Last updated: 2026-05-15
Caymaz TechHealth Yazılım Tic. Ltd. Şti. (FaceArchitect) explains how personal data — including face photos and related sensitive data — is collected, used, retained, shared, and deleted under GDPR, KVKK, LGPD (Brazil), CCPA/CPRA, and app store requirements.
This policy applies to FaceArchitect websites and mobile apps. Data controller: Caymaz TechHealth Yazılım Tic. Ltd. Şti., Istanbul, Türkiye. MERSIS: 0203091510500001. Tax ID: 2030915105 (Başakşehir Tax Office). Contact: [email protected]. Processing may be subject to GDPR, KVKK, LGPD (Brazil), CCPA/CPRA, and Apple/Google platform rules.
We may process account identifiers, uploaded face photographs, AI-generated outputs, purchase/entitlement status, device and diagnostics data, IP address, and support communications. Face-related data is processed only for simulation features you request.
Directly: when you upload photos, contact support, or use in-app controls. Automatically: device identifiers, crash logs, and usage diagnostics via SDKs (Firebase, Adapty). Third parties: Apple App Store and Google Play for purchases; payment and refund flows are managed by the store.
We use data to provide simulations, manage subscriptions, prevent abuse, and comply with law. Legal bases: explicit consent for face photos (LGPD Art. 11; GDPR Art. 9; KVKK Art. 6/2); contract for IAP; legitimate interest for security and service integrity. AI outputs are illustrative only — not medical decisions with legal effect.
FaceArchitect offers filler and botox aesthetic simulations. We process a portrait only when you voluntarily start a simulation (upload or camera)—not otherwise. Derived facial geometry (e.g. landmarks) may be special category data (GDPR Art. 9; KVKK Art. 6/2). Inference runs via our backend and fal.ai (including Google image models on fal.ai). We do not use face data for identity verification, surveillance, advertising profiling, or model training. We do not sell personal information or biometric data.
Simulation uploads and outputs: up to 7 days on our servers unless deleted sooner. When you delete your account, your data is immediately and permanently deleted from our systems — including the database, file storage, and authentication records. Legal retention may apply to minimal transaction records where required.
Hetzner (Germany/EU) — hosting; GDPR Art. 28 DPA. fal.ai (USA) — AI inference; input images and outputs deleted after 7 days (server-enforced); SCCs. Firebase / Google (EU/USA) — auth, analytics, push, crash; SCCs. Adapty (USA) — subscriptions; SCCs. Apple App Store / Google Play — IAP; refunds and subscription management via the store. Eachlabs — AI moderation where used; contractual controls.
Data may be processed outside your country. For EEA/UK/CH transfers we use Standard Contractual Clauses and supplementary measures where required. For Brazil, international transfers rely on LGPD Chapter V safeguards (contracts, standard clauses, and supplementary measures) where applicable.
We use encryption in transit, access controls, and monitored infrastructure. No system is 100% secure; we continuously improve safeguards and incident response. Where required under LGPD Art. 48, we will notify ANPD and affected individuals of relevant security incidents.
You may access, correct, delete, restrict, object, or port your data, and withdraw consent. Use Profile → Data Management in the app or our Data Request page. Brazil (LGPD): response within 15 days (extendable by 15). EEA/UK: supervisory authority complaint. Brazil: ANPD petition at https://www.gov.br/anpd — contact us first at [email protected].
We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not share personal information for cross-context behavioral advertising.
Our website uses essential and optional analytics cookies as described in our Cookie Policy. Manage choices via the cookie banner or footer settings.
FaceArchitect is for users 18 and older. We do not knowingly collect children's data. Contact us if you believe a minor submitted data.
We may update this policy and notify you via the website or in-app notice. Material changes may require renewed consent in the app (policy version tracking).
Privacy requests: [email protected]. The data controller is Caymaz TechHealth Yazılım Tic. Ltd. Şti., Istanbul, Türkiye, with no branches or separate legal entities in other countries. Unless mandatory local law requires otherwise for data-protection complaints only, contractual disputes are governed by the laws of the Republic of Türkiye and brought exclusively before the competent courts and enforcement offices of Istanbul, Türkiye.
