/ Legal

Privacy Policy — Timeless

Last updated: 7 July 2026

This Privacy Policy explains how KiroLabs (“we”, “us”, “our”) processes your personal data when you use the Timeless mobile application (“the App”), a photo restoration app that enhances and repairs your photos using cloud-based AI. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

Controller

KiroLabs
Email: labskiro@gmail.com

1. Summary

To restore a photo, the image you select is sent securely to our AI processing provider (fal.ai) and the restored result is returned to your device. We do not store your photos on our own servers, and we do not use your photos to train AI models. We use an anonymous ID to manage your restore allowance and purchases — we do not require an account, your name, or your email to use the App. You have full rights over your data (access, deletion, objection, and more — see Section 9).

2. What data we process

CategoryDetails
Photos you uploadThe image you choose to restore, and the restored output. These may depict people (including faces). We process them only to perform the restoration you request. We do not use them for facial recognition, identification, or any biometric purpose.
Anonymous user identifierA random ID generated by Firebase Anonymous Authentication. It is not linked to your real identity and lets us track your free/paid restore balance.
Purchase & subscription statusWhether you bought a credit pack or subscription, and your remaining balance. Managed via RevenueCat and Google Play Billing. We never receive your full card number.
Technical & security dataDevice/app integrity attestation (Firebase App Check / Play Integrity), app version, coarse technical logs, and IP address processed transiently to secure our service and prevent abuse.
Analytics & diagnostics (optional)Aggregated, non-identifying usage and crash data (Firebase Analytics / Crashlytics) to improve stability. Contains no image content. You can opt out in the App settings.

3. How we use your data and legal bases (Art. 6 GDPR)

PurposeLegal basis
Restoring your photo (sending it to fal.ai and returning the result)Performance of a contract (Art. 6(1)(b)) — you request the restoration
Managing your restore balance, purchases and subscriptionPerformance of a contract (Art. 6(1)(b))
Securing the service, preventing fraud/abuse of our AI endpointLegitimate interests (Art. 6(1)(f))
Optional analytics and crash diagnosticsConsent (Art. 6(1)(a)) where required, otherwise legitimate interests (Art. 6(1)(f))

4. Photo processing — important details

When you tap to restore a photo:

  • The image is transmitted securely to fal.ai (Features & Labels, Inc.), our AI inference provider, solely to generate the restored result.
  • We do not save your original or restored photo on our own servers. The restored image is returned to your device, where you can save it.
  • fal.ai stores processing files (inputs and generated outputs) on its infrastructure for a limited period before deletion. Per fal.ai, generated files are guaranteed to be available for a limited time and may be deleted thereafter. fal.ai is contractually bound to process your image only to provide the restoration and (per its policies) does not use your images to train AI models without consent. See fal.ai’s privacy policy at fal.ai/privacy.
  • You should only upload photos you have the right to use. Please avoid uploading images of other identifiable people without their awareness where required by law.

5. Who we share data with (processors & third parties)

ProviderPurposePolicy
Google Firebase (Google Ireland / LLC)Anonymous auth, secure backend functions, database for your balance, app-integrity checks, optional analytics/crash reportingfirebase.google.com/support/privacy
fal.ai (Features & Labels, Inc.)AI photo-restoration processingfal.ai/privacy
RevenueCat, Inc.Purchase & subscription managementrevenuecat.com/privacy
Google Play Billing (Google)Payment processing for purchases/subscriptionspolicies.google.com/privacy

We do not sell your personal data.

6. International data transfers

Some providers above (including fal.ai and RevenueCat) are based in the United States and may process data on servers outside the European Economic Area. Where data is transferred outside the EEA, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses and/or the providers’ certification under applicable data-transfer frameworks.

7. Data retention

  • Photos: not stored by us. Processing copies held by fal.ai are retained only for the limited period described in Section 4, then deleted.
  • Anonymous ID, balance & purchase status: retained while you use the App, and as needed to honor your purchases and meet legal/accounting obligations.
  • Technical/analytics logs: retained for a limited period for security and operational purposes.

8. Security

Your image is transmitted over encrypted connections. Access to our AI endpoint is protected by Firebase App Check (Play Integrity) and authentication to prevent unauthorized use. Our API keys are stored server-side and never included in the App.

9. Your rights under the GDPR

You have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; and withdraw consent at any time (without affecting prior processing). To exercise these rights, contact us at labskiro@gmail.com.

Because we identify users only by an anonymous ID with no name or email, we may be unable to locate your specific records without additional information from you (Art. 11 GDPR); we may ask you to provide details (such as your anonymous ID, shown in the App settings, or a purchase receipt) to help us locate the relevant data.

If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection supervisory authority.

10. Children

The App is not directed to children. You must be at least 18 years old, or the age of majority in your jurisdiction, to use the App (our AI provider likewise requires users to be 18+). We do not knowingly process data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, where changes are material, provide additional notice in the App.

12. Contact

Questions about this policy or your data? Contact:
labskiro@gmail.com — KiroLabs.

© 2026 KiroLabs. This document is provided for transparency and does not constitute legal advice.