Privacy Policy

You can see our previous Privacy Policy here.

Effective date: December 15, 2022

Here are some important definitions to help you understand our terms and this Privacy Policy:

A small note on how Magic Avatars feature works.

Lensa uses a Neural Network Model Stable Diffusion that allows users to generate personalized Magic Avatars (“Avatars”).

  1. Users upload 10 to 20 photos and select their gender.
  2. Using these data, a copy of the Stable Diffusion model is retrained to personalize the model
  3. After the model copy is retrained, it generates the Avatars
  4. After the Avatars are generated, the copy of the model, along with uploaded photos, are deleted permanently from our servers
  5. We do not use your Personal Data to generally train and/or create our separate artificial intelligence/products.

We do our best to moderate the parameters of the Stable Diffusion model, however, it is still possible that you may encounter content that you may see as inappropriate for you.

We also encourage you to get acquainted with our Terms of Use to understand how we provide services to you.

We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy explains what we do with your Personal Data (as defined below) and allows you to manage your Personal Data effectively.

Please read this Privacy Policy carefully to understand our privacy practices. The purpose of our Privacy Policy is to explain what data we collect, how it is used and shared, and how you can control it. If you do not want us to process your Personal Data as it is described in this Privacy Policy, please do not Use Lensa.

By Using Lensa, you understand and agree that we are providing you with tools for editing and adjusting photos and videos that you upload, and, if you so request, for generating or creating new content from them, for example with our Magic Avatars feature.

If you have any questions about this Privacy Policy or Lensa, please contact us at [email protected] (for additional contact information, please, see Section 13 of this Privacy Policy “How to Contact Us”).

This Privacy Policy DOES NOT apply to the information that:

1. INFORMATION WE COLLECT AND HOW WE COLLECT IT

We may collect several types of information, including but not limited to Personal Data, from and about you:

2. INFORMATION YOU PROVIDE TO US DIRECTLY

When you Use Lensa, you usually provide to us certain information, including your Personal Data:

  1. On your iPhone or iPad open the Settings app.
  2. Scroll down and tap “Privacy”.
  3. Tap “Camera” or “Photos”.
  4. Next to Lensa, toggle the permissions switching on or off.

If you use an Android device:

  1. On your device open the Settings app.
  2. Tap “Apps”.
  3. Tap “Lensa”. If you can’t find it, tap “See all apps”. Then, choose Lensa.
  4. Tap “Permissions”.
  5. To change a permission setting, tap it, then choose “Allow” or “Don’t allow”.

3. INFORMATION WE COLLECT AUTOMATICALLY

When you Use Lensa, we may automatically collect certain data about you. This data is needed for operation of Lensa and, among others, may be used for in-app analytics or marketing purposes. The data we collect automatically includes:

  1. Go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > Tracking.
  2. Tap to turn off or turn on permission to track for Lensa.

If you use an Android device:

  1. Open Settings app
  2. Navigate to “Privacy” > “Ads”
  3. Tap “Delete Advertising ID”
  4. Tap it again on the next page to confirm.

Such automatically collected data helps us operate Lensa and improve it to deliver better service, including but not limited to enabling us to estimate our audience size, and understand how you use Lensa and what you like and dislike the most.

The technologies we use for automatic data collection may include:

We use third-party analytics tools, such as Google Firebase, Meta, AppsFlyer and Amplitude, to help us measure traffic and usage trends for Lensa. These tools collect information via third-party analytics software development kits incorporated into Lensa, which includes your pseudonymised user ID and the information about Lensa web pages you visit when following the links available to you on Lensa, your actions in Lensa application and basic information about the type of subscription you have. We collect and use this analytics information in an aggregated manner with analytics information from other ssers so that it cannot reasonably be used to identify any particular user. For information on how third party analytics tools collect and process your data and to opt out of such collection and processing, generated by your Use of Lensa, please visit the following link or contact us at [email protected].

4. HOW WE PROCESS YOUR PHOTOS AND VIDEOS

We care about your privacy. With this in mind, most processing activities occur on your device only. There are, however, two exceptions to it: when you apply Art Styles to your photos and when you generate Avatars, since these functions require sophisticated computing resources to be performed.

You can also always request us to delete your photos or Avatars by contacting us at [email protected].

Notwithstanding anything to the contrary elsewhere in this Privacy Policy:

5. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

We use your information other than photos and videos for the following purposes:

We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or authorized by you in accordance with this Section 5 or collect any Personal Data that is not required for the mentioned purposes (“purpose limitation principle”).

For any new purpose of processing that is not compatible with any of the purposes mentioned above, we will ask for your separate explicit consent.

To the extent necessary for any of the processing purposes, we take all reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete and current. We also undertake to collect only such amount and types of your Personal Data that are strictly required for the purposes mentioned in this Section 5 (“data minimization principle”).

6. YOUR RIGHTS

Access, modification, correction and erasure. You can send us an email at [email protected] to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

EEA/UK residents. Individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (SI 2020/1586), as may be amended from time to time (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below. You can exercise these rights by contacting us (for contact information, please, see How to Contact Us Section).

​​Residents of California, Virginia, Colorado, Utah, and Connecticut may have statutory rights under state comprehensive privacy law including the rights specified below. You can exercise these rights by contacting us (for contact information, please, see How to Contact Us Section).

Please keep in mind that in case of a vague request to exercise any of the aforementioned right we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your user or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.

Please note that we will process your request within 1 month after receiving it. We may extend this period by two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know within one month from your request. We will not discriminate against you for exercising your rights under the law.

Opting Out of Promotional Emails

IF REQUIRED BY LAW, WE WILL ASK FOR YOUR CONSENT TO SEND YOU PROMOTIONAL AND MARKETING EMAILS. IF YOU WISH TO OPT-OUT OF OUR PROMOTIONAL AND MARKETING EMAILS, YOU CAN OPT-OUT FROM OUR PROMOTIONAL AND MARKETING EMAIL LIST BY USING ANY OF THE FOLLOWING METHODS:

7. SHARING OF COLLECTED INFORMATION

We do not rent or sell your Personal Data, including photos and videos, to any third parties outside the Company or its Affiliates (as defined below).

Parties with whom we may share your Personal Data.

We may share your Personal Data with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries (“Affiliates”). The Affiliates act as our data processors and may perform data processing on our behalf (e.g., providing technical support or conducting analytics). Such Affiliates are bound by appropriate contractual safeguards in place.

Our Affiliates are:

We also may share your Personal Data, and other collected information with third-party organizations such as contractors and service providers that we use to support our business and who are bound by confidentiality and data protection terms (consistent with this Privacy Policy) to keep your Personal Data confidential and use it only based on our instructions (“Service Providers”).

Such Service Providers include:

For the avoidance of doubt, we do not share or transfer your photos, videos and Avatars to third parties (except temporarily storing your photos, videos and Avatars to our cloud providers Google Cloud Platform and Amazon Web Services to provide online processing function, and thereafter deleting such photos, videos and Avatars as described in this Privacy Policy). We use only secure places of storage, such as Google Cloud Platform and Amazon Web Services. Google LLC and Amazon Web Services, Inc. are located in the United States of America.

What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of the Company or our assets to another organization (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other collected information may be among the items sold or transferred.

Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

8. DATA SECURITY

We use reasonable and appropriate information security safeguards to help keep the collected information secure and to secure it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your collected information, we cannot guarantee the security of the collected information transmitted to or through Lensa or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your collected information is at your own risk. We are not responsible for the circumvention of security measures contained in Lensa. Please understand that there is no ideal technology or measure to maintain 100% security. Among others, we utilize the following information security measures:

The safety and security of your information also depend on you. Your privacy settings may also be affected by changes to the social media services, through which you may share your photos and videos. We are not responsible for the functionality, privacy, or security measures of any other organization.

Security breaches: If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email (if it was provided) and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in the Privacy Policy, we will also undertake particular actions to remedy the breach as appropriate under the circumstances, which may include, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.

If you want to report a security incident related to Lensa, please contact us at [email protected].

Contacting us: You can provide your feedback or report a technical issue by using the ”Send Feedback“ button in Lensa settings. The email will be sent from your email to [email protected], and the message will contain the following diagnostics information that will help us to resolve your issue/address your request:

This information is used to assess your feedback and/or identify the problem if you are reporting one and is NOT USED to identify users individually.

Contacting you: If you are using Lensa you may receive electronic communications from us (e.g., by posting in-app notices in Lensa, push notifications or emails). These communications may include notices about Lensa or its in-app subscriptions: e.g., changes/updates to features of Lensa and their scope, prices of in-app subscriptions, technical and security notices, as well as updates to this Privacy Policy and Lensa Terms of Use. Upon your consent, we will also share with you our marketing materials about new products, features or offers from Lensa and its affiliates.

9. DATA RETENTION

We may retain your Personal data in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.

10. CROSS-BORDER TRANSFERS

The Company is incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States or in other countries.

Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.

Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.

As to the location of our servers, we use AWS servers located in the USA for Lensa operation, while our analytics operations are processed both on the servers provided by AWS (located in the USA) and by Google LLC (located in the Republic of Ireland).

For further information please contact [email protected]

11. CHILDREN

General age limitation. Lensa is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use Lensa. If you are under 13, do not: (i) Use or provide any information in Lensa or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. In the event that we learn that we have collected or received any Personal Data from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us (for contact information, please, see How to Contact Us Section).

Age limitation for EEA residents. Due to requirements of the GDPR, you shall be at least 16 years old in order to Use Lensa. To the extent prohibited by applicable law, we do not allow Use of Lensa by the EEA residents younger than 16 years old. If you are aware of anyone younger than 16 Using Lensa, please contact us (for contact information, please, see “How to Contact Us” Section), and we will take the required steps to delete the information provided by such persons.

12. OTHER WEBSITES AND SERVICES

We are not responsible for the practices employed by any websites or services linked to or from Lensa, including the information or content contained within them. Where we have a link to a website or service, linked to or from Lensa, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.

13. HOW TO CONTACT US, EEA/UK REPRESENTATIVE, AND DATA PROTECTION OFFICER

General contact details. If you have any questions about this Privacy Policy or Lensa, please contact us via email at [email protected] or our mailing address:

Prisma Labs, Inc.

Suite D2028 440 N Wolfe Rd Sunnyvale, CA 94085.

Appointed EEA/UK representative. If you are a resident of the EEA or the UK and you have any questions about this Privacy Policy or Lensa, please contact us via email at [email protected] or at our EEA/UK representative mailing address:

DPOEU LTD

Office 902 Oval Krinou 3 Agios Athanasios 4103 Limassol, Cyprus

Email: [email protected]

Data protection officer. If you are a resident of the EEA or the UK and you wish to exercise your rights under Section 6, or you have any questions about this Privacy Policy or Lensa, you can contact our data protection officer via email at [email protected].

14. CHANGES TO OUR PRIVACY POLICY

The date this Privacy Policy was last revised is indicated at the top of the page. The Company may modify or update this Privacy Policy from time to time. Some changes do not require your consent: for example, when we add a new purpose of processing that is compatible with the existing purposes, or the new processing activity that falls under the users’ reasonable expectation. However, if the changes made may pose risk to your rights and freedoms (e.g., by including a new purpose of the processing that is not compatible with the existing purposes of processing, a new legal basis, a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users, we will ask for your consent to those changes separately from this Policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. That fact can negatively affect some of Lensa services provided to you in case those services inevitably include consent to the changes.