Privacy Policy — Diffusitron

The Short Version

Diffusitron is an AI art creation app built by Extropolis Corp. ("Extropolis," "we," "us," "our"). We collect only what we need to run the app, we don't sell your data, and we try not to be creepy about it.

This policy covers the Diffusitron mobile app for iOS and Android, our website at diffusitron.art, and any related services (collectively, the "Service"). By using the Service, you agree to the practices described here.

What We Collect

Account Information

When you create an account, we collect your email address and any display name or profile photo you choose to set. We support email/password, Google Sign-In, and Apple Sign-In. We store your Firebase user ID to associate your data with your account.

Content You Create

When you generate images or videos, we store your generation parameters (prompts, model selections, aspect ratios, seeds, and other settings) along with the resulting media. This data is stored in your private gallery by default. If you choose to publish to the public feed, your image, prompt, model used, and your username/display name become visible to other authenticated users.

Purchase & Subscription Data

Subscriptions and token purchases are processed through Apple's App Store or Google Play. We never see or store your payment card details. We use RevenueCat to manage subscription status and entitlements. RevenueCat receives transaction receipts, subscription status, and product identifiers from the app stores.

Analytics (Opt-In Only)

Analytics are disabled by default. If you choose to enable analytics in Settings, we use Mixpanel to track usage events such as screen views, generation starts and completions, feature usage, and errors. We also set user properties including your user ID, platform, app version, subscription tier, and timezone. You can disable analytics at any time in Settings.

Device & Technical Information

We collect basic device information for push notifications and crash reporting: platform (iOS/Android), OS version, app version, device model, timezone, and language. We do not collect device advertising identifiers (IDFA), phone numbers, or hardware serial numbers.

Crash Reports

We use Firebase Crashlytics to collect crash logs, stack traces, and device information when the app crashes. Your Firebase user ID is associated with crash reports to help us diagnose issues that affect specific accounts.

Push Notification Tokens

If you enable push notifications, we store your Firebase Cloud Messaging token along with device metadata (platform, OS version, app version, device model, timezone, language) to deliver notifications about completed generations and other service updates.

What We Don't Collect

Location or GPS data
Contacts, calendar, or other personal device data
Payment card numbers (handled entirely by Apple/Google)
Advertising identifiers
Health, biometric, or sensitive personal data
Browsing history outside the app

On-Device Processing

Some features run entirely on your device with no data sent to any server:

Background Removal uses Apple's Vision framework to process images locally on your device. The image never leaves your phone.
Image Editing (text overlays, emoji, compositing) is performed locally.
Quick Save saves images directly to your device's photo library.

Third-Party Services

We share data with the following third parties to operate the Service. We do not sell your personal information to anyone.

Service	Data Shared	Purpose
Civitai	Generation prompts, model/LoRA selections, image parameters, source images (for refine/edit operations)	AI image and video generation
Firebase (Google)	Account data, generated media, workflow metadata, push tokens, crash reports	Authentication, database, file storage, push notifications, crash reporting
Mixpanel	Usage events, user properties (opt-in only)	Analytics and product improvement
RevenueCat	Purchase receipts, subscription status, product identifiers	Subscription and entitlement management
Apple / Google	In-app purchase transactions	Payment processing

Each of these services has its own privacy policy governing their handling of your data. We encourage you to review them.

Public Feed & Social Features

The public feed is opt-in. Images remain in your private gallery unless you explicitly choose to publish them. When you publish to the public feed, the following becomes visible to all authenticated users:

Your image or video
Generation parameters (prompt, model, seed)
Your username and display name
Your profile photo (if set)
Like count and timestamp

Other users can like, flag, and follow/unfollow you on the public feed. You can report content that violates our guidelines.

How We Use Your Data

To provide and maintain the Service
To process your image and video generations
To manage your account and subscriptions
To send push notifications you've opted into
To diagnose crashes and fix bugs
To improve the app (with opt-in analytics only)
To detect and prevent fraud or abuse
To comply with legal obligations
To respond to your support requests

Data Retention

We retain your account data and generated content for as long as your account is active. If you delete your account, we will delete your personal data and private gallery content within 30 days. Content you published to the public feed may remain visible unless you unpublish it before deleting your account.

Crash reports are retained for 90 days. Analytics data is retained according to Mixpanel's retention policies.

Data Security

We use Firebase App Check to verify that requests come from legitimate app installations. All data in transit is encrypted via TLS. Data at rest in Firebase is encrypted by Google's infrastructure. We use Firebase callable functions with authentication enforcement for all client-server communication.

No system is perfectly secure. If we discover a breach that affects your personal data, we will notify you and any applicable regulators as required by law.

Your Rights

Depending on where you live, you may have some or all of the following rights:

All Users

Access the personal data we hold about you
Correct inaccurate personal data
Delete your account and associated data
Opt out of analytics at any time in Settings
Disable push notifications through your device settings
Unpublish content from the public feed

California Residents (CCPA/CPRA)

Right to know what personal information we collect, use, and disclose
Right to delete your personal information
Right to opt out of the sale of personal information (we don't sell it)
Right to non-discrimination for exercising your rights
You may make a data access request up to twice in a 12-month period

EEA, UK & Swiss Residents (GDPR)

Right to access, rectify, or erase your personal data
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge a complaint with your local Data Protection Authority

For GDPR purposes, Extropolis Corp. is the data controller. Our legal bases for processing are: contract performance (providing the Service), legitimate interests (security, fraud prevention, product improvement), consent (analytics, marketing), and legal obligations (regulatory compliance).

Children

Diffusitron is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

International Data Transfers

The Service is operated from the United States. If you use the Service from outside the US, your data will be transferred to and processed in the United States. We rely on standard contractual clauses and other lawful transfer mechanisms where required.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions, concerns, or data requests? Reach us at: privacy@extropolis.ai

Extropolis Corp.