Creatorium

PokeFrame Privacy Policy

Effective date: April 26, 2026
App: PokeFrame (iOS and Android)
Publisher: Creatorium
Contact: hello@creatorium.org

This Privacy Policy explains what information we collect when you use PokeFrame, how we use it, who we share it with, and the choices you have. We wrote it in plain language so you can understand it quickly. If you do not agree with this policy, please do not use the Service.

When we say “PokeFrame,” “we,” “us,” or “our,” we mean Creatorium. When we say “Service,” we mean the PokeFrame mobile app and related services we offer. “You” means the person using the Service.

Overview

PokeFrame is an AI image app that turns photos you upload into trading-card–style images using server-side AI. We need certain information to run the app, keep accounts working, process purchases, send notifications you opt into, and keep the Service safe. We do not sell your personal information. We do not use your photos to train our own AI models.

This policy applies to information we collect through the app and in email or other contact with us about PokeFrame. It does not apply to third-party websites or services that we link to; those have their own policies.

Lawful bases (where GDPR applies). We process personal data when:

  • you give consent (for example, optional marketing push notifications or certain analytics, where we ask for it); and/or
  • it is necessary to perform our contract with you (for example, creating your account, generating your card, delivering purchases); and/or
  • we have a legitimate interest that is not overridden by your rights (for example, fraud prevention, security, and improving stability), where allowed by law.

Data we collect

We collect the categories below. Exactly what we receive can depend on your device, settings, and what you choose to share.

Account and identifier information. We use anonymous authentication through Firebase, which creates a User account unique ID (UID) tied to your app installation. If you sign in with Apple or Google, we also receive basic profile identifiers that those services share with us (for example, a provider subject identifier and, if you allow it, your name or email, depending on the sign-in method and your choices).

Device and anti-abuse signals. To offer limited free credits fairly and reduce misuse, we may process a device or installation identifier and related technical signals. We use these for fraud prevention and rate limiting, not to sell data.

Photos and media you upload. You choose a selfie or other photo to upload. This image is sent to our backend and to our image generation provider so we can create your card.

Generated images and metadata. After processing, we store the result image (for example, a URL) and generation metadata (such as model or job details we need to show your history) in Cloud Firestore under your User UID.

Purchase and billing records. In-app purchases and credit packs are processed by Apple and Google. We work with Adapty to validate purchases, manage entitlements, and show what you bought. We may process receipts, product identifiers, transaction IDs, and subscription or credit state as supported by the stores and Adapty. We do not receive your full payment card number from the app stores; they handle card data.

Push notification tokens. If you allow notifications, we receive a push token from Firebase Cloud Messaging (FCM) (or the platform’s notification system) so we can send transactional messages (for example, when a generation is ready) and, if you opt in, promotional messages about the Service.

Service and diagnostic data. We may collect app version, device type, operating system, coarse region or language, limited event or usage data, and crash or error reports to operate and improve the Service. If we use Crashlytics or similar Firebase tools, they may receive crash stack traces and device identifiers in line with their documentation.

Support communications. If you email us, we keep the content of your message and your email address so we can respond.

How we use it

We use the information above to:

  • Create and display your card by sending your photo through our systems and the AI image pipeline.
  • Run your account and link optional sign-in methods.
  • Deliver in-app purchases and credits and keep records of what you bought.
  • Prevent fraud, abuse, and security incidents, including free-credit abuse.
  • Send notifications you have allowed—transactional service messages, and promotional messages only if you consented where consent is required.
  • Debug, maintain, and improve reliability (including crash analysis if enabled).
  • Comply with law and respond to lawful requests when required.

We do not sell personal information, including for interest-based advertising “sales” as defined under U.S. state privacy laws, and we do not use your uploaded photos to train the models we operate. Third-party AI providers have their own terms; we configure processing to provide the feature you asked for.

Third-party services (processors and sign-in)

We use service providers to run PokeFrame. They process information on our instructions or as described in their terms and privacy policies.

  • Google Firebase (Google LLC) may process data for: Authentication, Cloud Firestore (databases), Cloud Storage (if used for media), Firebase Cloud Messaging (push), Analytics (if enabled), and Crashlytics (if we enable it for crash reports).
  • fal.ai receives your uploaded image and related request data to generate the output image on our behalf.
  • Adapty helps us with in-app purchase validation, entitlements, and subscription state as applicable.
  • Apple (Sign in with Apple, App Store purchases) and Google (Google Sign-In, Google Play purchases) process account and payment data under their own policies when you use their services.

We encourage you to read the privacy policies of Apple, Google, Google Firebase, Adapty, and fal.ai for more detail. When we add or replace a processor in a way that meaningfully changes this policy, we will update this page.

How we handle your photos and generated images

Uploaded photos: We keep your uploaded photo only as long as needed to create your result and for short-term operational and troubleshooting needs (for example, retrying a failed job or investigating a reported error). We do not keep your original upload indefinitely for general browsing once processing is done.

Generated card images: The generated result is associated with your account in Firestore and is kept under your User UID so you can view it in the app’s history, until you delete it (if the app offers deletion) or delete your account, as described below.

Do not upload photos you are not allowed to share. You should only upload images you have the right to use. Do not upload photos of other people without their permission, or any content that breaks our Terms of Service. See the Terms for full rules.

Account deletion, retention, and your choices

Deleting content or your account: You can request account deletion from within the app where available, or by emailing hello@creatorium.org. When you delete your account, we will delete or anonymize personal data tied to that account, including generated images and metadata stored under your UID, subject to reasonable back-up and legal retention needs described below. Some information may also be deleted or anonymized when you use in-app delete tools for specific items, if we offer them.

Retention in general: We keep information only as long as needed for the purposes in this policy, including security, fraud prevention, audit, and legal compliance. Backups may retain data for a limited time before they roll off. We may keep anonymized or aggregated information that does not identify you.

Storing and processing location: We and our U.S.-based providers process and store data, including in the United States. See “International transfers” below.

Cookies and similar technologies: The mobile app does not use website cookies in the same way a browser does, but OS and SDK providers use identifiers, tokens, and local storage for login, push, and analytics. You can control many permissions in your device settings.

Children

PokeFrame is not directed at children under 13 (or the digital consent age in your country). We do not knowingly collect personal information from children under 13. If you believe a child has given us their information, contact us and we will take appropriate steps to delete it.

International data transfers

If you use PokeFrame from outside the United States, your information will be transferred to the U.S. and other countries where we or our providers operate. Those countries may have different data protection rules than your home country. Where required, we use appropriate safeguards (such as Standard Contractual Clauses or other approved transfer tools) and supplementary measures as appropriate. See Google’s and other processors’ documentation for details of their international transfers.

EU/UK representative: Creatorium is based outside the EEA/UK. If you are in the EEA/UK and we appoint an EU or UK representative for GDPR purposes, we will list their name and contact details in this section. We have not appointed a representative in the EEA or UK. If that changes, we will update this section with their contact details.

Your rights and how to exercise them

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, to withdraw consent where processing is based on consent, and to lodge a complaint with a data protection authority. In California, you may have rights to know what we collect, to delete, to correct, and to opt out of certain “sharing” (we do not sell your personal information). We will not discriminate against you for exercising your rights.

To exercise your rights, email hello@creatorium.org with your request. We may need to verify your identity before we act on it. You may also use an authorized agent in some U.S. states if you follow the rules that apply. If we reject your request, you may appeal as allowed by law (for example, in some U.S. states): contact the same address with “Appeal” in the subject.

Nevada residents: We do not sell covered information as defined in Nevada law. You may still contact us with questions.

California notice

Categories of personal information collected in the last 12 months may include: identifiers (UID, device identifiers, tokens); commercial information (purchase history); internet or other electronic network activity (app events; analytics); audio, electronic, or visual information (photos you upload, generated images); and inferences drawn to prevent fraud.
Business or commercial purposes are described in “How we use it.”
Sources are you, your device, the app stores, and our service providers.
Disclosure to third parties is to service providers and processors to run the Service. We do not sell personal information and do not share it for cross-context behavioral advertising.
Sensitive personal information: we use sensitive information only as permitted by law and as described here; we do not use it to infer characteristics for unrelated purposes.
Retention: described under “Account deletion, retention, and your choices.”

Sale of data

We do not sell your personal information for money. We do not sell it for targeted advertising in ways that qualify as a “sale” or “share” under applicable U.S. state laws.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version on this page and change the Effective date at the top. If changes are material, we will provide a clearer notice in the app or by email if we have your address, where required. Your continued use of the Service after the update becomes effective means you accept the updated policy, except where the law requires your explicit consent for certain new uses.

Contact us

Creatorium – PokeFrame
Email: hello@creatorium.org
Privacy Policy URL: https://creatorium.org/pokeframe/privacy-policy
Terms of Service: https://creatorium.org/pokeframe/terms-of-service

If you are in the European Economic Area, United Kingdom, or Switzerland and you have a concern, you also have the right to contact your local data protection authority.

This policy is provided for information and does not create rights for third parties.