Who I am
Hi, I'm Daniel Jurma. Dripp is a side project that turned into a full project — an AI photo editor for fit pics. I designed it, I wrote it, and I'm the person reading the support email when you write in. Throughout this policy, “I”, “me”, and “Dripp” all mean the same thing.
If you ever want to reach me about your data, write to privacy@trydripp.com. That inbox goes to me directly and I try to answer within a few working days.
What this covers
This policy applies to:
- The Dripp iOS app on the App Store, and every feature you can reach inside it.
- This website at trydripp.com.
- Any email you send me at
hello@trydripp.comorprivacy@trydripp.com.
It doesn't cover third-party sites Dripp links to, or apps you open from inside Dripp (Instagram, TikTok, etc.). Those have their own privacy policies — read them.
What I collect
Account
- Your email address (for account recovery and receipts).
- A Sign in with Apple identifier — an opaque token Apple gives me. It's not your Apple ID.
- An optional handle, if you set one.
Photos & edits
- The photos you upload for editing.
- The prompts and presets you tap.
- The edits Dripp produces.
Subscription
- A RevenueCat customer id — a pseudonymous string that lets me check whether you have Dripp Pro.
- Trial status, current entitlement, and renewal state.
- Not your card number or payment details. Apple holds all of that.
Device & diagnostics
- Device model, iOS version, app version, locale.
- A random per-install identifier (not a cross-app tracker).
- Crash stack traces (PII scrubbed before they're sent).
Analytics events
- Event names like
paywall_viewedand an anonymous distinct id. - Your App Tracking Transparency status.
- I do not send your prompt text, photo bytes, or email to analytics.
Approximate location
- Country level, derived from your IP. Used for App Store pricing and to apply the right privacy rules (GDPR, CCPA, etc.).
- I never ask iOS for precise location.
How I use it
- Run the service — sign you in, render the editor, sync your settings.
- Run AI edits — route your photo and prompt to the AI provider, return the result. See section 05.
- Run your subscription — unlock Pro features for people who have Dripp Pro.
- Prevent abuse — NSFW filter, age estimation, rate-limit obvious bots.
- Transactional email — receipts, security alerts, material updates to this policy.
- Aggregate analytics — see which screens convert and what to build next. Aggregate, not per-person.
- Legal obligations — respond to lawful requests, keep the records tax authorities can ask for.
For users in the EEA, UK, and Switzerland, the legal bases under GDPR / UK GDPR are:
- Running the service & edits
- Contract (Art. 6(1)(b)) — providing the app is the service you signed up for.
- Subscription
- Contract + legal obligation (tax records).
- Abuse prevention & security
- Legitimate interests (Art. 6(1)(f)) — keeping minors and harmful content off the platform.
- Transactional email
- Contract — receipts and account messages.
- Aggregate analytics
- Consent (Art. 6(1)(a)) — you can switch it off in the cookie banner or in-app settings.
- Legal obligations
- Legal obligation (Art. 6(1)(c)).
Photos and AI
Dripp uses third-party AI models to produce edits. Per Apple's App Review Guidelines, I have to tell you who they are:
- The default generation provider is Google Gemini 2.5 Flash Image (via Vertex AI in the EU). When that runs out of capacity, Dripp fails over to fal.ai workers running open-source image models.
- All AI calls are server-to-server. Your phone never talks to Google or fal.ai directly — it talks to my backend, which forwards the call. The vendor API keys never reach the device.
- I send only the photo and the prompt — no email, no account id, no identifier. The vendor sees a stateless inference call.
- The vendor terms I've signed prohibit them from training on your content, and I've opted out of any optional training programs.
Your photos are never used to train any AI model — mine or anyone else's.
Retention. Input photos sit on my storage for at most 24 hours; output edits for at most 7 days. After that a scheduled job deletes them. You can delete either sooner in-app. If you save an edit to your camera roll, that copy is on your device, not mine.
Who touches your data
These are the third parties (“sub-processors”) that process data on my behalf:
| Vendor | Purpose | Data | Jurisdiction |
|---|---|---|---|
| Supabase | Database, auth, file storage | Account data, content metadata | EU (Frankfurt) |
| RevenueCat | Subscription entitlements | Pseudonymous customer id, entitlement flags | United States |
| PostHog | Product analytics | Event names, anonymous distinct id, ATT status | EU Cloud (Frankfurt) |
| Sentry | Crash and error reporting | Stack traces, device + OS metadata; PII scrubbed | EU region |
| Vercel Analytics | Aggregate, cookieless website page-view counts | Coarse device/region from request headers; no cookies, no cross-site identifiers | United States (Vercel) |
| AppsFlyer | Install attribution (after ATT consent) | Install timestamp, ad-network ids, SKAdNetwork postbacks | EU region |
| Google Gemini (Vertex AI) | AI image generation | Photo + prompt for the duration of the call; no training | EU multi-region |
| fal.ai | AI image generation — fallback only | Photo + prompt for the duration of the call; no training | United States |
| Cloudflare R2 | Input and output image storage with auto-cleanup | Encrypted blobs in scoped folders; no public buckets | EU + auto-cleanup per section 05 |
| Apple | App Store distribution, Sign in with Apple, push notifications | Per Apple’s policy | Per Apple’s policy |
When this list changes, I update this section and bump the effective date at the top.
Your rights
Depending on where you live, you have some or all of these rights over your data:
- Access — get a copy of what I hold about you.
- Correction — fix anything that's wrong.
- Deletion — tell me to delete your account and data.
- Restriction — pause processing while a dispute is sorted out.
- Portability — get your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — for anything based on consent (analytics, mainly).
- Complain — to your local data protection authority.
- Non-discrimination (CCPA) — exercising these rights never costs you anything.
Fastest path: open Dripp and tap Settings → Privacy → Delete account. That triggers the full deletion pipeline immediately.
Formal path: the DSAR page walks you through filing an access, export, or deletion request. Statutory response window is 30 days; deletions usually go through in seconds.
Children
Dripp is rated 18+. You may not create an account, upload photos, or buy a subscription if you're below 18.
To enforce that, the app runs a two-stage age estimator on every photo:
- A fast on-device pass before the photo ever leaves your phone.
- A server-side confirmation on the dominant face. If the model reads minor, the upload is rejected — no credit consumed, no biometric template stored. The face embedding is discarded the moment the decision is made.
Photos that read as a minor are rejected before generation. No credit consumed. No biometric template kept.
If you believe a minor has used Dripp, email privacy@trydripp.com with whatever you can share. I purge the account and content within 7 days of a credible report.
International transfers
Dripp's primary processing region is the EU. Database, storage, analytics, error tracking, and the default AI provider all run in EU regions.
For the few vendors outside the EEA — RevenueCat in the US, and fal.ai during fail-over — I rely on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum where applicable, plus encryption in transit and at rest and keeping what crosses the border to a minimum.
Security
- In transit: TLS 1.3 between your phone, my backend, and every sub-processor.
- At rest: AES-256 on storage and database.
- App Attest: every mutating API call carries an Apple App Attest assertion. Calls without one are rejected.
- Signed URLs: uploads use presigned PUT URLs valid for ≤ 5 minutes; downloads for ≤ 15 minutes. No public buckets.
- Row Level Security: you can only read and write rows tied to your own account.
- Logging: I never log raw photo bytes, prompt text, emails, or tokens.
Retention
- Input photos: ≤ 24 hours, then auto-deleted.
- Output edits: ≤ 7 days, then auto-deleted. Save anything you want to keep to your camera roll.
- Account data: kept until you delete, plus a short grace window (≤ 30 days) for accidental deletions.
- Billing records:retained as long as applicable tax law requires (typically several years). I can't shorten this even on request.
- Analytics events: 12 months, then aggregated into anonymous summaries.
- Crash diagnostics: 90 days, then purged.
Changes to this policy
I'll update this page from time to time as Dripp grows or as laws change. Whenever I do:
- I bump the effective date at the top of the page.
- For materialchanges (new data category, new sub-processor, change to your rights), I'll show an in-app banner next time you open Dripp and email you at your account address.
- Older versions live in git. Ask privacy@trydripp.com if you need an earlier snapshot.
Contact
For anything privacy-related — questions, requests, complaints — email privacy@trydripp.com. If you'd rather use the formal data-subject request form, go to /dsar. For general support or billing, see /contact.
- Operator
- Daniel Jurma (individual developer)
- Privacy email
- privacy@trydripp.com
- Supervisory authority
- You can complain to your local data protection authority — for EU users, the authority of your country of residence.