Privacy Policy

Vio AI · BYTEFLOW STUDIO SRL · Last Updated: March 14, 2026

1. Introduction

BYTEFLOW STUDIO SRL, a limited liability company organized under the laws of the Republic of Moldova ("BYTEFLOW STUDIO SRL," "Company," "we," "us," or "our"), operates Vio AI ("Vio AI," "App," or "Application"), a template-first AI image generation iOS application.

This Privacy Policy ("Policy") describes how we collect, use, store, process, share, and protect information — including personal data — when you use the Vio AI App and all related services, features, and functionality (collectively, the "Service").

By downloading, installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service and delete the App from your device.

This Policy should be read together with our Terms of Service.

2. Who We Are (Data Controller)

BYTEFLOW STUDIO SRL acts as the data controller for the personal data processed through the Service. This means we determine the purposes and means of processing your personal data.

BYTEFLOW STUDIO SRL, as Data Controller, does not and will not process any special categories of personal data (as defined under Article 9 of the GDPR), such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or data concerning health or sexual orientation.

Contact:
BYTEFLOW STUDIO SRL
Email: hi@byteflow.pro

If you have any questions or concerns about this Policy or our data practices, please contact us at the email address above.

3. Eligibility

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal data from children under 13. If you are under 13, please do not use the Service or provide any information through it.

If we learn that we have collected personal data from a child under 13, we will take steps to delete that information as promptly as possible. If you believe we may have collected information from a child under 13, please contact us immediately at hi@byteflow.pro.

If you are between 13 and 18 years of age, you may use the Service only with the consent and supervision of a parent or legal guardian.

4. Information We Collect

We collect and process the following categories of information:

4.1 Information You Provide

Photos and Images

When you use the Service, you upload photos as input for AI image generation. These photos may contain personal data, including your likeness or the likeness of other individuals. You are responsible for ensuring you have the necessary rights and consents to upload such content (see our Terms of Service, Section 6.7).

We do not require you to provide your name, email address, or create an account to use the Service.

Customer Support Correspondence

If you contact us via email (hi@byteflow.pro) or any other channel for support, inquiries, or complaints, we may collect and process the contents of your correspondence, including your email address, name (if provided), and any other information you choose to include. This data is used solely to respond to your inquiry and improve our support processes.

4.2 Information Collected Automatically

When you use the App, we automatically collect certain technical and usage data, including:

  • Device Information: Device model, operating system type and version, and unique device identifiers;
  • IP Address: Your Internet Protocol address, which may indicate your approximate geographic location;
  • Locale and Language: Your device's language and regional settings;
  • Usage Analytics: Information about how you interact with the App, including screens viewed, features used, tap interactions, templates selected, credits consumed, generation history, and session duration;
  • Subscription and Purchase Data: Information about your subscription status, credit balance, and in-app purchase activity (but not your payment details — see Section 4.3).

4.3 Information We Do Not Collect

We do not collect the following:

  • Names, email addresses, or other contact information (no account is required; we only receive your email if you contact us for support);
  • Payment or financial information, including credit card numbers or billing details (all transactions are processed by Apple through the App Store);
  • Precise geolocation data (GPS);
  • Contacts, calendar data, or other on-device data unrelated to the Service;
  • Social media account information;
  • Advertising identifiers (IDFA) or cross-app tracking data.

4.4 Summary of Data Collection

Data Category Data Types Collection Method
User-Provided Visual Data Photos uploaded for AI generation Provided directly by you
Support Correspondence Email address, message content Provided directly by you (only if you contact us)
Device Information Device model, OS version, device identifiers Collected automatically
Network Information IP address Collected automatically
Locale Data Language, regional settings Collected automatically
Usage Analytics Screens viewed, features used, session data, credits consumed Collected automatically
Subscription Data Subscription status, credit balance, purchase activity Collected automatically

5. Facial Data and Biometric Information

5.1 What Facial Data We Process

When you upload photos containing faces, our third-party AI providers may process facial features and characteristics present in those photos in order to generate AI output images. This processing may involve detection of facial geometry, feature points (such as eyes, nose, mouth), facial pose, and other visual attributes necessary for image generation.

Depending on the applicable law of your jurisdiction (for example, the Illinois Biometric Information Privacy Act, Texas Capture or Use of Biometric Identifier Act, or Washington Biometric Identifiers law), certain facial data may be considered biometric data or biometric identifiers.

5.2 Purpose of Processing Facial Data

Facial data is processed exclusively for the purpose of generating the AI images you request based on your selected template and uploaded photos. Facial data is:

  • Not used for facial recognition, identity verification, or authentication of any individual;
  • Not used to identify or attempt to identify any person;
  • Not used for surveillance, profiling, or tracking;
  • Not used for advertising, marketing, or any purpose other than generating the output you requested.

5.3 Storage and Retention of Facial Data

We do not separately extract, store, or retain facial data, facial geometry, or biometric identifiers. Your uploaded photos (which may contain faces) are stored on our cloud infrastructure as described in Section 7 and are deleted when you clear your history. The third-party AI provider processes the facial information contained in your photos in real time during image generation and does not retain facial data after the inference process is complete.

5.4 Sharing of Facial Data

We do not sell, rent, lease, trade, or share facial data (or photos containing facial data) with any third party, except as necessary for image generation through our third-party AI provider as described in Section 8.1. Third-party SDKs integrated into the App do not access your photos or facial data.

6. How We Use Your Information

6.1 Providing and Operating the Service

  • Processing your uploaded photos through third-party AI models to generate output images;
  • Storing your uploaded photos and generated images on cloud infrastructure so they are accessible to you within the App;
  • Managing the credit system, including tracking credit balances, allocations, and consumption;
  • Managing subscription status and premium feature access.

6.2 Improving and Developing the Service

  • Analyzing usage patterns and trends to improve the App's features, performance, and user experience;
  • Identifying and resolving technical issues, bugs, and errors;
  • Developing new features, templates, and capabilities.

6.3 Customer Support

  • Responding to your inquiries, requests, and complaints;
  • Monitoring and improving the quality of our support responses.

6.4 Security and Compliance

  • Detecting, preventing, and addressing fraud, abuse, security risks, and technical issues;
  • Enforcing our Terms of Service and content policies;
  • Complying with applicable legal obligations.

6.5 How We Do Not Use Your Information

We want to be transparent about what we do not do with your data:

  • We do not use your photos or generated images to identify you or any other individual;
  • We do not use your photos or generated images for advertising or marketing purposes;
  • We do not sell your personal data to third parties;
  • We do not use your photos to train, retrain, fine-tune, or develop general-purpose AI or machine learning models owned by BYTEFLOW STUDIO SRL. Your photos are processed solely to generate your requested output through third-party AI providers and are not retained or repurposed for model training by us;
  • We do not share your photos with any third party other than our AI processing provider for the sole purpose of generating the output you requested;
  • We do not use facial data for recognition, authentication, or identification purposes.

7. How We Store and Protect Your Data

7.1 Photo and Image Storage

Your uploaded photos and AI-generated images are stored on cloud infrastructure (like Cloudflare R2). These files are accessible only through secure, time-limited URLs generated by our servers and are not publicly accessible.

7.2 Photo Processing Lifecycle

The full lifecycle of your photos within the Service is as follows:

  1. Upload: You upload a photo through the App.
  2. Storage: The photo is stored on cloud infrastructure (like Cloudflare R2) and is accessible only through a secure, time-limited URL generated by our servers.
  3. Transmission: The photo is transmitted securely to our third-party AI provider (such as fal.ai) for processing.
  4. AI Processing: The AI provider processes your photo to generate the requested output image. Facial data and other image attributes are processed in real time during inference and are not separately stored by the AI provider after processing is complete.
  5. Output: The generated output image is returned to our servers and stored on cloud infrastructure (like Cloudflare R2), accessible to you through the App.
  6. Deletion: When you clear your history within the App, your uploaded photos and generated images will no longer be accessible through the Service. To request permanent deletion of your data from our servers, please contact us at hi@byteflow.pro.

7.3 Data Retention

  • Photos and generated images: Stored on our servers until you choose to clear your history within the App. When you clear your history, your content will no longer be accessible through the Service. To request permanent deletion of your data from our servers (including backup systems), please contact us at hi@byteflow.pro. We will process permanent deletion requests within 30 days or as required by applicable law. Content that has not been permanently deleted may remain in secure backup systems as part of routine backup and disaster recovery processes.
  • Technical and usage data: Retained for as long as necessary to fulfill the purposes described in this Policy, typically no longer than 24 months from the date of collection, unless a longer retention period is required by law.
  • Customer support correspondence: Retained for as long as necessary to resolve your inquiry and for up to 24 months thereafter for quality improvement purposes, unless a longer retention period is required by law.

7.4 Security Measures

We implement reasonable technical and organizational measures to protect your information against unauthorized access, loss, alteration, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS);
  • Secure, time-limited access URLs for stored photos and images (not publicly accessible);
  • Server-side access controls and authentication;
  • Regular review and updating of our security practices.

However, no method of electronic storage or transmission over the Internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security. Any transmission of your data is at your own risk.

If we become aware of a security breach that affects your personal data, we will notify you and any applicable regulatory authority in accordance with applicable law.

8. Third-Party Service Providers

We share your information with the following categories of third-party service providers, solely for the purposes described in this Policy:

8.1 AI Processing Provider

We transmit your uploaded photos to third-party AI service providers (such as fal.ai and similar providers) for the purpose of generating output images. These providers process your photos on their infrastructure and return the generated results. The AI provider processes your photos in real time during inference and does not retain your photos or facial data after the processing is complete. We select our AI providers with care, but their data handling practices are governed by their own privacy policies.

8.2 Cloud Storage Provider

Your uploaded photos and generated images are stored on cloud infrastructure (like Cloudflare R2). Cloudflare's data handling practices are governed by their own privacy policy.

8.3 App Distribution and Payments

The App is distributed through the Apple App Store. All subscription purchases, on-demand credit purchases, and payment processing are handled by Apple. BYTEFLOW STUDIO SRL does not receive, process, or store your payment information. Apple's data practices are governed by Apple's privacy policy.

8.4 Summary of Third-Party Data Sharing

Third Party Data Shared Purpose
AI Provider (e.g., fal.ai) Uploaded photos (including facial data contained therein) AI image generation (real-time inference; not retained after processing)
Cloudflare R2 Uploaded photos, generated images Cloud storage
Apple App Store Subscription/purchase activity (managed by Apple) App distribution, payment processing

8.5 Other Disclosures

We may also disclose your information in the following circumstances:

  • Legal Requirements: When required to do so by applicable law, regulation, legal process, or governmental request;
  • Protection of Rights: When we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request;
  • Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, in which case your information may be transferred as part of the transaction. We will notify you (e.g., via a notice within the App) of any such change in ownership or control of your personal data;
  • With Your Consent: When you have given us explicit consent to share your information for a specific purpose.

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes.

9. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases:

Legal Basis Applicable Processing Activities
Performance of a Contract Processing your photos to generate images; managing credits and subscriptions; providing the Service as described in the Terms of Service
Legitimate Interests Improving the Service; ensuring security; analyzing usage trends; detecting and preventing fraud and abuse (provided these interests are not overridden by your rights)
Legal Obligation Complying with applicable laws and regulations; responding to legal requests
Consent Where required by applicable law for specific processing activities; you may withdraw consent at any time by contacting hi@byteflow.pro

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country. Specifically, your data may be processed in:

  • The servers and data centers of our cloud storage provider (like Cloudflare R2);
  • The infrastructure of our AI processing provider (such as fal.ai);
  • Any other location where our service providers operate.

Where required by applicable law (including the GDPR), we ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

By using the Service, you acknowledge and consent to the transfer and processing of your information as described in this section.

11. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

11.1 Rights Available to All Users

  • Right to Delete Your Content: You may clear your history at any time within the App, which removes your uploaded photos and generated images from being accessible through the Service. To request permanent deletion of your data from our servers, please contact us at hi@byteflow.pro.

11.2 Rights Under the GDPR (EEA and UK Users)

If you are located in the EEA or UK, you have the following additional rights under the General Data Protection Regulation:

  • Right of Access: You have the right to request a copy of the personal data we hold about you;
  • Right to Rectification: You have the right to request correction of inaccurate personal data;
  • Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions;
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances;
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller;
  • Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests;
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing;
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

11.3 Rights Under the CCPA/CPRA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your information;
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain legal exceptions;
  • Right to Opt Out of Sale: We do not sell your personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" mechanism;
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

11.4 Exercising Your Rights

To exercise any of the rights described above (other than clearing your history within the App), please contact us at:

Email: hi@byteflow.pro

We will respond to your request within the timeframe required by applicable law (generally within 30 days for GDPR requests and 45 days for CCPA/CPRA requests). We may need to verify your identity before processing your request. Since the Service does not require an account, we may ask you to provide information that helps us verify you are the person whose data is being requested.

12. Cookies and Tracking Technologies

The Vio AI App does not use cookies, web beacons, or browser-based tracking technologies. The App does not serve advertisements and does not integrate third-party advertising SDKs, ad networks, attribution tools, or cross-app tracking technologies.

We collect usage analytics through our own custom application-level implementation as described in Section 4.2. This data is collected directly within the App and is not shared with third-party analytics providers.

13. Do Not Track Signals

The App does not respond to "Do Not Track" (DNT) signals, as there is no industry-standard interpretation of DNT signals for mobile applications. However, we do not track you across third-party websites or services.

14. Data Security

We take the security of your information seriously and implement reasonable technical and organizational safeguards as described in Section 7.4.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your information and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.

If we become aware of a security breach that affects your personal data, we will notify you and any applicable regulatory authority in accordance with applicable law.

15. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make changes, we will update the "Last Updated" date at the top of this Policy and may notify you through in-app notifications or App Store update notes.

Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

For material changes that significantly affect how we process your personal data, we will make reasonable efforts to provide prominent notice before the changes take effect.

16. Third-Party Links and Services

The Service may contain links to third-party websites, services, or resources. This Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access. BYTEFLOW STUDIO SRL is not responsible for the privacy practices or content of third-party services.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BYTEFLOW STUDIO SRL
Email: hi@byteflow.pro

If you are located in the EEA or UK and are not satisfied with our response to your inquiry, you have the right to lodge a complaint with your local data protection supervisory authority.

By using Vio AI, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.