You can see our previous Privacy Policy here
Effective date: Dec 31, 2019
Welcome to Prisma Labs, Inc. (“Company,” “we,” “us” or “our”), a mobile technology company specializing in deep learning-related products. Our goal is to move forward mobile photography and video creation to the next level using neural networks, deep learning and computer vision technics. We aim to create new ways for people to express their emotions through the camera.
This Privacy Policy (this “Privacy Policy”) describes:
This Privacy Policy applies only to information we collect in Lensa and via email, text, and other electronic communications sent through or in connection with Lensa.
We undertake to build Lensa and any of its features in such a way that it respects your privacy and are committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy not only allows you to understand what we do with your Personal Data (as defined below), but also to manage your Personal Data effectively.
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. By downloading, installing, accessing or using (“Using”) Lensa, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, do not Use Lensa.
By Using Lensa you understand and agree that we are providing you with tools for editing and adjusting photos and videos that you can upload onto it. If you have any questions about this Privacy Policy or Lensa, please contact us (for contact information, please, see How to Contact Us Section).
This Privacy Policy DOES NOT apply to the information that:
Our websites and other apps, and these other third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.
This Privacy Policy may change from time to time (see Changes to Our Privacy Policy Section). Your continued use of Lensa after we make changes is deemed to be your acceptance of those changes, so please check this Privacy Policy periodically for updates.
We may collect several types of information, including but not limited to Personal Data, from and about you (“Collected Information”), including information:
We collect this information:
To the extent information is: (i) associated with an identified or identifiable natural person and (ii) protected as personal data under applicable data protection laws, such information is referred to in this Privacy Policy as “Personal Data”. Please bear in mind that provisions of Section 6 do not apply to your pseudonymized Personal Data.
When you Use Lensa, we may ask you to provide certain Collected Information:
You may provide the User Content for publication or display on third-party websites and other online services, you access through Lensa (“Post”). You confirm that you have all required rights, approvals and consents from any third parties, if applicable, to use the User Content in Lensa and to Post the User Content on third-party websites and other online services. This may be applicable if you: (i) Post, or use photos (via Lensa, that are not your’s; or (ii) Post, or use photos (via Lensa) of other individuals, that require the owner’s consent (for more information on the Lensa Terms of Service, please visit the following link).
Your User Content is Posted and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of third parties, with whom you may choose to share your User Content. Therefore, we cannot and do not guarantee that your User Content will not be viewed by unauthorized persons.
When you Use Lensa, we may use automatic data collection technologies to collect certain Collected Information about your equipment, browsing actions and patterns, including:
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). If you do not want us to collect this information, do not download Lensa or delete it from your device.
The information we collect automatically under this Privacy Policy may include your Personal Data and information we may maintain or associate with your Personal Data that we collect in other ways or receive from third parties. It helps us to improve Lensa and deliver a better and more personalized service, including but not limited to enabling us to estimate our audience size and Usage patterns and recognize when you Use Lensa.
If the information covered by this Section 3 is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.
The technologies we use for automatic data collection may include:
Third-party analytics. We use third-party analytics tools, such as Google Firebase, Facebook Analytics, AppsFlyer and Amplitude, to help us measure traffic and Usage trends for Lensa. These tools collect information sent by your device or Lensa, including log file information, cookies, device identifiers, add-ons and the web pages you visit when following the links available to you on Lensa. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User. For information on how third party analytics tools collect and process your data and to opt out of such collection and processing, generated by your Use of Lensa, please visit the following link.
Cookies (or mobile cookies) and similar technologies. A cookie is a small file placed on your smartphone. When you Use Lensa, we may use cookies and similar technologies to collect information about how you Use Lensa and provide features to you. We may ask our Service Providers to serve services to your devices, which may include cookies or similar technologies placed by us or such Service Providers (on our request). You may refuse to accept mobile cookies by activating the appropriate mobile browser setting on your smartphone. However, if you select these mobile browser settings you may be unable to access certain parts of Lensa. Unless you have adjusted your mobile browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to Lensa.
Log file information. Log file information is automatically reported by Lensa each time you make a request to Use Lensa. When you Use Lensa, we and our Service Providers may automatically record certain log file information, including your web request, IP address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on and through Lensa, domain names, landing pages, pages viewed, and other such information. The information allows us to receive more accurate reporting and improve Lensa.
Device identifiers. When you use a mobile device like a tablet or phone to Use Lensa, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may identify data stored in connection with the device hardware, operating system or other software, or data sent to the device by us. A device identifier may deliver information to us or to a Service Provider about how you browse and Use Lensa and may help us and others (on our request) produce a report on such Use. Some features of Lensa may not function properly if use or availability of device identifiers is impaired or disabled. Among others we collect the following device identifiers:
For Use of Lensa you may provide us and upload to Lensa your face images (photo or video). In order to make possible for you to Use certain functions of Lensa, we will process (provided by you) human face images (photo or video) through TrueDepth API technologies that will provide us information about such human faces' position, orientation and their topology on your image and/or video frame. For more information about TrueDepth API technology we use, you may visit the following link.
Images (photo or video), that you provide us in or through Lensa, and/or other information related to human faces obtained from your images (photo or video) and/or through the use of TrueDepth API technologies, such as ARKit, are the “Face Data”. The Face Data shall be considered the Personal Data. Notwithstanding anything to the contrary in other Sections of this Privacy Policy in relation to the Personal Data, we do not:
You hereby express your informed written consent on processing of your Face Data as described in this Section 4.
In addition to some of the specific uses of information we describe in this Privacy Policy, we may use the Collected Information for the following purposes:
We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or authorized by you in accordance with this Section 5 or collect any Personal Data that is not required for the mentioned purposes (“purpose limitation principle”).
For any new purpose of processing we will ask for your separate consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete and current. We also undertake to collect only such amount and types of your Personal Data that are strictly required for the purposes mentioned in this Section 5 (“data minimization principle”).
Access, modification, correction and erasure. You can send us an email at [email protected] to request access to, modification, correction, update, erasure or deletion of any Personal Data that you have provided to us and that we have about you. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
EEA residents. Individuals residing in the European Economic Area (“EEA”) have certain statutory rights in relation to their Personal Data, such as introduced by the General Data Protection Regulation (“GDPR”). You can exercise them by contacting us (for contact information, please, see How to Contact Us Section).
Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage you in a dialogue to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.
Following the provisions of the GDPR, we might also ask you to prove your identity (for example, by requesting an ID or other proof) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties are violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.
Please note that we will grant your request within 30 days after receiving it, but it may take up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.
Your California Privacy Rights. If you are a California resident, California law may provide you with additional rights regarding our use of your Personal Data. To learn more about your California privacy rights, visit (i) the following link and (ii) CCPA Privacy Notice for California Residents.
We may disclose aggregated information about our Users and information that does not identify any individual without any restriction. We may remove parts of data that can identify you and share anonymized data with any persons.
We will not rent or sell your Personal Data to third parties outside the Company (or the group of companies of which we are a part) without your consent, except for the parties with whom we may share your information in accordance with this Privacy Policy.
Parties with whom we may share your Personal Data. We may share your Personal Data (including but not limited to, information from cookies, log files, device identifiers and Usage data) with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries, or that become part of that group (“Affiliates”). Affiliates may use this information to help provide, understand, and improve Lensa (including by providing analytics) and Affiliates’ own services (including by providing you with better and more relevant experiences). Such Affiliates are bound by the rules of this Privacy Policy.
We also may share your Collected Information with third-party organizations such as contractors and service providers that we use to support our business and who are bound by reasonable confidentiality and data protection terms to keep your Personal Data confidential and use it only for the purposes for which we disclose it to them (“Service Providers”).
We may also share certain Personal Data as well as other Collected Information with third-party advertising partners. These third-party advertising partners may use tracking technologies and other automatic information collection technologies to collect information about you or your device when you Use Lensa. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites, apps, and other online services websites. Such information would allow third-party ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information on how third-party advertising partners collect and process your data and to opt out of such collection and processing, generated by your Use of Lensa, please visit the following link.
The parties we share your Personal Data with are either EEA-based or compliant with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each of them and collectively “Privacy Shield”) that ensure that European data privacy requirements are met. We also utilize standard contractual clauses and other contractual safeguards in order to protect your privacy and ensure that all transfers of your Personal Data are safe and compliant with applicable laws.
What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of the Company or our assets to another organization (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other Collected Information may be among the items sold or transferred. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.
Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects Users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
General. The Company is based in the United States and the information we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.
EEA and Swiss residents. Please bear in mind that we may transfer your Personal Data to the United States which data protection is not deemed adequate under applicable data protection laws.
However, we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (“Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall prevail. To learn more about the Privacy Shield program, and to view our certification, please visit the following link.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Data security. We use reasonable and appropriate information security safeguards to help keep the Collected Information secure and to secure it from accidental loss and from unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Collected Information, we cannot guarantee the security of the Collected Information transmitted to or through Lensa or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your Collected Information is at your own risk. We are not responsible for circumvention of security measures contained in Lensa. Please understand that there is no ideal technology or measure to maintain 100% security. Among others, we utilize the following information security measures:
The safety and security of your information also depends on you. You are responsible for controlling access to emails between you and us at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.
Third-party (onward) transfers and Privacy Shield compliance. In the context of an onward transfer, we have responsibility for: (i) processing of your Personal Data we receive under the Privacy Shield or generally from the EEA and Swiss residents and (ii) subsequent transfer of such Personal Data to a third party acting as an agent on our behalf. We remain liable under the Principles and GDPR: (i) if our agent processes such Personal Data in a manner inconsistent with the Principles and GDPR and (ii) for the event giving rise to the damage, unless we prove that we are not responsible for the event giving rise to such damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.
General age limitation. Lensa is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use Lensa. If you are under 13, do not Use or provide any information in Lensa or through any of its features, or provide any information about yourself to us, including your name, address, telephone number or email address. In the event that we learn that we have collected or received any Personal Data from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us (for contact information, please, see How to Contact Us Section).
Age limitation for EEA residents. Due to requirements of the GDPR you shall be at least 16 years old in order to Use Lensa. To the extent prohibited by applicable law, we do not allow Use of Lensa by the EEA residents younger than 16 years old. If you are aware of anyone younger than 16 Using Lensa, please contact us (for contact information, please, see How to Contact Us Section) and we will take required steps to delete information provided by such persons.
We are not responsible for the practices employed by any websites or services linked to or from Lensa, including the information or content contained within them. Where we have a link to a website or service, linked to or from Lensa, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.
General contact details. If you have any questions about this Privacy Policy or Lensa, please contact us via email at [email protected] or our mailing address:
Prisma Labs, Inc.
Suite D2028
440 N Wolfe Rd
Sunnyvale, CA 94085.
Appointed EEA representative. If you are a resident of the EEA and you have any questions about this Privacy Policy or Lensa, please contact us via email at [email protected] or our EEA representative mailing address:
DPOEU LTD
Office 902
Oval Krinou 3
Ayios Athanasios
4103 Limassol, Cyprus
Email: [email protected].
Data protection officer. If you are a resident of the EEA or Switzerland and you wish to exercise your rights under Section 6, or you have any questions about this Privacy Policy or Lensa, you can contact our data protection officer via email at [email protected].
The Company may modify or update this Privacy Policy from time to time, so please review it periodically. The date this Privacy Policy was last revised is identified at the top of the page. Your continued Use of Lensa after we make changes to this Privacy Policy is deemed to be acceptance by you of those changes, so please check the policy periodically for updates. In some cases, we may require you to expressly accept our new privacy policy in order to continue Using Lensa (for example, if we expand types of Personal Data collected from you or introduce new purposes of collection and processing).