Refina Privacy Policy & Terms

Last Updated: June 19, 2025

Who We Are

"Refina", "EnhanceMe", "we", "our", or "us" means Trilogy Labs LLC, United States.

Age & Medical Disclaimer

AI face previews are for illustration only — not medical advice. Consult a licensed professional before any cosmetic procedure.

What We Collect & Why

Category	Examples	Purpose	Legal Basis*	Retention
Account Info	Name (optional), email, password hash, OAuth tokens (Google / Apple)	Sign-up, authentication, support	Contract	Until account deletion + 180 days backups
Photos / Videos	Reference & enhanced images, metadata (angle, timestamp)	Generate AI previews; cloud backup for user convenience	Consent; Contract	User-controlled (you can delete in-app)
Purchase & Trial	App-Store receipt IDs, subscription status, Superwall customer ID	Unlock premium features, verify payments, enforce trials	Contract; Legal obligation (tax)	10 years (accounting)
Device / Log	Device model, OS version, IP (country only), unique device ID	Security, fraud prevention, paywall gating	Legitimate interest	90 days
Crash Data	Stack traces, Firebase Crashlytics IDs	Diagnose and fix app crashes	Legitimate interest	90 days

*GDPR art. 6 legal bases; CCPA = "business purpose", not selling/sharing.

How We Use Data

Provide core functions (login, photo upload, AI processing).
Validate trials and subscriptions via Superwall.
Prevent trial abuse or fraud (device & IP checks).
Improve stability through Crashlytics error reports.
Send essential emails or in-app messages (e.g., password reset, receipt).

We do not show third-party ads or track you across other apps.

Facial Data Protection

Facial photographs are treated as sensitive data under applicable privacy laws. We implement the following protections:

Encryption: All facial images encrypted in transit
Access Controls: Strict authentication required; users can only access their own facial data
Processing Limitation: Facial data used exclusively for AI enhancement generation
No Identification: We do not use facial recognition technology for user identification
Secure Processing: AI processing occurs through secure Firebase Cloud Functions with encrypted transmission
User Control: Complete user control over facial data with immediate deletion capabilities
Data Minimization: Only facial photos necessary for enhancement services are collected and processed

AI Processing and Third-Party Services

Facial Enhancement Processing:

Facial images are sent via secure API to AI model for enhancement generation
Images are processed transiently and not permanently stored by the AI service provider
Processing occurs through Firebase Cloud Functions acting as a secure intermediary
Enhanced images are generated based on user-selected cosmetic procedure parameters

Data Minimization:

Only facial photos necessary for enhancement services are collected and processed
No facial data is used for advertising, marketing, or research purposes
AI processing is limited to generating user-requested enhancement previews
No facial data is shared with advertising networks, social media platforms, or other third parties

Data Sharing (Sub-processors)

Vendor	Service	Location	Safeguard
Google Firebase (Auth, Firestore, Storage, Cloud Functions, Crashlytics, App Check)	Backend hosting & storage	US/EU	EU Standard Contractual Clauses + EU–US Data Privacy Framework
Replicate (FLUX Kontext Pro Model)	AI facial enhancement processing	US	Transient processing only, no permanent storage
Superwall (Nest22 Inc.)	Paywall, subscription & receipt validation	US	SCCs
Apple / Google Play	Payment processing	Your region	PCI-DSS / PSD2

No other third-party analytics, ad networks, or CDNs are integrated.

International Transfers

Data may be processed in the United States or other regions where Firebase operates. Transfers from the EEA/UK/Switzerland rely on EU Standard Contractual Clauses and Google's Data-Privacy-Framework self-certification.

Your Rights

You can access, rectify, export, or delete your data and withdraw consent at any time via Settings ▸ Account ▸ Delete Account or email team@trilogy-labs.com. EEA/UK users may also lodge a complaint with their local supervisory authority.

Facial Data Rights:

Delete individual photos or enhancement results instantly through the app
Export your facial data and enhancement history

California / U.S. State Disclosures

We do not sell or share personal information as defined by the CCPA/CPRA.

Collected categories: identifiers, internet activity (app logs), purchase info, geolocation (country), inferences (trial status), biometric information (facial photographs).

Right to know, delete, or correct: use in-app controls or email (same as above).

Security

Encryption: All facial images encrypted in transit (TLS 1.2+) and at rest (AES-256). Access Controls: Firebase Authentication with strict security rules ensuring users can only access their own facial data. Processing Limitation: Facial data used exclusively for AI enhancement generation. No Identification: We do not use facial recognition technology for user identification. Secure Processing: AI processing occurs through secure Firebase Cloud Functions with encrypted transmission. User Control: Complete user control over facial data with immediate deletion capabilities. Data Minimization: Only facial photos necessary for enhancement services are collected and processed.

Data Retention & Deletion

Account data kept while your account exists.
User-deleted photos removed from live systems immediately.
Enhanced images deleted when user requests deletion.
Temporary AI processing files deleted immediately after processing completion.
Receipts retained 10 years for statutory tax reasons.

Automated Processing

AI preview generation is automated but produces no legal or similarly significant effect. Facial enhancement processing is performed solely to generate cosmetic procedure previews for user visualization purposes.

Changes

We'll post updates here and notify you in-app or by email 30 days before significant changes.

Contact

Email: team@trilogy-labs.com

END OF POLICY