Privacy Policy

Effective Date: 14 April 2026

Last Updated: 14 April 2026

This Privacy Policy explains how Untitled Labs Limited("Fraw," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal information when you use the Fraw mobile application, website, software, official functions, extensions, creator tools, and related services (collectively, the "Service").

By using the Service, you acknowledge that your information will be handled as described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Scope of This Policy

This Privacy Policy applies to personal information we collect when you:

  • create or use a Fraw account;
  • subscribe to a plan or purchase top-up credits;
  • use official features such as Official Extensions or Rebuild / Blend;
  • create, edit, publish, or use extensions;
  • participate in referral, reward, or creator programs;
  • contact us for support;
  • visit our website or interact with our communications;
  • otherwise use the Service.

This Privacy Policy does not apply to third-party services that may be linked to or integrated with the Service, such as app stores, payment processors, analytics providers, or other third-party platforms, which are governed by their own privacy policies.

2. Information We Collect

We may collect the following categories of information.

2.1 Information You Provide Directly

Information you provide when you use the Service may include:

  • name, username, display name, or profile information;
  • email address, phone number, or other contact details;
  • login credentials or authentication information;
  • subscription, billing, or purchase-related information;
  • prompts, text, files, images, or other content you submit;
  • extension names, descriptions, configurations, and related creator content;
  • support requests, feedback, reports, or communications you send to us;
  • identity verification, tax, or payout information if you apply for or use creator withdrawal features.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect certain technical and usage information, including:

  • device type, operating system, app version, browser type, and language settings;
  • IP address, approximate location derived from IP, and general region;
  • identifiers associated with your device, app installation, or account;
  • crash logs, diagnostic data, performance data, and error reports;
  • usage data such as pages viewed, features used, button clicks, session duration, and timestamps;
  • transaction and activity logs relating to credits, subscriptions, top-ups, official functions, extensions, referrals, and creator activity.

2.3 Information From Third Parties

We may receive information from third parties such as:

  • app stores and payment processors regarding transactions, subscriptions, renewals, refunds, and chargebacks;
  • authentication providers if you sign in through third-party login tools;
  • analytics, security, fraud-prevention, and hosting providers;
  • identity verification or payout providers where applicable.

2.4 User Content and Generated Content

We may collect and process prompts, uploaded content, extension-related data, generated outputs, and other inputs and outputs associated with your use of the Service. This may include:

  • text prompts;
  • image uploads;
  • generated images or transformations;
  • extension configurations;
  • creator publication data;
  • moderation and review information.

3. Face Data and Facial Image Processing

Some features of the Service allow you to upload, capture, edit, transform, rebuild, blend, or otherwise process images that may contain a human face. This section describes in detail what Face Data we collect, how we use it, whether it is shared, where it is stored, and how long it is retained.

3.1 What Face Data We Collect

For purposes of this Privacy Policy, "Face Data" means photographs or images containing human faces that you voluntarily upload, capture via your device camera, or otherwise submit to the Service, together with any facial geometry, facial landmarks, facial contours, facial positioning, or similar face-related characteristics that may be derived from those images during processing. This definition is intended to cover the types of face-related information commonly treated as Face Data under Apple's developer guidelines.

Specifically, the app may collect the following Face Data when you use image-related features:

  • photographs or images containing human faces that you upload from your device photo library or capture using your device camera;
  • facial characteristics derived from those images during server-side AI processing, such as facial positioning and geometry, used solely to generate the requested image transformation;
  • the resulting AI-generated or AI-transformed output images, which may also contain facial imagery.

The app does not use the TrueDepth camera, ARKit, or any on-device facial recognition or face-mapping framework. All face-related processing occurs on our servers or through our third-party AI service providers.

3.2 How We Use Face Data

We use Face Data exclusively to provide the image-processing features you request. Specifically, Face Data is used to:

  • apply AI-powered image transformations you initiate, including Rebuild, Blend, style transfer, and Extension-based image generation;
  • transmit your uploaded image to our server and, where necessary, to a third-party AI image-generation provider to produce the requested output;
  • return the generated or transformed image to you within the app;
  • save the original and generated images to your account gallery if you choose to keep them;
  • detect and prevent abuse, fraud, or policy violations (for example, content moderation to block prohibited imagery);
  • comply with applicable legal obligations and enforce our Terms of Service.

3.3 We Do Not Use Face Data To

We do not use Face Data to:

  • identify you as a real-world person;
  • perform facial recognition for authentication or identity verification;
  • build a facial-recognition profile or template of any user;
  • determine your race, ethnicity, religion, health status, sexual orientation, or other sensitive attributes;
  • serve advertising, marketing, or use-based data mining, including by third parties, in compliance with Apple App Store Review Guideline 5.1.2(vi);
  • sell or rent Face Data to any third party;
  • train general-purpose machine-learning models unrelated to providing the Service to you.

3.4 Sharing of Face Data with Third Parties

We do not sell, rent, or trade Face Data. We may share Face Data only in the following limited circumstances:

  • Third-party AI image-generation providers: When you initiate an image transformation, your uploaded image (which may contain a face) is transmitted to a third-party AI service provider solely to generate the requested output. These providers process the image only as instructed by us, are contractually prohibited from retaining or using your images for their own purposes, and are bound by data-processing agreements that require them to delete input images after processing is complete.
  • Cloud hosting and storage providers: Original and generated images are stored on secure cloud infrastructure (Google Cloud Storage) operated by our hosting provider, who acts as a data processor under our instructions and contractual safeguards.
  • Legal and safety reasons: Where necessary to comply with law, legal process, or valid governmental requests, or to investigate fraud, abuse, or security issues.

No other third parties receive access to your Face Data.

3.5 Where Face Data Is Stored

Face Data is stored on secure cloud servers provided by our hosting provider (Google Cloud Platform). Data may be processed and stored in regions outside your country of residence; see Section 10 (International Data Transfers) for more information. Face Data is encrypted in transit (TLS) and at rest using industry-standard encryption.

3.6 Retention of Face Data

We retain Face Data as follows:

  • Temporary processing images: Images uploaded for AI processing that are not saved to your account gallery are automatically deleted from our servers within 24 hours after the generation is complete.
  • Gallery images: If you choose to save generated images to your account, the original and generated images are retained in your account for as long as your account is active, or until you delete them. You may delete individual images at any time through the app.
  • Account deletion: When you delete your account, all associated Face Data (including gallery images) is deleted from our servers within 30 days, except where retention is required by law or to resolve pending disputes.
  • Third-party AI providers: Our third-party AI image-generation providers are contractually required to delete input images promptly after processing and do not retain your Face Data.

3.7 Face Data Security

We apply reasonable technical, administrative, and organizational safeguards designed to protect Face Data from unauthorized access, loss, misuse, alteration, or disclosure, including encryption in transit and at rest, access controls, and regular security reviews.

4. How We Use Information

We may use personal information for the following purposes:

4.1 To Provide and Operate the Service

We use information to:

  • create and manage accounts;
  • authenticate users;
  • provide subscriptions, credits, top-ups, and official functions;
  • enable private and published extensions;
  • process creator participation and reward eligibility;
  • operate referral, promotional, and reward programs;
  • provide generated outputs and related features.

4.2 To Process Payments and Transactions

We use information to:

  • process subscriptions, renewals, top-up purchases, and related transactions;
  • verify purchases;
  • detect and resolve payment issues;
  • manage refunds, cancellations, chargebacks, and billing disputes.

4.3 To Improve and Maintain the Service

We use information to:

  • analyze feature usage and engagement;
  • monitor performance, crashes, errors, and system health;
  • improve product quality, usability, and safety;
  • develop new features and services;
  • train, evaluate, or improve internal systems, subject to applicable law and internal controls.

4.4 To Enforce Rules and Protect the Platform

We use information to:

  • detect fraud, abuse, spam, and suspicious activity;
  • investigate self-dealing, manipulation, referral abuse, or creator misuse;
  • enforce our Terms, policies, and community rules;
  • protect the security, integrity, and reliability of the Service.

4.5 To Communicate With You

We may use information to:

  • send account, billing, subscription, or transactional notices;
  • respond to support requests;
  • provide service updates, security notices, or legal notices;
  • send marketing or promotional communications where permitted by law.

4.6 To Comply With Legal Obligations

We may use information to:

  • comply with laws, regulations, court orders, and lawful requests;
  • maintain tax, accounting, fraud, or audit records;
  • protect our legal rights and interests.

5. Legal Bases for Processing

Where required by applicable law, we process personal information on one or more of the following legal bases:

  • performance of a contract with you;
  • legitimate interests, such as operating, securing, improving, and enforcing the Service;
  • compliance with legal obligations;
  • your consent, where required;
  • other lawful bases permitted by applicable law.

6. How We Share Information

We do not sell your personal information in exchange for money. We may share personal information in the following circumstances.

6.1 Service Providers

We may share information with vendors and service providers that perform services on our behalf, such as:

  • hosting and cloud providers;
  • analytics providers;
  • payment processors;
  • identity verification providers;
  • customer support providers;
  • security and fraud-prevention providers;
  • infrastructure and communications providers.

These parties may process information only as necessary to perform services for us, subject to contractual or legal safeguards.

6.2 App Stores and Payment Platforms

Transactions made through Apple App Store, Google Play, or other platforms may involve data sharing with those platforms as necessary for billing, subscription management, verification, refunds, and compliance.

6.3 Other Users

If you publish an extension or otherwise use public-facing creator features, certain information may be visible to other users, such as:

  • your display name or creator name;
  • extension title, description, and related public metadata;
  • content you choose to make public through the Service.

6.4 Legal and Safety Reasons

We may disclose information where reasonably necessary to:

  • comply with law, regulation, or legal process;
  • respond to lawful requests by public authorities;
  • enforce our Terms and policies;
  • detect or prevent fraud, abuse, or security incidents;
  • protect the rights, safety, and property of Fraw, our users, or others.

6.5 Corporate Transactions

We may share information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, subject to applicable confidentiality and legal protections.

7. Official Functions, Extensions, and Creator Data

Because Fraw includes official functions, private extensions, and published extensions, we may process information related to:

  • official function usage;
  • extension creation and editing;
  • extension publication and moderation;
  • creator eligibility review;
  • creator rewards, Diamonds, or withdrawal processing;
  • anti-fraud and anti-self-reward enforcement;
  • user interaction with published extensions.

Where extensions are published for other users, we may collect and use usage data relating to those extensions for moderation, analytics, fraud prevention, feature improvement, and creator-program administration.

8. Referral, Rewards, and Fraud Prevention

If you participate in referral, rewards, or promotional programs, we may collect and use data relating to:

  • invitations sent or accepted;
  • referral attribution;
  • signup and conversion events;
  • account relationships;
  • device, payment, and account signals;
  • suspected abuse or manipulation.

We use this information to operate referral programs, determine eligibility, prevent fraud, enforce program rules, and protect platform integrity.

9. Data Retention

We retain personal information for as long as reasonably necessary to:

  • provide the Service;
  • maintain your account;
  • process transactions and creator rewards;
  • comply with legal, tax, accounting, and audit obligations;
  • resolve disputes;
  • enforce our agreements;
  • detect and prevent fraud or abuse.

Retention periods may vary depending on the type of data, the purpose of processing, and legal requirements.

We may retain de-identified, aggregated, or anonymized information for longer where permitted by law.

10. International Data Transfers

Your information may be processed in countries other than the one in which you live. These countries may have data protection laws that differ from those in your jurisdiction.

Where required by law, we take appropriate steps to protect personal information transferred across borders, including contractual safeguards or other recognized transfer mechanisms.

11. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information, such as the right to:

  • access personal information we hold about you;
  • request correction of inaccurate information;
  • request deletion of certain information;
  • request restriction of processing;
  • object to certain processing;
  • withdraw consent where processing is based on consent;
  • request portability of certain information;
  • opt out of certain marketing communications.

You may also manage certain information directly in your account settings, where available.

To exercise applicable privacy rights, contact us using the details in the "Contact Us" section below. We may need to verify your identity before fulfilling a request.

We may decline a request where permitted by law, including where the request is manifestly unfounded, excessive, or conflicts with legal obligations or the rights of others.

12. Marketing Communications

We may send you marketing or promotional communications where permitted by law.

You may opt out of marketing emails by using the unsubscribe link in the message or by contacting us. Even if you opt out of marketing messages, we may still send service-related, account-related, billing, security, and legal communications.

13. Children's Privacy

The Service is not intended for children below the age permitted under applicable law to use the Service without parental consent.

We do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided us with personal information unlawfully, please contact us so we can investigate and take appropriate action.

14. Security

We use reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for keeping your account credentials secure and for using the Service in a secure manner.

15. Third-Party Services and Links

The Service may contain links to or integrations with third-party websites, products, login systems, payment services, app stores, or tools.

This Privacy Policy does not apply to those third parties. Your interactions with those services are governed by their own terms and privacy policies.

16. Regional Disclosures

Depending on your jurisdiction, you may be entitled to additional disclosures or rights under local privacy laws. Where required, we may provide supplemental notices for specific regions.

If you operate or launch in markets with specific privacy-law requirements, such as the European Economic Area, United Kingdom, California, Japan, or Korea, region-specific addenda may be added to this Privacy Policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may provide notice through the Service, by email, or by other reasonable means, as required by law.

Your continued use of the Service after the updated Privacy Policy becomes effective means you acknowledge the revised policy.

18. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact us at:

  • Untitled Labs Limited
  • Address: 20/F, Harbourside HQ, 8 Lam Chak Street, Kowloon Bay, Kowloon
  • Support Email: enquiry@fraw.ai
  • Company Registration: 71095371