compatibility bugs (e.g., crash logs are used to locate and repair app crash issues on specific device models);
    2. Use aggregated and anonymized usage data to optimize the layout and usability of decoration icons and editing tools (e.g., adjust the display position of frequently used icons such as stars/hearts according to user operation habits);
    3. No facial data is used for app performance optimization (aggregated data does not contain any facial feature information).
  • Premium Service Management:
    Use account & payment data to process paid orders, unlock premium icon packs (e.g., exclusive star/heart/flower icon styles), manage subscription services (e.g., verify subscription validity, renew reminders), and provide after-sales support for premium services.
  • Service Notification & Security:
    1. Send important service notifications (e.g., premium service expiration reminders, functional update prompts), policy updates, and necessary functional reminders (no marketing push without consent);
    2. Prevent malicious behavior (e.g., unauthorized cracking of premium icon packs), ensure service security, and comply with legal obligations (e.g., respond to Apple's App Store compliance audits);
    3. No facial data is used for service notification or security management.

Third-Party Services & Data Processing (Including OpenRouter)

Miyra integrates the following third-party SDKs/services to support basic or optional functions, all of which comply with Apple's data protection requirements. The specific data processing rules are as follows:

  • Apple Official Services (App Store/In-App Purchase):
    Processed Data: Transaction records, subscription status, device model (IDFV);
    Usage Purpose: Payment settlement, premium service unlocking, version management;
    Data Protection: Complies with Apple's privacy policy, no storage of sensitive payment information.
  • Crash Analysis Service (Fabric/Crashlytics):
    Processed Data: App crash logs, device model, iOS version;
    Usage Purpose: Locate and fix app stability issues;
    Data Protection: Anonymized processing, no association with personal identifiable information, transmission via HTTPS encrypted protocol.
  • OpenRouter (AI-Assisted Decoration Optional Service):
    Service Type: Third-party AI service provider;
    Trigger Condition: Only when you explicitly enable the "AI-assisted decoration" function (default disabled);
    Processed Data: Facial data (facial contour/feature position) in the portrait photo you select, anonymized usage data (icon type preference);
    Usage Purpose: Generate personalized decoration suggestions (icon type/placement position) for the selected portrait;
    Data Protection Capability: OpenRouter complies with GDPR/CCPA and Apple's App Store data protection requirements, with data protection capabilities equal to or higher than industry standards, including:
    - End-to-end encryption for data transmission between the app and OpenRouter servers;
    - One-time use of facial data (automatically deleted after generating decoration suggestions, no long-term storage);
    - Strict access control to prevent unauthorized data viewing/use;
    - Regular security audits and vulnerability scanning.
  • Cloud Storage Service (iCloud/Third-Party Cloud):
    Processed Data: Only the portrait photos and decoration records you actively choose to back up;
    Usage Purpose: Cloud backup of user-edited photos (optional);
    Data Protection: Complies with the cloud service provider's privacy policy, encrypted storage.

We only authorize third parties to process data within the scope necessary to complete their services, sign data processing agreements with all third parties (including OpenRouter), and require them to strictly comply with confidentiality obligations and not use the data for any purposes other than the agreed scope.

Information Sharing & Disclosure (Including OpenRouter Data Transmission)

We DO NOT sell, rent, or trade your personal information (including facial data) to any third party for commercial purposes. We may share/transmit your information only in the following limited scenarios:

  • Explicit User Consent:
    1. When you enable the "AI-assisted decoration" function, the facial data in the selected portrait photo will be transmitted to OpenRouter servers to generate decoration suggestions — we will clearly prompt you for this transmission behavior before enabling the function, and you can refuse or disable the function at any time (disabling will not affect the use of basic decoration functions);
    2. When you actively choose to share edited portrait photos (including facial data) through the app's sharing function (e.g., share to social media), the data will be transmitted to the corresponding third-party platform according to your selection (we do not initiate any sharing behavior without your operation).
  • Legal Compliance & Security Needs:
    1. To comply with applicable laws, regulations, court orders, or mandatory requirements of government regulatory authorities;
    2. To protect the legitimate rights, property, and safety of Miyra, our users, and the public (e.g., respond to fraud, security breaches);
    3. In the event of merger, acquisition, or asset transfer, we will notify you of the change of data ownership and require the acquirer to comply with this privacy policy.
  • Authorized Partner Support:
    Share aggregated and anonymized data (excluding facial data and personal identifiable information) with authorized technical/operational partners (including OpenRouter) to optimize AI decoration suggestions — this data cannot be used to identify individual users.

Except for the above scenarios, we will not share/transmit your facial data or other personal information to any third party.

Data Storage & Retention (Including Facial Data)

We adhere to the principle of "minimum storage" and "no retention of sensitive data", and the storage rules for different types of data are as follows:

  • Facial Data Storage:
    1. Local Storage: Facial data contained in portrait photos is stored only in the local album of your iOS device and the app's sandbox directory (no access to other app data); you can delete the photos/facial data at any time by deleting the photos in the album or clearing the app's cache;
    2. Third-Party Storage (OpenRouter): When you use the "AI-assisted decoration" function, the facial data transmitted to OpenRouter is only temporarily stored on OpenRouter's servers for the time required to generate decoration suggestions (maximum 24 hours), and will be automatically and completely deleted after the suggestion generation is completed; OpenRouter does not retain any facial data for long-term storage;
    3. Our Servers: We DO NOT store any facial data on our servers at any time; all facial data is either stored locally on your device or temporarily stored by OpenRouter (with automatic deletion).
  • Device/Usage Data Storage:
    1. Local Storage: Stored in the app's sandbox directory, retained until you uninstall the app or manually clear the app data;
    2. Server Storage: Aggregated and anonymized usage data (no personal information) is retained for up to 12 months for experience optimization, then automatically anonymized and archived (no association with individual users).
  • Account/Payment Data Storage:
    Stored on our servers for the duration of your use of premium services plus 12 months (for after-sales and compliance auditing), then automatically deleted (transaction records are retained in accordance with App Store rules).

Key Statement: We DO NOT retain any facial data (whether locally or on servers) beyond the time necessary for you to use the app's core functions; you have full control over the retention and deletion of facial data (deletion will not affect the normal use of the app's basic functions).

Data Security Measures

We implement industry-standard technical and management security measures to protect your data (especially facial data) from unauthorized access, disclosure, alteration, or destruction, and require OpenRouter to implement the same level of security measures:

  • Local data encryption: Facial data and photos stored on your device are encrypted using iOS's native Data Protection API (at least NSFileProtectionComplete level);
  • Secure transmission: All data transmitted to third parties (including OpenRouter) uses TLS 1.3 encrypted transmission protocol, with additional end-to-end encryption for facial data;
  • Permission control: Strict iOS system permission application rules (e.g., photo access permission is applied only when you need to upload photos, and can be revoked at any time in device settings); internal staff have no access to user facial data;
  • Third-party security oversight: Regularly review OpenRouter's data protection measures (including security audit reports), and require OpenRouter to provide real-time notification of any data security incidents involving user data;
  • Regular security testing: Conduct vulnerability scanning, penetration testing, and system upgrades for the app and associated services every quarter to fix potential security risks.

While we take strong safeguards, no electronic storage or network transmission is 100% secure. We will promptly notify you and take remedial measures in accordance with legal requirements if a data security incident occurs.

User Data Rights (Including Facial Data)

You retain full rights over your personal data (including facial data) and can exercise the following rights in accordance with Apple's privacy regulations and global data protection laws:

  • Access & View: View all portrait photos (including facial data) stored in the app's sandbox directory through the app's "My Photos" module; view the types of device/usage data collected by the app through the "Privacy Settings" module;
  • Delete: Delete local editing records, photos (including facial data), and usage data at any time within the app; request deletion of your account/payment data by contacting us (deletion will take effect within 7 working days);
  • Withdraw Consent: Revoke photo access permission, device information collection permission, or disable the "AI-assisted decoration" function (thus stopping facial data transmission to OpenRouter) at any time in the device's "Settings - Privacy - Miyra"; withdrawal of consent will only limit partial optional functions (basic decoration functions remain available);
  • Correction & Clarification: Request correction of inaccurate account/payment data, or request clarification of any questions about facial data collection/use/sharing by contacting us;
  • Data Export: Export the edited portrait photos (including facial data) stored in the app to the device album at any time (support batch export).

To exercise the above rights (except for local operations), contact us using the email provided at the end of this policy. We will respond to your request within 15 working days in accordance with applicable laws.

Children's Privacy Protection

Miyra is not intended for use by children under the age of 13. We do not knowingly collect personal information (including facial data) from children under 13. If we become aware that we have collected data from a child under 13 without parental/guardian consent, we will immediately delete all relevant data (including facial data) from local storage and notify OpenRouter to delete any temporarily stored data. If you are a parent/guardian and believe your child has provided us with information, please contact us promptly to request deletion.

Policy Update Mechanism

We reserve the right to update this Privacy Policy periodically to reflect changes in our services, legal requirements, or Apple's App Store Review Guidelines. The updated version will be posted within the Miyra app with the revised effective date, and we will highlight changes related to facial data collection/use/sharing (including OpenRouter-related content).

Material changes will be notified to users through in-app pop-up prompts (with explicit confirmation required) and email (if you have provided an email address). Your continued use of Miyra after the update constitutes your acceptance of the revised policy. You can view the historical versions of the privacy policy in the app's "About - Privacy Policy" module at any time.

Contact Us: Miyra@gmail.com

For questions about facial data and OpenRouter-related data processing, please specify "Facial Data Inquiry" in the email subject.