Privacy Policy

How we collect, use, and protect your personal information

Privacy Policy

Last modified May 13, 2026

At eddeAi, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI image generation platform and services. It also explains the biometric (face) data we process to train your personal AI models, the AI processing infrastructure we use to deliver our features, and how you can delete your account and associated data at any time.

Introduction

eddeAi ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This policy describes our practices regarding personal information collected through our website, mobile applications, and services (collectively, the "Services").

We operate from Ontario, Canada, and comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws. We also recognize the privacy rights of users from other jurisdictions, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Information We Collect

Information You Provide Directly

When you use our Services, you may provide us with various types of information:

Account Information: When you create an account, we collect your name, email address, and password. You may also provide additional profile information.

Payment Information: When you purchase credits or subscriptions, we collect payment information through our third-party payment processors. We do not store your full credit card details on our servers.

Content and Uploads: We collect the images you upload for model training, the prompts you use for image generation, and the generated images you create.

Communication Information: When you contact us for support or inquiries, we collect your name, email address, and the content of your messages.

Social Media Information: If you interact with our social media pages (such as on Instagram, Facebook, Twitter, LinkedIn, or YouTube), we may collect information you choose to share with us through those platforms.

Information We Collect Automatically

When you use our Services, we automatically collect certain technical information:

Usage Data: We collect information about how you interact with our Services, including which features you use, the pages you visit, the time and date of your activities, and your time zone.

Device Information: We collect information about the device you use to access our Services, including device type, operating system, browser type, and device identifiers.

Log Data: Your browser automatically sends us information when you visit our website, including your IP address, browser settings, and how you interact with our site.

Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience, analyze usage patterns, and improve our Services. You can control cookie preferences through your browser settings, though disabling cookies may affect some functionality.

Analytics Data: We use analytics tools to understand how our Services are used and to improve user experience. This includes aggregated and anonymized data about user behavior.

How We Use Your Information

We use the personal information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our Services, including processing your image uploads, training AI models, and generating images.

Account Management: To create and manage your account, process transactions, and communicate with you about your account.

Customer Support: To respond to your inquiries, provide technical support, and address any issues you may encounter.

Communication: To send you important updates about our Services, changes to our policies, security alerts, and marketing communications (with your consent where required).

Research and Development: To analyze usage patterns, improve our AI models, develop new features, and conduct research (which may be shared with third parties in aggregated, anonymized form).

Security and Fraud Prevention: To detect, prevent, and address security issues, fraud, abuse, and other harmful activities.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.

Business Operations: To manage our business operations, including data analysis, auditing, and business planning.

Face Data and Biometric Information

eddeAi allows you to train personalized AI models, which typically requires uploading photographs that include faces (yours or, with explicit written consent, the face of another person). We treat face imagery as sensitive personal information and apply the safeguards described below.

What face data we collect

  • Source images you upload: Photographs you provide as training inputs (5–10 images per model). These images may contain facial features, expressions, hair, skin tone, and other visual characteristics.
  • Derived model weights: A trained AI model is generated from your images. The model is a mathematical representation that can produce images resembling the trained subject; it is not a face template, faceprint, or biometric identifier used for recognition or authentication.
  • Generated outputs: Images you create using your trained model, including any face-related edits (for example, face enhancement on generated images).

We do not use facial recognition, identity verification, or face-matching technology. We do not build a biometric database that can be used to identify you or any other person from photographs.

How we use face data

  • To train the personalized AI model you requested.
  • To generate, edit, and enhance images that you request from your trained model.
  • To enforce our Content Policy (for example, detecting prohibited content). Some safety checks are automated.
  • To provide customer support and debug issues when you request our help.

We do not use face data to train general-purpose foundation models, to build advertising profiles, or to identify users from uploaded images.

How face data is processed

To deliver model training, image generation, and image editing, your face imagery and the resulting trained model are processed through specialized AI processing infrastructure operated on our behalf by Astria, our AI training and inference partner. Astria acts solely as a data processor for eddeAi:

  • They receive only the data needed to complete the specific request you initiated (for example, the images required for training, or the prompt and source image required for an edit).
  • They are contractually prohibited from using your face data for their own purposes, including training their own general-purpose AI models.
  • They process each user's data in isolation — your images and trained models are not combined with other users' data or used to generate content for anyone other than you.
  • They are required to apply security protections at least equivalent to those described in this policy, including encryption in transit and at rest, access controls, and audit logging.

We do not sell face data and we do not share it with advertisers, data brokers, or social networks.

Where face data is stored

Face imagery, trained models, and generated outputs are stored in encrypted form in isolated, access-controlled cloud storage primarily located in the United States and Canada. Storage is logically segregated per user so that your content is not accessible to other users of the Services. Transient processing for training or generation may occur in additional regions operated by our infrastructure providers; in all cases the data is protected by encryption in transit and at rest and is purged from processing systems once the request is complete.

How long we retain face data

  • Training images, trained models, and generated images are automatically deleted approximately 30 days after training completes, unless you delete them sooner.
  • You can manually delete any model, training image, or generated image at any time from the in-app Models, History, or Gallery screens.
  • When you delete your account (see "Account Deletion" below), all associated face imagery, trained models, generated images, and personally identifiable account data are permanently deleted from our active systems within 30 days, subject to limited retention required by law (for example, tax or fraud records, which are stored without face imagery).

Your consent

By uploading photographs to eddeAi and starting a model training job, you confirm that:

  • You have the right to upload the images, and
  • Each identifiable person in the images has given you their informed consent to have their face used for AI model training and image generation on eddeAi.

You may withdraw consent at any time by deleting the model, the training images, or your account.

Mobile App Permissions

The eddeAi mobile applications request only the device permissions that are necessary to deliver the features you use. Each permission can be revoked at any time from your device settings; some features may stop working when a permission is revoked.

  • Photos / Media / "Read images" permission — Used so you can select existing photos to upload as model training inputs or as source images for image editing. We only access images you explicitly select; we do not scan or index your full photo library.
  • Camera permission — Used only if you choose to capture a new photo from inside the app for training or editing. We do not record video or audio.
  • Notifications permission — Used to alert you when a model training run completes, when generated images are ready, or for account and billing notifications. Required only if you opt in to receive notifications.
  • Network access — Required to communicate with our servers and AI processing infrastructure. Standard for any networked application; no separate disclosure is shown to you.
  • Foreground service / background upload (Android) — Used briefly to keep uploads of training images alive while the app is backgrounded so that a large upload does not fail. The service runs only during an active upload and stops afterward.

We do not request location, contacts, microphone, calendar, call log, SMS, accessibility, or device-identifier permissions. We do not use the Android Advertising ID (AAID) or Apple's Identifier for Advertisers (IDFA).

AI Processing and Service Providers

eddeAi relies on cloud-based AI processing infrastructure and a small number of operational service providers to deliver model training, image generation, image editing, payments, messaging, authentication, and email. Our primary AI processor is named below; for operational vendors (storage, payments, email, messaging) we describe the category rather than naming individual providers so we can substitute equivalent processors without revising this policy.

Categories of processors we use

  • AI model training and inference infrastructure — Astria: receives the training images, prompts, masks, edit parameters, and model identifiers needed to train your personal AI model and generate or edit images from your prompts. Astria is contractually prohibited from using your content to train its own general-purpose models and processes each user's data in isolation.
  • AI chat and text processing infrastructure — receives chat messages and (for the optional Pro messaging feature) the text content of inbound and outbound conversation messages.
  • Cloud storage, database, and compute infrastructure — stores your account data, uploaded images, trained models, and generated outputs in encrypted form.
  • Payment processors — receive only the billing details required to complete a transaction. For purchases made inside our iOS app, transactions are processed through Apple's In-App Purchase system and we do not receive your payment card.
  • Messaging providers — used only when you enable optional phone/messaging features; receive your phone number and the message content required to deliver the message.
  • Email delivery providers — receive your email address and the content of transactional emails (account, billing, notifications).
  • Authentication providers — receive the identifiers necessary to sign you in (for example, the email and profile fields returned by an OAuth provider).

How your data is protected when shared with processors

Each processor we use is engaged under a written agreement that requires them to:

  • Act only as a processor of eddeAi data and use the data solely to provide the specific feature we have requested on your behalf;
  • Process each user's data in isolation — your prompts, images, and trained models are not combined with other users' content and are not used to generate content for anyone other than you;
  • Apply security protections at least equivalent to those described in this policy, including encryption in transit, encryption at rest, access controls, network isolation, and audit logging;
  • Not use your prompts, images, or face data to train their own general-purpose AI models;
  • Honor deletion and access requests that we forward on your behalf; and
  • Notify us promptly of any security incident affecting your data.

Your consent before AI processing

Before any prompts, images, or generated outputs are sent to AI processing infrastructure, you must explicitly accept our Terms of Service and this Privacy Policy. When you submit a prompt, start a training job, or request an image edit, you separately authorize that specific processing request. You can withdraw consent for future processing at any time by deleting the relevant content, the relevant model, or your account.

We will ask for additional in-app consent before introducing any new category of AI processing that materially expands the data we share with processors.

Data Minimization

We follow the principle of data minimization, collecting only the personal information that is necessary for the purposes outlined in this policy. We do not collect information that is not relevant to providing and improving our Services.

How We Share Your Information

We may share your personal information in the following circumstances:

Service Providers: We share information with third-party service providers who help us operate our Services, including hosting providers, payment processors, email services, analytics providers, and customer support tools. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Business Transfers: If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

Legal Requirements: We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

Aggregated Data: We may share aggregated, anonymized data that cannot be used to identify you with third parties for research, analytics, or business purposes.

We do not sell your personal information to third parties.

Data Storage and International Transfers

Your personal information may be stored and processed in servers located in Canada, the United States, or other countries where our service providers operate. When we transfer your information across borders, we take appropriate measures to ensure your information is protected in accordance with this Privacy Policy and applicable laws.

If you are located outside of Canada, please note that by using our Services, you consent to the transfer of your information to Canada and other jurisdictions where our service providers operate.

Your Privacy Rights

Canadian Users (PIPEDA Rights)

Under PIPEDA, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Withdrawal of Consent: Withdraw your consent for certain uses of your information (subject to legal and contractual restrictions)
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights

European Union Users (GDPR Rights)

If you are located in the European Union, you have additional rights under the GDPR:

  • Right to Access: Obtain confirmation of whether we process your personal data and access to that data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

California Users (CCPA Rights)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Exercise your privacy rights without discrimination

Exercising Your Rights

To exercise any of these rights, please contact us at support@edde.ai. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing certain requests.

Account Deletion

You can permanently delete your eddeAi account, along with all associated data, at any time. We provide an in-app option so that you do not need to email us or visit our website to start the process.

How to delete your account

  1. Open the eddeAi app or website and sign in.
  2. Navigate to Dashboard → Settings and scroll to the Delete Account section.
  3. Tap Delete Account.
  4. Confirm the deletion in the confirmation prompt. (We include a confirmation step to prevent accidental deletions; we do not require phone calls or emails to complete the deletion.)

You can also request deletion by emailing support@edde.ai from the email address associated with your account. Email-based requests are processed within 7 days; we may ask you to confirm ownership of the account before proceeding.

Deletion from the web (for users who have uninstalled the app)

If you have already uninstalled the eddeAi mobile app, you do not need to re-install it to delete your account. You can request deletion of your account and associated data from our public deletion page:

https://edde.ai/account/delete

The page is reachable without installing or re-installing the app. You will be asked to confirm the email address associated with your eddeAi account so that we can verify the request and process the deletion. The same deletion scope, timelines, and limited legal-retention rules described below apply regardless of whether you initiate deletion from the iOS app, the Android app, the website, the web deletion page, or by email.

What gets deleted

When you delete your account, we permanently remove:

  • Your account profile, login credentials, and authentication tokens
  • All trained AI models you created
  • All training images, source uploads, and generated images stored on our infrastructure
  • All prompts, chat history, and edit history
  • Linked phone numbers and messaging history (Pro feature)
  • In-app preferences and settings

We aim to complete deletion of personal data from our active systems within 30 days of your request, and encrypted backups are rotated out within 90 days. In rare cases, residual copies held by AI processing or storage providers may take slightly longer to purge from their caches; we forward deletion requests to those providers promptly.

What we retain after deletion (limited)

Some information must be retained for legal, accounting, fraud-prevention, or dispute-resolution purposes. After account deletion we may retain:

  • A record of the deletion request itself
  • Anonymized billing/transaction records required by tax law
  • Records of any reported policy violations, in pseudonymized form

These records do not contain face imagery, trained models, prompts, or other personal content.

Subscriptions and credits

Deleting your account does not automatically cancel an active paid subscription with a third-party app store or web payment provider. You should cancel the subscription through the platform where it was purchased (for example, in your device's App Store subscription settings, or on the eddeAi billing page) before or after deletion. Unused credits are forfeited on deletion and are not refundable except as required by law.

Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@edde.ai, and we will delete that information from our systems.

Data Security

We implement commercially reasonable technical, administrative, and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and improve our Services. You can control cookies through your browser settings, though disabling cookies may affect some functionality.

We do not currently respond to "Do Not Track" signals from browsers, as there is no standard for how such signals should be interpreted.

Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

Retention of Information

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your information, we will securely delete or anonymize it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of material changes by posting the updated policy on our website and updating the "Last modified" date. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: support@edde.ai

We will respond to your inquiry as soon as possible.

Office of the Privacy Commissioner of Canada

If you are a Canadian resident and have concerns about our privacy practices, you may contact:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Phone: 1-800-282-1376
Website: https://www.priv.gc.ca

This Privacy Policy is effective as of November 29, 2025, and applies to all users of eddeAi Services.

Terms of ServiceContent PolicyHome