Privacy Policy

Last updated: May 21, 2026

You Were There ("we", "our", or "us") operates the You Were There mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address — for account identification and communication
• Display name — shown within the App
• Social login data — if you sign in with Google or Apple, we receive your name, email, and unique identifier from those services

Photos You Upload

When you use the App to generate AI time-travel photos, we collect the photos you upload. These photos are used solely for the purpose of generating your requested images.

Usage Data

We automatically collect certain information about how you use the App, including:

• Credit balance and transaction history
• Generation history (templates used, timestamps)
• Device information (device type, operating system)
• App interaction data (features used, session duration)

2. How We Use Your Information

We use the information we collect to:

• Generate AI-powered historical photos based on your uploads
• Create and manage your account
• Process credit purchases and transactions
• Send important notifications (generation complete, account alerts)
• Improve and optimize the App's performance and features
• Enforce our Terms of Service and prevent abuse

3. AI Photo Processing

Your uploaded photos are processed by a third-party generative AI service to create the requested images. Before any photo is processed, the App shows you an in-app consent screen that names the provider receiving your photo, what is sent, and the retention applied; you must tap "I Understand" to proceed, and you can revoke consent at any time from Profile → Privacy.

Third-Party AI Provider

The generative AI service we use is Google Gemini API, operated by Google LLC (model: gemini-3.1-flash-image-preview, also marketed as Nano Banana 2). Google processes the request under its own Gemini API Terms of Service and Privacy Policy. Per Google's Gemini API terms, paid-tier inputs are not used to train Google's models.

Other AI providers may appear in the App's source code as inactive fallbacks; none is enabled in production at the time of this policy's last update. If we ever enable an additional AI provider, we will update this section and re-request your consent.

What is sent, and what is not

• Sent to Google: the photograph you choose to upload (as image bytes over TLS), plus the text prompt selected from a template or written by you.
• Not sent: your email address, account identifier, name, payment information, device identifiers, contacts, location, or any other personal data.
• We do not use your photos to train AI models, and Google does not use Gemini API paid-tier inputs for training.
• Generated images are stored in your private gallery and can be deleted at any time.

Face Data

The App does not collect, process, or store face data in the form of biometric identifiers or templates. Specifically, the App does not:

• Perform face recognition or face identification
• Extract facial landmarks, face geometry, or biometric templates from your photos
• Use FaceID, ARKit/Vision face APIs, ML Kit face detection, or any other face/biometric SDK
• Create any biometric profile that could uniquely identify a person from their face

The photographs you upload may contain your face (or the faces of people you photograph), but they are sent to our generative AI image provider (Google Gemini) only as a visual reference to render a new AI-generated composite image. No facial embeddings, biometric templates or face IDs are derived or stored by the App. The original uploaded photograph is retained only as long as needed to fulfill your generation request and is then deleted from our storage.

4. Data Retention

• Uploaded original photos are retained only as long as necessary for generation processing (typically minutes) and are then deleted from our storage.
• Generated images are stored in your private gallery and are automatically deleted after 30 days unless you mark them as favorites, in which case they are kept indefinitely. You can delete any generated image at any time.
• Account data is retained as long as your account is active.
• If you delete your account, all associated data (photos, account information, transaction history) will be permanently deleted within 30 days.

5. How to Delete Your Account

You can delete your account at any time directly from the App, without contacting support:

1. Open the App and sign in.
2. Go to Profile.
3. Scroll to the bottom and tap Delete account.
4. Confirm the action in the two confirmation dialogs.

When you confirm account deletion:

• All photos you have generated, including the original photos you uploaded and the AI-generated images, are permanently deleted immediately from our servers and object storage.
• Any photos you had published in the public Showcase are removed from the Showcase immediately.
• Your ratings, push notification tokens, referral records, notification preferences and authentication sessions are removed immediately.
• Your account record is anonymized (email, name, social-login identifiers and avatar are erased) and you will not be able to sign back in.
• Residual data (such as transaction records retained for legal/accounting purposes) is permanently purged within 30 days.

If you are unable to access the in-app option for any reason, you can also email us at [email protected] and we will process your deletion request within 30 days.

6. Third-Party Services

We use the following third-party services:

• Google Gemini API (Google LLC) — for generative AI image processing. Your uploaded photo and prompt are sent to Google over TLS to produce the requested AI image. See Google's Privacy Policy and Gemini API Terms. Paid-tier inputs are not used to train Google's models.
• Google Sign-In / Apple Sign-In — for authentication only (no image data is shared with these services).
• Apple App Store / Google Play Store — for processing in-app purchases.
• Cloud hosting providers (Cloudflare R2 and/or AWS S3) — for secure storage of your photos and account data.

Each third-party service has its own privacy policy governing the use of your information. We do not share your data with any AI service other than the one named above.

Equivalent protection. We have reviewed the privacy commitments of the third parties listed above (in particular Google LLC for Gemini API processing) and confirmed that they provide a level of protection for your personal data that is the same as, or equivalent to, the protection we provide ourselves — including encryption in transit, restricted purpose-of-use (image generation only), no training on paid-tier inputs, and contractual confidentiality and security obligations.

7. Children's Privacy

The App is not intended for children under 13 years of age (or under 16 in the European Union). We do not knowingly collect personal information from children. If we discover that we have collected information from a child under these age limits, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

8. Your Rights (GDPR)

If you are a resident of the European Economic Area, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to the processing of your personal data
• Right to restrict processing — request that we limit the use of your data

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL)
• Secure storage of passwords (hashed, never stored in plain text)
• Regular security assessments
• Access controls and authentication for internal systems

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the App or sending you an email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.