Privacy Policy

1. Who is responsible

The data controller is Mattew Thao, trading as berimi (Business ID / SIRET 851 652 065 00026), an independent business registered in France. Contact for any privacy request: berimi.app@gmail.com.

2. What we collect

• Your email and account info (via Google sign-in or email).
• The photo you upload, and the avatars generated from it.
• Your credit balance and purchase history (the payment itself is handled by our payment provider — we don't store your card details).
• Any message you send us (support, feedback, style suggestions, or a report about a bad generation, including images you attach).
• Basic technical data needed to run and secure the service (e.g. device and connection information).

3. How we use it & legal bases

We use your data to:

• provide the service — generate and deliver your avatars, manage your account and credits (performance of our contract with you);
• process payments and keep billing records (contract and legal obligation);
• keep the service secure, prevent abuse and answer your messages (our legitimate interests);
• send you essential service emails such as sign-in and purchase confirmations (contract).

We do not sell your data, and we don't use it for advertising.

4. Your photos (important)

• Your uploaded photo is deleted after generation (within 24h).
• We never use your photos to train any AI model.
• Your generated avatars stay in your account until you delete them.

5. Who we share data with

We only share data with trusted providers (processors) that help us run berimi:

• Replicate — AI image generation (your photo is processed there).
• Supabase — account, authentication and storage.
• Our payment provider — to process purchases and handle taxes.
• Vercel — website hosting.
• Our email provider — to send sign-in and service emails.

We may also disclose data if required by law. We do not sell your personal data to anyone.

6. International transfers

Some providers are based outside the EU (e.g. the USA). Where that happens, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. How long we keep data

• Uploaded photos: deleted after generation (within 24h).
• Generated avatars & account: until you delete them or close your account.
• Billing records: as long as required by applicable law.
• Support messages: only as long as needed to handle your request.

8. Security

We use reasonable technical and organisational measures to protect your data, including encrypted connections and access controls. No system is ever 100% secure, but we work to keep your data safe and will notify you and the authorities if a serious breach occurs, as required by law.

9. Your rights

Under the GDPR you can access, correct, delete or export your data, object to or restrict certain processing, and withdraw consent at any time. Email berimi.app@gmail.comand we'll respond within the legal time limits. You can also complain to your local data protection authority (in France, the CNIL).

10. Children

berimi is not for anyone under 15. We don't knowingly collect data from children under 15; if you believe a child has used berimi, contact us and we'll delete the data.

11. Cookies

We only use the essential cookies needed to keep you signed in and run the service. If we add analytics or other non-essential cookies later, we'll update this policy and ask for your consent first.

12. Changes & contact

We may update this policy; we'll change the date above and, for significant changes, let you know. Questions or requests: berimi.app@gmail.com