Effective date: December 15, 2022
- Prisma Labs, Inc. and our relevant affiliates are referred to as “Prisma Labs,” “we”, “us”, and “our.”
- Our mobile application Lensa Photo Editor is referred to as “Lensa” or “application”
- Users are referred to as “users”, “you” or “your”, as applicable.
- Your use of the applications (including downloading, installing, registering with, accessing, or otherwise using it) is referred to as “Use”.
A small note on how Magic Avatars feature works.
Lensa uses a Neural Network Model Stable Diffusion that allows users to generate personalized Magic Avatars (“Avatars”).
- Users upload 10 to 20 photos and select their gender.
- Using these data, a copy of the Stable Diffusion model is retrained to personalize the model
- After the model copy is retrained, it generates the Avatars
- After the Avatars are generated, the copy of the model, along with uploaded photos, are deleted permanently from our servers
- We do not use your Personal Data to generally train and/or create our separate artificial intelligence/products.
We do our best to moderate the parameters of the Stable Diffusion model, however, it is still possible that you may encounter content that you may see as inappropriate for you.
By Using Lensa, you understand and agree that we are providing you with tools for editing and adjusting photos and videos that you upload, and, if you so request, for generating or creating new content from them, for example with our Magic Avatars feature.
- We collect offline or on any of our other apps (e.g., Prisma) or websites, including websites you may access through Lensa.
- You provide to or that is collected by any third party (e.g., any third-party application or website, even if the link to it is accessible through Lensa).
1. INFORMATION WE COLLECT AND HOW WE COLLECT IT
We may collect several types of information, including but not limited to Personal Data, from and about you:
- Directly from you when you provide it to us.
- Automatically when you Use Lensa. Information collected automatically may include Usage details and internet protocol (“IP”) addresses.
- From third parties, for example, our Service Providers (as defined below).
2. INFORMATION YOU PROVIDE TO US DIRECTLY
When you Use Lensa, you usually provide to us certain information, including your Personal Data:
- Photos and (or) videos that you upload to Lensa, for example to use the Magic Avatars feature. Please note that we always delete all metadata that may be associated with your photos and (or) videos by default (including, for example, geotags) before temporarily storing them to our systems.
Some editing features may use TrueDepth API (developed by Apple) technologies that provide information about facial position, orientation, and topology. Such information is used only on-device and is never stored on our servers. For more information about TrueDepth API processing of your photos and videos, you may visit the following link.
We can access your photos and videos only after you grant us permission to access your camera or your devices’ photo library. You provide such a permission through the request that appears on your mobile device (it may differ depending on your device operating system). You may revoke permission to access your camera or photo library through the settings on your mobile device, and here’s how to do it.
If you use an iOS device:
- On your iPhone or iPad open the Settings app.
- Scroll down and tap “Privacy”.
- Tap “Camera” or “Photos”.
- Next to Lensa, toggle the permissions switching on or off.
If you use an Android device:
- On your device open the Settings app.
- Tap “Apps”.
- Tap “Lensa”. If you can’t find it, tap “See all apps”. Then, choose Lensa.
- Tap “Permissions”.
- To change a permission setting, tap it, then choose “Allow” or “Don’t allow”.
- Information about your gender: When you use our Magic Avatars feature, we ask you about your gender. This information is used by the AI model solely to generate the Avatars in accordance with the indicated gender: for example, if you choose to identify your gender as a female, then you will receive conventionally more feminine-like Avatars.
- Your email: When you create an account with Lensa, we ask you to provide your email that will be further used for your sign-in process.
- If you contact us, records, copies of your correspondence with us and contact details that you have provided us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted online or offline), in order to investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other ssers inquiries in relation to Lensa.
3. INFORMATION WE COLLECT AUTOMATICALLY
When you Use Lensa, we may automatically collect certain data about you. This data is needed for operation of Lensa and, among others, may be used for in-app analytics or marketing purposes. The data we collect automatically includes:
- Device information: Information about your mobile device and internet connection, including your IP address, the device’s unique device identifier, operating system, and mobile network information.
- Usage details: Details of your Use of Lensa, including frequency of Use, areas and features of the application that you access and engagement with particular features. This information is used for in-app event analytics and, upon your consent, for marketing purposes.
- (If you have provided your consent) IDFA or Android Advertising ID, whichever is applicable to your device. If you want to disable the collection of IDFA and/or Android Advertising ID by Lensa, please follow the instructions below.
If you use an iOS device:
- Go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > Tracking.
- Tap to turn off or turn on permission to track for Lensa.
If you use an Android device:
- Open Settings app
- Navigate to “Privacy” > “Ads”
- Tap “Delete Advertising ID”
- Tap it again on the next page to confirm.
- Details about your in-app purchases. This data is used to provide you with the Services and for our in-app analytics.
Such automatically collected data helps us operate Lensa and improve it to deliver better service, including but not limited to enabling us to estimate our audience size, and understand how you use Lensa and what you like and dislike the most.
The technologies we use for automatic data collection may include:
We use third-party analytics tools, such as Google Firebase, Meta, AppsFlyer and Amplitude, to help us measure traffic and usage trends for Lensa. These tools collect information via third-party analytics software development kits incorporated into Lensa, which includes your pseudonymised user ID and the information about Lensa web pages you visit when following the links available to you on Lensa, your actions in Lensa application and basic information about the type of subscription you have. We collect and use this analytics information in an aggregated manner with analytics information from other ssers so that it cannot reasonably be used to identify any particular user. For information on how third party analytics tools collect and process your data and to opt out of such collection and processing, generated by your Use of Lensa, please visit the following link or contact us at [email protected].
4. HOW WE PROCESS YOUR PHOTOS AND VIDEOS
We care about your privacy. With this in mind, most processing activities occur on your device only. There are, however, two exceptions to it: when you apply Art Styles to your photos and when you generate Avatars, since these functions require sophisticated computing resources to be performed.
- Art Styles. To apply Art Styles, you have to upload your original photo to Lensa. At this point, your photo is stored on our servers (provided by Amazon Web Services (USA)). It is needed for your convenience so that you don’t have to re-upload the original photo every time to apply any new Art Style. This also helps you spend less Internet traffic and makes the processing of Art Styled photos faster. We store your original photo on our servers for no longer than 24 hours. After 24 hours your original photo is deleted.
- Magic Avatars. In order to generate Magic Avatars, you have to upload 10-20 photos to Lensa. At this point, your photos are stored on our servers (provided by Amazon Web Services (USA)). Then, a copy of the Stable Diffusion model is created to be retrained with your photos to personalize the model and to create your Avatars. Immediately after the successful generation of Avatars, your original photos are deleted from our servers. Your purchased Avatars are stored on our servers so that they remain accessible to you in Lensa at any time and from any device until you decide to delete them.
You can also always request us to delete your photos or Avatars by contacting us at [email protected].
- We do not use photos, videos or Avatars to identify any individual user.
- We do not use your photos, videos or Avatars for authentication, advertising, or marketing purposes, or to otherwise target a user in a similar manner.
- We do not use your photos, videos or Avatars to build a user profile, or otherwise attempt, facilitate, or encourage third parties to identify anonymous users or reconstruct user profiles based on your photos, videos or Avatars.
- We do not transfer, share, sell, or otherwise provide your photos, videos or Avatars to advertising platforms, analytics providers, data brokers, information resellers or other such parties.
5. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
We use your information other than photos and videos for the following purposes:
- To provide you with support and to respond to your inquiries. If you share your Personal Data (including your name and contact information) to ask a question about Lensa, we will use that Personal Data to investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other users inquiries in relation to Lensa. It is our legitimate interest to provide you with high-quality support.
- To notify you about changes to Lensa or any products or services we offer or provide through Lensa, including by sending you technical notices, notices about your account/subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages, which we may send through an in-app or a push notification (you may opt-out of push notifications by changing the settings on your mobile device). It is our legitimate interest to keep you updated on your use of Lensa.
- To present to you and others with Lensa and its contents and any other information, products or services that you request from us. We do so to provide you with the services according to our contractual obligation.
- To monitor aggregated metrics such as total number of users, traffic, and demographic patterns (including via Service Providers as specified in Section 7). It is our legitimate interest to make aggregated analytics of our audience as it helps us understand our business metrics and improve our product.
- To provide, improve, test, and monitor the effectiveness of Lensa in an aggregated manner. It is our legitimate interest to make analytics of our audience as it helps us understand our product and business metrics.
- When you choose to use the Magic Avatars feature, you provide your gender identification, which is used to retrain the separate copy of the Stable Diffusion model to generate Avatars based on your particular photos. It is our contractual obligation to ensure that we provide you with the requested service. This data is deleted immediately after the Avatars are successfully generated.
- In order to apply Art Styles, for you to use them faster and more conveniently, we store your original photo for 24 hours. After 24 hours your original photo will be deleted.
- To provide personalized content and information to you in relation to Lensa, which could include online ads or other forms of marketing (including via email). We do so upon your explicit consent.
- Upon users’ consent, for marketing purposes in order to find audiences similar to our users. For this processing we share, among others, users’ Use details, device information, and in-app purchase details with our third-party advertising partners.
We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or authorized by you in accordance with this Section 5 or collect any Personal Data that is not required for the mentioned purposes (“purpose limitation principle”).
For any new purpose of processing that is not compatible with any of the purposes mentioned above, we will ask for your separate explicit consent.
To the extent necessary for any of the processing purposes, we take all reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete and current. We also undertake to collect only such amount and types of your Personal Data that are strictly required for the purposes mentioned in this Section 5 (“data minimization principle”).
6. YOUR RIGHTS
Access, modification, correction and erasure. You can send us an email at [email protected] to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
EEA/UK residents. Individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (SI 2020/1586), as may be amended from time to time (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below. You can exercise these rights by contacting us (for contact information, please, see How to Contact Us Section).
- Access to your Personal Data: You have a right to request information about whether we have any Personal Data about you, to access your Personal Data (including in a structured and portable form) that you have provided to us, when Using Lensa and that we have about you. You can do this by contacting us.
- Restriction of processing: You also have the right to demand restriction of processing of your Personal Data, for example, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
- Erasure of your Personal Data: If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent, or object to the processing of your Personal Data, or where the processing of your Personal Data does not otherwise comply with the GDPR, or if your Personal Data have to be erased for compliance with a legal obligation under EU or EU member state law, you have the right to contact us and ask us to erase such Personal Data. Please be aware that erasing some Personal Data may affect your ability to Use Lensa.
- Right to portability of your Personal Data: If we process your Personal Data on the basis of your consent, or if this is necessary for the performance of our contract, you have the right to request us to receive any Pesonal Data you provided us in a structured, commonly used and machine-readable format. You may further ask us to give that Personal Data to another party.
- Right to object processing or otherwise using your Personal Data: Where we are processing your Personal Data based on our legitimate interest, you may object to the processing or otherwise using your Personal Data. You can do this by contacting us. Please be aware that our inability to process or otherwise use some of your Personal Data may affect your ability to Use Lensa. If you have opted in to receiving marketing communications, you have the right to opt out of those at ay time.
- Right to withdraw your consent at any time: Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority: Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) here.
Residents of California, Virginia, Colorado, Utah, and Connecticut may have statutory rights under state comprehensive privacy law including the rights specified below. You can exercise these rights by contacting us (for contact information, please, see How to Contact Us Section).
- Right to request the categories of Personal Information collected about you. Lensa will provide, where relevant and required by law, the types of data we collect.
- Right to request the categories of sources from which your Personal Information is collected. Lensa will provide, where relevant and required by law, the types of tools and organizations we use to collect data.
- Right to request the business or commercial purpose for collecting your Personal Information. Lensa will provide, where relevant and required by law, the purposes to collect data.
- Right to request the categories of third parties to whom Personal Information is disclosed, and the categories of Personal Information disclosed. Lensa will provide, where relevant and required by law, information regarding the other organizations that may receive your Personal Information.
- Right to request the specific pieces of Personal Information collected about you. Lensa will provide, where relevant and required by law, your Personal Information.
- Right to request that Personal Information collected about you be deleted. We may keep Personal Information for legal reasons but will accommodate deletion requests when required. Please be aware that erasing some Personal Data may affect your ability to Use Lensa.
- Request that your inaccurate Personal Information be corrected. If you believe your Personal Information is not correct you may provide Personal Information to replace the erroneous data.
- Request that Lensa does not sell or share your Personal Information. Each state may interpret a “sale” of Personal Information differently, however, if you are a resident of the states above or Nevada and request that your Personal Information not be sold Lensa will honor that request. Individuals in California may request their information not be shared with any third party.
Please keep in mind that in case of a vague request to exercise any of the aforementioned right we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request.
Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your user or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.
Please note that we will process your request within 1 month after receiving it. We may extend this period by two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know within one month from your request. We will not discriminate against you for exercising your rights under the law.
Opting Out of Promotional Emails
IF REQUIRED BY LAW, WE WILL ASK FOR YOUR CONSENT TO SEND YOU PROMOTIONAL AND MARKETING EMAILS. IF YOU WISH TO OPT-OUT OF OUR PROMOTIONAL AND MARKETING EMAILS, YOU CAN OPT-OUT FROM OUR PROMOTIONAL AND MARKETING EMAIL LIST BY USING ANY OF THE FOLLOWING METHODS:
- by following the opt-out links in any marketing email sent to you; or through Lensa settings on your mobile device; or
- by contacting us at any time using the contact details in How to Contact Us Section.
7. SHARING OF COLLECTED INFORMATION
We do not rent or sell your Personal Data, including photos and videos, to any third parties outside the Company or its Affiliates (as defined below).
Parties with whom we may share your Personal Data.
We may share your Personal Data with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries (“Affiliates”). The Affiliates act as our data processors and may perform data processing on our behalf (e.g., providing technical support or conducting analytics). Such Affiliates are bound by appropriate contractual safeguards in place.
Our Affiliates are:
- Palta People Ltd, based in Cyprus (data processor for most of the internal processing activities)
- Palta Software Ltd, based in Cyprus (data processor for the purpose of internal analytics)
Such Service Providers include:
- cloud providers Google Cloud Platform and Amazon Web Services, which we use when you choose to upload your photos or videos to Lensa,
- email delivery services, and
- Third-party advertising partners (for information on how third-party advertising partners collect and process your data and to opt out of such collection and processing, please visit this link). Upon your consent, we send some of your Personal Data (e.g., your device information and details about your in-app purchases) for marketing and promotional purposes to our advertising partners (e.g., AppsFlyer, Meta). By these means, we are able to reach you and people like you on various platforms.
What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of the Company or our assets to another organization (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other collected information may be among the items sold or transferred.
Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
8. DATA SECURITY
We use reasonable and appropriate information security safeguards to help keep the collected information secure and to secure it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your collected information, we cannot guarantee the security of the collected information transmitted to or through Lensa or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your collected information is at your own risk. We are not responsible for the circumvention of security measures contained in Lensa. Please understand that there is no ideal technology or measure to maintain 100% security. Among others, we utilize the following information security measures:
- Encryption of your Personal Data in transit and in rest.
- All collected information is stored on our secure servers behind firewalls.
- Organizational and legal measures. For example, our employees and employees of our subsidiaries have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of Lensa. We impose strict liability on such employees for any disclosures, unauthorized accesses, alterations, destructions and misuse of your Personal Data.
- Conducting periodical data protection impact assessments in order to ensure that the Company fully adheres to the principles of “privacy by design”, “privacy by default” and others. We also commit to undertake a privacy audit in case of the Company's merger or takeover.
The safety and security of your information also depend on you. Your privacy settings may also be affected by changes to the social media services, through which you may share your photos and videos. We are not responsible for the functionality, privacy, or security measures of any other organization.
If you want to report a security incident related to Lensa, please contact us at [email protected].
Contacting us: You can provide your feedback or report a technical issue by using the ”Send Feedback“ button in Lensa settings. The email will be sent from your email to [email protected], and the message will contain the following diagnostics information that will help us to resolve your issue/address your request:
- Phone model
- Device OS and version
- App version
- User device ID
- Remaining space
This information is used to assess your feedback and/or identify the problem if you are reporting one and is NOT USED to identify users individually.
9. DATA RETENTION
- Your Personal Data, other than photos, videos and Avatars. Normally, the retention term would be the term of your account existence. It means that we will retain your Personal Data, other than your photos, videos or Avatars, until you delete your account or request us to delete your data (by contacting us at [email protected]). Please note that deletion of Lensa application does not imply the deletion of your account and your data!
- Your original photos and videos that you upload for editing are processed on your device only and are not stored with our servers unless you choose to apply Art Styles to your photos. In case of applying Art Styles, your original photo is stored on our server for 24 hours. We need it to allow you edit photos more smoothly, so that you do not have to re-upload your original photo multiple times to apply different Art Styles. Moreover, such an approach helps you spend less Internet traffic and makes the processing of Art Styled photos faster.
- Your original photos that you upload to generate Avatars are deleted immediately after successful Avatars generation. At the same time, your Avatars are stored on our servers (provided by Google Cloud Platform (Ireland and USA) and Amazon Web Services (USA)) to be available to you at any time from any device until you decide to delete them (e.g., within the app or via a request you send us at [email protected]).
We may retain your Personal data in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.
10. CROSS-BORDER TRANSFERS
The Company is incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States or in other countries.
Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
As to the location of our servers, we use AWS servers located in the USA for Lensa operation, while our analytics operations are processed both on the servers provided by AWS (located in the USA) and by Google LLC (located in the Republic of Ireland).
For further information please contact [email protected]
General age limitation. Lensa is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use Lensa. If you are under 13, do not: (i) Use or provide any information in Lensa or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. In the event that we learn that we have collected or received any Personal Data from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us (for contact information, please, see How to Contact Us Section).
Age limitation for EEA residents. Due to requirements of the GDPR, you shall be at least 16 years old in order to Use Lensa. To the extent prohibited by applicable law, we do not allow Use of Lensa by the EEA residents younger than 16 years old. If you are aware of anyone younger than 16 Using Lensa, please contact us (for contact information, please, see “How to Contact Us” Section), and we will take the required steps to delete the information provided by such persons.
12. OTHER WEBSITES AND SERVICES
13. HOW TO CONTACT US, EEA/UK REPRESENTATIVE, AND DATA PROTECTION OFFICER
Prisma Labs, Inc.
Suite D2028 440 N Wolfe Rd Sunnyvale, CA 94085.
Office 902 Oval Krinou 3 Agios Athanasios 4103 Limassol, Cyprus
Email: [email protected]