Privacy Policy
Effective date: April 9, 2026 · Last updated: April 9, 2026
This Privacy Policy describes how RMVR: AI Object Removal ("RMVR," "we," "us," or "our") collects, uses, and protects your information. This policy applies to the RMVR mobile application (the "App").
Also see our Terms of Service.
Who We Are
Data Controller: Anton, individual developer
Location: Batumi, Georgia
Contact: support@byanton.dev
Website: byanton.dev
As a small-scale individual developer, we are not required to appoint a Data Protection Officer under GDPR Article 37. For all privacy inquiries, contact us at the email above.
Summary: RMVR removes unwanted objects from your photos using AI. Photos are processed either entirely on your device (default for simple edits) or sent to Google Vertex AI and Google Gemini for complex edits. Cloud-processed photos are handled in real time and never stored, logged, or used to train AI models. We do not collect your name, email, location, contacts, or any tracking identifiers. We do not sell your data.
1. AI System Disclosure (EU AI Act Article 50)
You are interacting with artificial intelligence systems. Specifically:
- Object removal, background replacement, and image expansion are performed by Google Vertex AI (Imagen 3), a generative image model from Google LLC.
- Text-prompted photo edits ("AI edit" mode) are performed by Google Gemini 2.5 Flash Image, a multimodal AI model from Google LLC.
- Simple on-device edits use the LaMa open-source inpainting model running locally on your iPhone via Core ML — no data leaves your device.
- AI-generated edits may contain artifacts, inaccuracies, or unexpected content. Outputs must not be used to deceive or misrepresent reality.
2. Information We Collect
2.1 Information You Provide
| Data | Purpose | Storage | Retention |
|---|
| Photos you choose to edit | Performing the requested AI edit | On your device (primary); ephemerally in transit to Google Vertex AI / Gemini for cloud edits only | Local: until you clear history or uninstall. Cloud: processed in real time, never stored |
| Edit history (before/after pairs + mask) | Letting you revisit past edits | On your device only (local file system) | Until you tap "Clear History" in Settings or uninstall |
| Text prompts (for AI edit mode) | Describing the edit to the AI model | Ephemerally sent to Google Gemini | Not retained on our servers |
2.2 Information Collected Automatically
- Anonymous subscription ID — generated by RevenueCat to identify your subscription across devices. No name, email, or personal identifier is tied to this ID.
- Anonymous usage signals — via TelemetryDeck (see Section 4). No personal data, no device identifiers, no cross-app tracking.
- IP address — visible to our Cloudflare Workers proxy only for rate limiting and abuse prevention. Hashed before any storage, never sold or shared with third parties.
2.3 Information We Do NOT Collect
- Email address, phone number, name, physical address
- Location (GPS)
- Contacts, calendar, microphone, or health data
- Advertising identifiers (IDFA) — we do not use App Tracking Transparency
- Browsing history or cookies
- We do not create user accounts or require registration
- We do not use Apple Sign In, Google Sign In, or any social login
3. Legal Basis for Processing (GDPR Article 6)
| Processing Activity | Legal Basis |
|---|
| On-device photo editing (LaMa) | Consent (you initiate the edit) — no data leaves the device |
| Cloud AI photo editing (Vertex AI / Gemini) | Explicit consent via in-app AI Processing consent dialog before first cloud edit |
| Subscription processing | Contract performance (via Apple StoreKit and RevenueCat) |
| Anonymous usage analytics | Legitimate interest (product improvement) — no personal data involved |
| Rate limiting and abuse prevention | Legitimate interest (service availability and security) |
4. Third-Party Services
Apple Guideline 5.1.2(i) Disclosure: The following named third parties may process your data. Photo data is only shared with AI providers after you explicitly consent via the in-app "Cloud AI Processing" dialog, which names Google Vertex AI and Google Gemini specifically. You can revoke this consent at any time in Settings → Data & Privacy → Revoke AI Processing Consent.
| Provider | Service | Data Sent | Retention by Provider |
|---|
| Google LLC (Vertex AI Imagen 3) | Cloud object removal, background replacement, image expansion | Photo + mask (base64, ephemeral) | Not retained, not used for model training per Vertex AI data processing terms |
| Google LLC (Gemini 2.5 Flash Image) | Text-prompted photo editing ("AI edit" mode) | Photo + text prompt (base64, ephemeral) | Not retained, not used for model training per Gemini API data usage terms |
| Cloudflare, Inc. (Workers) | Secure proxy routing between the App and Google's AI APIs; per-user rate limiting; anonymous usage analytics (Analytics Engine) | Encrypted request data, hashed IP | Rate-limit counters stored by user ID with tier-specific TTL. Analytics: anonymized, 90 days. No photo storage. |
| RevenueCat, Inc. | Subscription management, receipt validation, entitlement verification | Anonymous install ID, subscription status, country code | Retained per RevenueCat privacy policy for subscription lifetime + audit period |
| TelemetryDeck (Telemetry Deck GmbH) | Privacy-first anonymous usage analytics (screen views, purchase funnel) | Anonymous session signals — no personal data, no device IDs | Retained anonymously per TelemetryDeck terms. GDPR compliant, EU-hosted. |
| Apple Inc. (StoreKit) | In-app purchase processing | Managed by Apple per Apple Privacy Policy | Managed by Apple |
All cloud data transfers use TLS 1.3 encryption and HMAC-signed requests. Photos are transmitted only for the duration of a single edit operation and never stored on intermediate servers.
5. On-Device Processing Option
RMVR provides a privacy-maximizing setting: Settings → Removal engine → On-device only. When enabled, all edits run entirely on your iPhone using the LaMa CoreML model. No photo data is transmitted to Google Vertex AI, Google Gemini, Cloudflare, or any other third party. This is the recommended setting for users processing sensitive photos.
6. Data Storage and Retention
| Data | Where Stored | Retention Period |
|---|
| Original photos and edited results | Your device (app sandbox file system) | Until you tap "Clear History" in Settings or uninstall the App |
| Photos in transit to AI providers | Cloudflare Workers → Google Cloud (ephemeral, in memory) | Processed in real time, never written to disk |
| Rate limit counters | Cloudflare Workers KV | Tier-specific TTL (1 day for trial, 7 days for weekly, 365 days for annual) |
| Anonymous analytics | TelemetryDeck (EU) and Cloudflare Analytics Engine | 90 days, anonymized |
| Subscription data | Apple servers, RevenueCat servers | Managed per their respective privacy policies |
We do not indefinitely retain any personal data. All primary photo storage is local to your device and under your control.
7. Children's Privacy
RMVR is rated 4+ on the App Store and does not contain content inappropriate for children. However, as a photo editing tool:
- COPPA: We do not knowingly collect personal information from children under 13. If we discover such data was collected, we will delete it immediately.
- GDPR Article 8: For users aged 13-15 in EU member states where the digital age of consent is 16 (Germany, Ireland, Netherlands, France), parental or guardian consent is recommended for using cloud AI features.
- We do not sell, share, or use minors' data for advertising or AI model training.
- Parents should supervise children's use of photo editing tools, particularly when uploading photos that contain identifiable individuals.
8. Your Rights
All Users
- Access: All your photo history is visible in the App's home screen grid.
- Deletion: Tap "Clear History" in Settings → Data & Privacy to permanently delete all local photo data. Uninstalling the App also removes all data.
- Portability: Save any edited photo to your iOS Photos library at any time.
- Revoke AI consent: Settings → Data & Privacy → Revoke AI Processing Consent disables all cloud AI features.
EU/EEA Residents (GDPR)
- Right to access, rectification, erasure, restriction of processing, portability, and objection
- Right to withdraw consent at any time without affecting prior processing
- Right to lodge a complaint with your local data protection authority (e.g., CNIL in France, BfDI in Germany, DPC in Ireland)
- Right not to be subject to solely automated decisions with legal effects — our AI processing is for photo editing only and has no legal effects
California Residents (CCPA/CPRA)
- Right to know, delete, correct, and opt-out of sale/sharing
- We do not sell or share your personal information
- We do not use your data for cross-context behavioral advertising
- Automated decision-making: RMVR uses AI to edit photos. This is creative-tool processing with no legal or similarly significant effects.
Brazil Residents (LGPD)
- Right to confirmation, access, correction, anonymization, deletion, portability, and consent withdrawal
- We will respond to data subject requests within 15 days
Turkey Residents (KVKK)
- Right to access, correction, deletion, objection, and compensation for damages
- Cross-border transfers to the US are conducted under appropriate safeguards
- We will respond to requests within 30 days
Japan Residents (APPI)
- Right to disclosure, correction, cessation of use, and deletion
- Photos that may contain images of individuals are processed only with your explicit consent for cloud AI features
9. International Data Transfers
If you use cloud AI features, your photo data may be transferred to and processed in the United States (Google Cloud Platform, Cloudflare) and the European Union (TelemetryDeck). These transfers are protected by:
- EU-US Data Privacy Framework (where applicable)
- EU Standard Contractual Clauses (SCCs) per GDPR Article 46
- Google Cloud Data Processing Addendum (DPA), GDPR compliant
- Cloudflare's data processing agreement
- Our commitment to applying equivalent protections regardless of where data is processed
10. Data Security
- All data in transit encrypted using TLS 1.3 (HTTPS)
- All API requests to our Cloudflare Workers proxy are signed with HMAC-SHA256 to prevent tampering and replay attacks
- Per-user rate limiting keyed by RevenueCat anonymous ID, not by IP, to protect against abuse without tracking users
- Primary photo storage on your device, protected by iOS sandboxing and Secure Enclave
- Temporary server processing (Cloudflare Workers → Google Cloud) keeps data in memory only — never written to disk
- No user accounts, no passwords, no saved credentials — minimal attack surface
11. No Tracking, No Advertising
- RMVR does not track you across apps or websites
- We do not use advertising identifiers (IDFA) or App Tracking Transparency
- We do not display advertisements
- We do not share data with data brokers, ad networks, or analytics providers that build user profiles
- TelemetryDeck (our only analytics provider) is privacy-first, EU-hosted, and does not collect personal data, device IDs, or tracking identifiers
- We do not sell or share your personal information under any circumstances
12. Data Breach Notification
In the unlikely event of a data breach affecting your personal information:
- We will notify affected users within 72 hours of discovery (GDPR, LGPD, KVKK)
- We will notify relevant supervisory authorities as required
- We will take immediate steps to contain and remediate the breach
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an updated "Last updated" date and, where practicable, through an in-app notification. Continued use after changes constitutes acceptance.
14. Contact Us
For privacy inquiries, data subject requests, or complaints:
© 2026 Anton. All rights reserved.