Privacy Policy

Act by MintyGum LLC — Last Updated: April 11, 2026

MintyGum LLC ("we", "us", "our") operates the Act mobile application ("App"). This Privacy Policy explains how we collect, use, and protect your information when you use our App.

1. Information We Collect

Device Information

We generate a random anonymous identifier stored locally on your device. We do not require account creation, login, email, or any personal identity information. We also collect your device platform (iOS/Android) and push notification token (if you grant permission).

Photos and Facial Images You Upload

When you use a template, you select a photo from your device. Many templates require a photo containing a clearly visible human face — we refer to these images as "facial images" or "face data". Your photo is uploaded to our servers temporarily for AI processing and is deleted from our servers immediately after processing completes, whether the generation succeeds or fails. We do not retain your original uploaded photos. See Section 2 (Face Data) for a detailed explanation of how face data is collected, used, shared, and retained.

Optional Information

During onboarding, you may optionally provide your gender and content interests. This information is used solely to personalize your experience and is not shared with third parties for advertising purposes.

Usage Data

We collect anonymous usage data including which templates you use, generation history, credit transactions, and general app interaction events. This data is used to improve the App and is not tied to your real-world identity.

Purchase Information

Subscription and in-app purchase transactions are processed by Apple App Store or Google Play Store. We do not collect or store your payment details. RevenueCat, our subscription management provider, processes purchase receipts on our behalf.

2. Face Data

Because Act transforms photos containing your likeness, we want to be explicit about how we handle face data. This section applies specifically to any photo you upload that contains a human face ("facial images" or "face data").

What Face Data We Collect

When you use a template that requires your likeness, you voluntarily select a photo from your device's photo library that contains a clearly visible human face. We do not capture face data in the background, automatically, or without an explicit action from you. We do not use the device camera to record face data.

How We Use Face Data

Facial images are used solely as input to generate the AI photo or video output you requested from a template. The image is transmitted to third-party AI providers (see Section 4 — Third-Party Services) which return the generated output. We do not use your face data for any other purpose.

We explicitly do not:

Face Validation

To ensure a usable input, uploaded images are briefly passed to the Google Cloud Vision API for a single check: whether the image contains exactly one human face of sufficient clarity. This validation returns a yes/no result and is not retained. No facial features, landmarks, coordinates, or biometric derivatives from this check are stored by us or shared with any other party.

Third Parties That Receive Face Data

Your uploaded facial images are transmitted, over encrypted connections (HTTPS/TLS), to the third-party AI processing providers listed in Section 4: eachlabs.ai, fal.ai, Higgsfield, and Replicate. Each of these providers uses the facial image only for the duration necessary to generate the requested output and is subject to its own privacy policy. Facial images are temporarily stored on Google Cloud Storage (United States) only while a generation is being processed.

Retention of Face Data

Your uploaded facial images are deleted from our servers immediately after AI processing for that image completes — whether the generation succeeds or fails. We do not retain your original facial images after processing. The only items we retain after a generation are the generated output (subject to the retention rules in Section 5 — Data Retention) and an anonymous generation record containing only the template identifier, timestamp, and credit cost — neither of which contains your face or any biometric data.

Your Control Over Face Data

Because we do not retain your uploaded facial images after each generation, there is no stored face data on our servers tied to your device. You control face data by choosing whether and when to upload a photo. If you wish to remove a generated output that was produced from a facial image you previously uploaded, you can delete individual items from your in-app library, or let your subscription expire — all generated content is deleted after 14 days of subscription expiration (see Section 5).

3. How We Use Your Information

We use the information we collect to: provide and operate the App's AI photo and video generation features; process your photos through third-party AI services to generate content; manage your subscription and credit balance; send push notifications about completed generations (if permitted); analyze usage patterns to improve the App; and detect and prevent abuse.

4. Third-Party Services

Your photos and data may be processed by the following third-party services:

AI Processing Providers

eachlabs.ai, fal.ai, Higgsfield, and Replicate. When you generate content, your uploaded photo is sent to one or more of these providers for AI processing (face swap, motion control, image generation). These providers process your photo solely to generate the requested output and are subject to their own privacy policies.

Cloud Infrastructure

Google Cloud Platform. Your data is processed and stored on Google Cloud servers located in the United States.

Analytics & Attribution

AppsFlyer (install attribution and marketing analytics) and Mixpanel (product analytics and event tracking). These services collect anonymous device and usage data to help us understand how the App is used and measure marketing effectiveness. AppsFlyer may collect your IDFA (iOS) with your permission via the App Tracking Transparency prompt.

Subscription Management

RevenueCat processes your subscription status and purchase receipts. RevenueCat does not have access to your payment details — these are handled by Apple or Google.

Push Notifications

Firebase Cloud Messaging delivers push notifications to your device when your AI-generated content is ready.

5. Data Retention

Uploaded Photos and Facial Images

Your uploaded selfies, photos, and facial images are deleted from our servers immediately after AI processing completes, whether the generation succeeds or fails. We do not retain your original uploaded images. See Section 2 (Face Data) for the detailed handling of face data.

Generated Content

Your AI-generated photos and videos are stored on our servers for as long as you maintain an active subscription. If your subscription expires or is cancelled, your generated content is permanently deleted from our servers after 14 days. We recommend saving any content you wish to keep to your device before your subscription ends.

Device Data

Your anonymous device identifier and associated usage data are retained indefinitely to maintain your app experience. Since no personally identifiable information is tied to this data, it cannot be used to identify you.

6. Children's Privacy

The App is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us and we will promptly delete it.

7. Data Security

We implement reasonable technical and organizational measures to protect your information, including encrypted data transmission (HTTPS/TLS), secure cloud infrastructure, and anonymous device-based identification with no personal credentials stored.

8. Your Rights

Since we do not collect personally identifiable information and use anonymous device identifiers, traditional data access requests may have limited applicability. However, you can: delete all your generated content by letting your subscription expire (content is deleted after 14 days); uninstall the App to remove your local device identifier; or contact us to request deletion of any data associated with your device identifier.

9. International Data Transfers

Our servers are located in the United States. By using the App, you consent to the transfer and processing of your data in the United States. Our third-party AI processing providers may also process data in various international locations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy within the App or on our website. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

MintyGum LLC
8 The Green STE B, Dover, DE 19901, United States
Email: hey@mintygum.com