Privacy Policy

This Privacy Policy describes how Dflat ("we," "our," or "us") collects, uses, and protects information in connection with ColorHeavenly (the "App"), available on Android (Google Play) and iOS (App Store).

We are committed to collecting only the information that is strictly necessary to provide our service. We do not use, store, transmit, or reference any user data beyond what is required to operate the App.

By using the App, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.

Account Information

Depending on how you choose to sign in, we collect:

• Google Account sign-in: name, email address, and profile picture as provided by Google.
• Apple Account sign-in: name and email address (or Apple's private relay address) as provided by Apple.
• Anonymous sign-in: a randomly assigned user ID with no personal identifiers.

The first time you download and launch the App, you are automatically signing in anonymously. Sign-in with a Google or Apple account is voluntary.

Recommended: Sign in with Google or Apple

While anonymous sign-in is available, we strongly encourage you to sign in with a Google or Apple account. Anonymous accounts are tied to your device, and if you uninstall the App, reset your device, or clear app data, your anonymous user ID may change. In that case, the App will no longer be able to identify your previous account, and any remaining credits will be unrecoverable. Signing in with a Google or Apple account ensures your credits and history are safely associated with your account and can be restored even if you reinstall the App.

Device Identifier (Android only)

On Android devices, we record a device identifier in our database the first time you launch the App. This is used solely to ensure that the three complimentary credits granted to new users are not issued more than once if the App is uninstalled and reinstalled. This data is not used for tracking or advertising.

On iOS, we use the device's secure Keychain storage for the same purpose; no device identifier is transmitted to our servers.

Credit (Coin) Balance

We store your account ID and current credit balance in our database. This information is necessary to determine whether you are eligible to use the AI image processing feature.

Images

When you use the AI image processing feature, the image you upload and the image generated by the AI are stored in our cloud storage. This allows you to access your results even if your network connection is interrupted or the App closes unexpectedly, and to view your processing history in a later session.

Device Settings (Local Only)

The App reads your device's language setting and light/dark mode preference to apply the appropriate display style. This information is read locally on your device and is never transmitted to us or any third party.

We use the information we collect exclusively to operate and improve the App:

• To authenticate you and maintain your account.
• To track and manage your credit balance for AI image processing.
• To issue three complimentary credits to first-time users on a per-device basis.
• To process your images using the Google Gemini AI service and return the results to you.
• To store your images so you can retrieve results after a network interruption and review your history.
• To process and verify in-app purchases and credit your account accordingly.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data for targeted advertising.

The App integrates the following third-party services. Each service operates under its own privacy policy.

Firebase (Google LLC)

We use Firebase for user authentication, our database (Firestore), cloud storage, and backend functions. Data may be stored on Google's infrastructure globally. Firebase processes data in accordance with Google's Privacy Policy: policies.google.com/privacy.

Google AI — Gemini API (Google LLC)

Your uploaded image is sent to Google's Gemini API for AI processing. Google may process this data on its servers. Please refer to Google's API Terms of Service and Privacy Policy for details on how data submitted to the Gemini API is handled.

Under the API plan we are using, which is Gemini 2.5 Flash Image model, your input image is not used to improve their products, according to Gemini API pricing document: ai.google.dev/gemini-api/docs/pricing.

RevenueCat, Inc.

We use RevenueCat to manage in-app purchases on Google Play and the App Store. RevenueCat receives your Firebase Authentication user ID and purchase receipt information. RevenueCat's Privacy Policy is available at: revenuecat.com/privacy.

Google Play & Apple App Store

Purchases are processed by Google or Apple respectively. Their privacy practices govern the payment transaction itself. We receive only confirmation of a completed purchase.

Your account data and images are stored on Firebase infrastructure operated by Google. Data may be stored on servers located outside your country of residence.

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

• Account & balance data: retained while your account exists.
• Uploaded and generated images: retained to support the history feature.
• Device ID (Android): retained indefinitely to prevent duplicate credit issuance.

If you delete your account, we will delete or anonymize your personal data within a reasonable time, except where retention is required by law or legitimate business necessity (e.g., records of completed transactions). Please visit section 8 to find how to delete your account.

Credits (coins) required to use the AI image processing feature can be purchased as consumable in-app products via Google Play or the Apple App Store. All payment transactions are handled directly by Google or Apple. We do not collect or store your payment card information.

RevenueCat handles purchase verification and notifies our backend via webhook. Upon verified purchase, we add the corresponding credits to your account in Firestore.

All purchases are subject to the policies of the respective app store. Refund requests should be directed to Google Play or the App Store.

This App is intended for a general audience and is not directed at children. Users under 13 (or the applicable age in their jurisdiction) should use the App only with parental supervision. We do not knowingly collect personal information directly from children. Parents or guardians who believe their child has submitted personal information without consent should contact us for removal. In-app purchases require a payment method, and parents are encouraged to use their device's parental controls to manage purchase permissions.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate data.
• Deletion: request deletion of your account and associated personal data.
• Portability: request your data in a portable format where technically feasible.
• Opt-out of sign-in: you may use the App via anonymous sign-in, which involves no personal identifiers.

For Users in Japan

Users in Japan have rights under the Act on the Protection of Personal Information (APPI), including the right to request disclosure, correction, and deletion of their personal information held by us. To exercise these rights, please contact us using the information in Section 12.

For Users in the United States

Depending on your state of residence, you may have additional rights under applicable state privacy laws (such as the California Consumer Privacy Act / CPRA). We do not sell personal information and do not engage in cross-context behavioral advertising. To submit a request, please contact us using the information in Section 12.

To exercise any of your rights, please contact us at the address listed in Section 12. We will respond within a reasonable timeframe and in accordance with applicable law.

Account Deletion Request

To request deletion of your account and associated data, please email us at cheavenly@dflat.com.au with the following information:

• Subject: "Account Deletion Request"
• Content: Include your UID (found in the App's Settings page > Account)

We will delete the following data:

• Account authentication record
• Credit information associated with the UID
• Image data associated with the UID

We will process your request within 30 days. After deletion, we cannot restore your account data.

We implement industry-standard security measures to protect your data, including relying on Firebase's built-in security rules and Google's infrastructure protections. Authentication is handled via established OAuth providers (Google, Apple) or Firebase Anonymous Auth.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Our App uses Firebase and Google AI services, which may process and store data on servers located in the United States and other countries. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in a country with different data protection laws than your own.

By using the App, you consent to the transfer of your information as described in this policy.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide notice within the App. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

For users in Japan with inquiries under APPI, you may also direct your request to the same contact above.