Zivi Privacy Policy

1. Types of Information We Collect

1.1 Facial Data Collection

We collect facial data from the portrait photos you capture or upload to the App, including but not limited to:

• Two-dimensional facial feature coordinates (e.g., eye, nose, mouth, cheek, jawline, eyebrow contour positions and shapes);
• Facial contour edge information (to support contour extraction);
• Facial proportion and structural data (to ensure accurate generation of line art portraits);
• Pixel-level facial image data (original or compressed portrait photos containing facial features).

Collection methods for facial data:

• Active upload: You voluntarily upload portrait photos containing facial features through the App's upload function;
• In-app shooting: You use the App's built-in camera function to take and capture portrait photos containing facial features;
• Local cache: Temporary caching of facial data during the process of generating line art portraits (stored in the local device memory and not uploaded proactively unless necessary for AI processing).

Other collected information:

• Personal Identification Information: Optional email address (for account creation), device information (device model, OS version, unique device identifiers).
• Image/Content Data: Portrait photos you capture or upload to the App for the purpose of generating line art portraits (including the facial data mentioned above).
• Usage Data: Information about how you use the App (e.g., style preferences (simple/retro/artistic), feature usage frequency, interaction history).
• Technical Data: IP address, network type, app crash logs (if enabled), and other technical information necessary for service operation.

2. Purpose of Information Use

2.1 Detailed Use of Facial Data

All collected facial data is used exclusively for the following core functions of the App, with no additional or unauthorized use scenarios:

• AI Facial Contour Extraction: Analyze and extract the contour and key feature points of the face from the uploaded/shoot portrait photos to form a facial contour framework;
• Style-Based Line Art Generation: Based on the selected style (simple/retro/artistic), use facial contour and feature data to add hand-drawn lines to the contour framework, forming a combined portrait of line drawing and realism;
• Preview and Adjustment: Temporarily use facial data to display the generated line art portrait in the App for your preview, modification, or re-generation operations;
• Local Storage of Generated Results: At your request, store the finally confirmed line art portrait (derived from facial data) in the local device, and no facial raw data will be stored without your consent;
• Algorithm Optimization (Anonymized): Anonymize facial data (remove all personal identifiable information) and use it to optimize the accuracy and effect of AI contour extraction and line art generation algorithms, without associating with any individual user.

We use the collected information for the following legitimate purposes:

• To provide, operate, and maintain the Zivi App's core functions (AI portrait contour extraction, line art generation).
• To improve and optimize the App's performance, user experience, and AI algorithm accuracy.
• To respond to user inquiries, provide customer support, and resolve technical issues.
• To enforce our Terms of Service and protect the security of our services and users.
• To send important notifications (e.g., policy updates, service changes) with your consent where required by law.

3. Third-Party Service Data Processing

Zivi integrates with the third-party AI service [OpenRouter] to implement core AI facial contour extraction and line art generation functions. The details of data processing with OpenRouter are as follows:

• Data Transmitted to OpenRouter: To complete the AI generation function, we will transmit the facial data (including facial feature coordinates, contour edge information, facial proportion data, and pixel-level facial image data) extracted from your uploaded/shoot portrait photos to OpenRouter's AI service platform;
• Use Scenarios of OpenRouter: OpenRouter only uses the transmitted facial data to provide AI algorithm support for Zivi's core functions (facial contour extraction, style-based line art generation). This processing is necessary to transform your photo into the requested artistic line art format. OpenRouter may temporarily store the transmitted facial data for a maximum of 24 hours. This limited storage is strictly for technical purposes: to ensure the successful completion of the AI generation request and to allow for immediate reprocessing if a technical error occurs during the initial generation. OpenRouter does not store facial data indefinitely and does not use it for training its own models or for any unauthorized purposes;
• Local Storage of Facial Data: The original facial data collected by the App is first stored locally on your device (mobile phone/tablet, etc.). When you initiate the AI generation request, the necessary facial data is transmitted to OpenRouter, and the local device will retain a copy of the facial data (raw data or generated results) only if you explicitly select to save it;
• Data Protection Capability of OpenRouter: OpenRouter has data protection capabilities equal to or higher than the industry standard and Zivi's own protection level, including but not limited to: compliance with international data protection laws (GDPR, CCPA, etc.), implementation of end-to-end encryption for data in transit, AES-256 encryption for data at rest, strict access control mechanisms, regular security audits and vulnerability scans, and commitment to not using or disclosing Zivi user data for non-agreed purposes;
• Other Third-Party Services:
  • Payment processors (e.g., Apple Pay, Google Pay) for handling in-app purchases (no personal data is shared beyond what is necessary for payment processing).
  • Analytics services (e.g., Firebase Analytics) to analyze App usage (data is anonymized where possible).
  • Cloud storage providers for securely storing user-generated content (encrypted at rest).

We only work with third-party service providers that comply with data protection laws and maintain adequate security measures. We do not allow third parties (including OpenRouter) to use your data for their own marketing purposes. We have signed a strict data processing agreement with OpenRouter, which clearly stipulates the scope of data use, processing limits, security obligations, and liability for breach of contract.

4. Information Sharing Scenarios

We do not sell your personal information (including facial data) to any third parties. We may share your information (including facial data) only in the following limited circumstances:

• Sharing with OpenRouter: As the core AI service provider for Zivi, we share facial data with OpenRouter solely for the purpose of implementing AI portrait contour extraction and line art generation functions. The sharing behavior is limited to the data necessary for completing the user's current generation request, and the sharing process is encrypted and authorized;
• With your explicit consent (e.g., sharing generated portraits to social media platforms, or authorizing other third-party services to access your facial data);
• To comply with legal obligations (e.g., responding to court orders, subpoenas, or regulatory requests);
• To protect the rights, property, or safety of Zivi, our users, or the public (e.g., preventing fraud or harmful activities);
• In connection with a business transaction (e.g., merger, acquisition, or sale of assets, with notice to users, and the acquirer must assume the same data protection obligations as Zivi).

5. Security Measures

We implement reasonable technical and organizational security measures to protect your data (especially facial data) from unauthorized access, disclosure, alteration, or destruction:

• Encryption of data in transit (HTTPS/TLS 1.3) and at rest (AES-256 encryption for stored images and facial data);
• Access controls to limit employee access to personal data (including facial data) on a need-to-know basis;
• Regular security audits and vulnerability assessments of our systems and the systems of cooperative third parties (including OpenRouter);
• Secure data storage with reputable cloud service providers that meet industry security standards;
• Automatic clearing of temporary facial data in the App's memory after the completion of AI generation (unless the user chooses to save it locally);
• Strict data processing agreements with third parties (including OpenRouter) to clarify security responsibilities and breach liability.

While we take reasonable precautions, no data transmission or storage system is 100% secure. You acknowledge that you provide information at your own risk.

6. User Rights Regarding Personal Data

You have the following rights regarding your personal data (including facial data) under applicable privacy laws (e.g., GDPR, CCPA):

• Right to access: Request a copy of the personal data (including facial data) we hold about you, and a detailed record of data sharing with OpenRouter;
• Right to correction: Request correction of inaccurate or incomplete personal data (including facial feature data);
• Right to deletion: Request deletion of your account and associated data (including all facial data stored by us and a request for OpenRouter to delete the corresponding facial data, subject to legal retention requirements);
• Right to data portability: Request a copy of your data (including facial data) in a machine-readable format;
• Right to withdraw consent: Where we rely on your consent for data processing (including sharing with OpenRouter), you may withdraw it at any time, and we will stop the corresponding data processing and request OpenRouter to stop using and delete the relevant data (subject to legal restrictions).

To exercise these rights, please contact us at Zivi@gmail.com with your request.

7. Retention Period of Facial Data

We strictly limit the retention period of facial data and will not retain it for longer than necessary to achieve the intended purposes:

• Temporary Processing Data (OpenRouter): The facial data transmitted to OpenRouter for AI generation will be retained by OpenRouter only for the duration required to complete the processing of the current generation request (strictly capped at 24 hours). We retain this data for this specific length of time to guarantee service reliability and provide a seamless user experience in case of transient network or processing failures. The data is automatically and permanently deleted after this period. Zivi will not retain the raw facial data transmitted to OpenRouter after the generation is completed;
• Locally Stored Data: If you choose to save the generated line art portrait (derived from facial data) locally on your device, the data will be retained on your device until you manually delete it (we do not have access to or control over locally stored data);
• Anonymized Algorithm Optimization Data: Anonymized facial data used for algorithm optimization will be retained in a non-identifiable form for up to 12 months. This storage duration is necessary to allow our engineering team to evaluate algorithm performance across seasonal updates and different device versions. After this period, it will be permanently deleted or anonymized to the point of being irreversibly unidentifiable;
• Legal Retention Requirements: If required by law or regulatory requirements, we will retain the necessary facial data for the period specified by law (usually up to 7 years), and will delete it immediately after the retention period expires;
• Account Deletion: If you request to delete your account, we will delete all facial data associated with your account within 7 working days (including requesting OpenRouter to delete the corresponding data), except as required by law.

8. Children's Privacy Protection

Zivi is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information (including facial data) from children under this age.

If we become aware that we have collected personal information (including facial data) from a child without parental consent, we will take steps to delete such information promptly (including requesting OpenRouter to delete the corresponding facial data). Parents or guardians who believe their child has provided information to us may contact us at Zivi@gmail.com to request deletion.

9. Policy Update Mechanism

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices (including changes in cooperation with third parties such as OpenRouter).

• We will notify you of material changes by posting the updated policy in the App and/or sending a notification to your registered email (if applicable).
• Updated policies will take effect 30 days after notification, unless required by law to take effect sooner.
• Your continued use of Zivi after the effective date of the updated policy constitutes your acceptance of the changes.
• We will retain a history of previous versions of this policy in the App for your reference.