Legal

Privacy Policy

Last updated: April 2026

1. Who We Are

TYMI AI (“we”, “us”, “our”) operates the TYMI AI mobile application available on iOS and Android. We are based in Romania, European Union, and this policy is written in compliance with the General Data Protection Regulation (GDPR) and applicable Romanian data protection law.

Contact for all privacy-related matters: privacy@tymi.ro

2. What Data We Collect

Account Information

Email address when you create an account. If you sign in with Apple or Google, we receive only your email address and display name — we never receive your Apple or Google password.

Photos You Upload

You upload photos of yourself for AI transformation. These photos are transmitted securely to our servers, processed by our AI processing service, and then permanently deleted from our servers immediately after processing is complete. We do not retain copies of your original photos beyond what is needed to deliver the result.

AI-Generated Results

The AI-generated images we produce for you are stored in your account for you to download. You can delete these at any time from within the app, which triggers immediate deletion from our servers.

Usage Data

Basic usage information such as number of generations, feature usage, and app performance data. This data is aggregated and anonymized and does not identify you personally.

Payment Information

We do not collect or store payment card details. All payments are processed by Apple App Store or Google Play. We receive only a subscription status confirmation via RevenueCat, our subscription management provider.

3. Why We Process Your Data

◆

Performance of a contract

To provide the AI transformation service you requested.

◆

Legitimate interests

To improve the quality of our AI models using anonymized aggregate data. We never use your personal photos for training.

◆

Legal obligation

To comply with applicable laws and respond to lawful requests from authorities.

◆

Consent

For optional features such as marketing communications, which you can withdraw at any time.

4. Third-Party Processors

We share data with the following third-party service providers, each bound by a Data Processing Agreement:

Supabase Inc.USA / EU (with SCCs)

Backend infrastructure — authentication, database, and encrypted file storage.

AI Processing ServiceEU

AI image transformation. Receives your photo solely to generate your result. Does not retain it after processing.

RevenueCat Inc.USA (with SCCs)

Subscription management. Receives your App Store / Google Play subscription status only.

Apple Inc. / Google LLCUSA (with SCCs)

App distribution, in-app purchases, optional Sign-In with Apple/Google.

We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes.

5. Data Retention

· Original photos you upload — deleted immediately after AI processing (typically within 60 seconds).

· AI-generated results — retained in your account until you delete them or delete your account.

· Account data — retained for the duration of your account. Deleted within 30 days of account deletion.

· Transaction records — retained for 7 years as required by Romanian accounting and tax law.

6. Your Rights Under GDPR

As a person in the European Union, you have the following rights:

Right to access

Request a copy of all personal data we hold about you.

Right to erasure

Request deletion of your personal data ("right to be forgotten"). Use the Delete Account feature in-app for immediate erasure.

Right to rectification

Correct inaccurate personal data.

Right to portability

Receive your data in a structured, machine-readable format.

Right to restrict processing

Request we pause processing of your data in certain circumstances.

Right to object

Object to processing based on legitimate interests.

To exercise any right, email privacy@tymi.ro. We respond within 30 days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro.

7. Children's Privacy

TYMI AI is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us at privacy@tymi.ro and we will delete it immediately.

8. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for all stored files, and strict access controls. Our cloud infrastructure is provided by Supabase, which is SOC 2 Type II certified. Despite these measures, no system is completely secure — please contact us immediately if you suspect unauthorized access to your account.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you via in-app notification or email.

10. Contact

For any privacy-related questions, data subject requests, or complaints:

TYMI AI

Email: privacy@tymi.ro

Website: tymi.ro