Last Updated: July 9, 2026
"Refina", "EnhanceMe", "we", "our", or "us" means Trilogy Labs LLC, United States.
AI face previews are for illustration only — not medical advice. Consult a licensed professional before any cosmetic procedure.
| Category | Examples | Purpose | Legal Basis* | Retention |
|---|---|---|---|---|
| Account Info | Name (optional), email, password hash, OAuth tokens (Google / Apple) | Sign-up, authentication, support | Contract | Until account deletion + 180 days backups |
| Photos / Videos | Reference & enhanced images, metadata (angle, timestamp) | Generate AI previews and Facial Dossier reports; cloud backup for user convenience | Consent; Contract | User-controlled (you can delete in-app) |
| Profile Details | Age, gender, ethnicity, appearance goals (all user-provided) | Personalize AI previews and Facial Dossier reports | Consent | Until account deletion |
| Purchase & Trial | App-Store receipt IDs, subscription status, Superwall customer ID | Unlock premium features, verify payments, enforce trials | Contract; Legal obligation (tax) | 10 years (accounting) |
| Device / Log | Device model, OS version, IP (country only), unique device ID | Security, fraud prevention, paywall gating | Legitimate interest | 90 days |
| Crash Data | Stack traces, Firebase Crashlytics IDs | Diagnose and fix app crashes | Legitimate interest | 90 days |
*GDPR art. 6 legal bases; CCPA = "business purpose", not selling/sharing.
We do not show third-party ads or track you across other apps.
Facial Enhancement & Dossier Processing:
Data Minimization:
| Vendor | Service | Location | Safeguard |
|---|---|---|---|
| Google Firebase | Backend hosting & storage | US/EU | EU SCCs + Data Privacy Framework |
| Replicate | AI facial enhancement processing | US | Transient processing only |
| OpenAI | AI image generation (previews & dossier reports) | US | API data not used for model training |
| Anthropic | AI facial analysis & dossier report text | US | API data not used for model training |
| Superwall | Subscription validation | US | SCCs |
| Apple / Google Play | Payment processing | Your region | PCI-DSS / PSD2 |
No other third-party analytics, ad networks, or CDNs are integrated.
Data may be processed in the United States or other regions where Firebase operates.
You may access, export, or delete your data anytime via Settings → Account → Delete Account or by emailing team@trilogy-labs.com.
All images encrypted in transit (TLS 1.2+) and at rest (AES-256). Strict authentication ensures users only access their own data.
Account data kept while account exists. User-deleted photos removed immediately. AI processing files deleted immediately after processing.
AI preview and Facial Dossier generation is automated but has no legal or similarly significant effect.
Updates will be posted here and users notified before major changes.
Email: team@trilogy-labs.com
END OF POLICY