Privacy Policy

1. Introduction

POW! Comic Maker ("the App") is an AI-assisted comic creation tool published by ReiDxSoft ("we", "our", "us"). This Privacy Policy describes what information we collect when you use the App, how we use it, who we share it with, and the rights you have over it.

By downloading, installing, or using the App you agree to the practices described here. If you do not agree, please do not access or use the App.

2. Information We Collect

2.1 Device Information

The App does not require you to create an account. The first time you launch it, your device generates a random "Device ID" that links your credits, characters, comic history, and subscription state to that specific install. We never collect your name, email address, phone number, or any other directly identifying detail unless you choose to send one to us via the support email.

2.2 Content You Upload

Character photos. When you add a character, the image you select is uploaded to our servers and stored securely so it can be used as a visual reference during generation.
Story prompts. The text you write to describe your comic is stored alongside the resulting pages so the App can show your history correctly.
Generation settings. Style, page count, aspect ratio, resolution and language choices are stored as part of each comic record.

2.3 Generated Content

The comic pages produced from your prompts are persisted on our infrastructure (Cloudflare R2 object storage and MongoDB Atlas) so you can re-open them in the History tab. Each comic is bound to your Device ID — other users cannot list or access your pages.

2.4 Subscription & Purchase Data

When you subscribe to POW! Pro or purchase a credit pack, the transaction is processed by Apple's App Store. We receive a confirmation event via RevenueCat indicating which entitlement is active and when it renews. We never see card numbers, billing addresses, or any other payment instrument data.

2.5 Information Collected Automatically

While you use the App, the following may be collected by us or our processors:

Device model
OS version
App version
Locale
Approximate region (from IP)
Crash diagnostics
Feature engagement events
Push notification token

None of these are tied to your real identity — they are bucketed under your Device ID and the anonymous installation IDs assigned by Firebase and OneSignal.

3. How We Use Your Information

Provide the service. Generate comic pages from your prompts and characters, persist your history, sync your subscription entitlement.
Improve the App. Aggregate, anonymous engagement data helps us understand which features are valuable, where users drop off, and which bugs to prioritise.
Deliver notifications. If you opt in, we send a single notification when your comic finishes rendering — and occasional product updates.
Process subscriptions. Verify your Pro entitlement, restore previous purchases, top up credits when a pack is consumed.
Customer support. If you email us, we use your message and (if you share it) Device ID to investigate and respond.
Legal compliance. Comply with applicable laws and respond to valid legal requests.

4. Legal Basis for Processing (EEA / UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

Contract performance — for delivering the App's core functionality (generation, history, subscription management).
Consent — for sending push notifications, accessing your photo library when you add a character, and any future advertising-related tracking.
Legitimate interests — for product analytics, abuse prevention, and infrastructure security, where these interests are not overridden by your privacy rights.
Legal obligation — for complying with applicable laws.

5. Third-Party Services

We integrate the following processors. Each runs under its own privacy policy and we share only the minimum data needed to perform its job.

RevenueCat

Subscription & in-app purchase management. Receives Device ID + Apple receipt.

Apple StoreKit

Processes all in-app purchases. Sees your Apple ID and payment instrument; we do not.

OneSignal

Delivery of push notifications you have opted into. Receives an opaque push token + Device ID.

Firebase Analytics (Google)

Anonymous engagement analytics & crash reporting. Receives Firebase Installation ID + event payloads.

Cloudflare R2

Permanent storage of your generated comic pages and onboarding artwork.

MongoDB Atlas

Stores your character records, comic metadata, credit balance and subscription state.

AI image generation provider

Receives your prompt + character reference images at generation time and returns the rendered pages. The provider does not retain your inputs after generation completes.

6. App Tracking Transparency (ATT)

The App does not currently request App Tracking Transparency permission, because we do not collect your IDFA and do not share device-level identifiers with advertising networks. The App's core functionality is identical regardless of your tracking preference. If we ever introduce ad-attribution features in the future, we will request your explicit consent through Apple's standard ATT prompt before doing so.

7. Data Retention

Device data & comics — retained while you use the App. Deleting a comic from your history removes it from our database immediately. Uninstalling the App orphans the Device ID; orphaned data is automatically purged after 12 months of inactivity.
Character photos — retained until you delete the character or request data deletion.
Subscription records — retained for as long as the subscription is active and for up to 7 years afterwards to satisfy financial recordkeeping requirements.
Analytics data — retained by Firebase under their default policies (typically up to 14 months) at the resolution of anonymous Installation IDs.
Support correspondence — retained for up to 24 months to provide ongoing support.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share data only:

with the processors listed in Section 5, strictly to operate the service;
with valid legal authorities, if required by law or a binding legal process;
in the event of a merger, acquisition, or asset transfer — in which case you will be notified inside the App before any change of control becomes effective.

9. Data Security

We use industry-standard safeguards to protect your data:

All traffic between the App and our servers is encrypted in transit (TLS 1.2+).
Character photos and generated pages are stored in private buckets and only served through our authenticated proxy.
Database access is restricted to a small set of operations roles authenticated via short-lived credentials.
API tokens used to integrate with third-party services live in server-side environment variables and are never bundled into the mobile binary.

No method of electronic transmission or storage is 100% secure, but we continuously monitor and harden our systems and will notify you in-App of any incident that materially affects your data.

10. Your Rights and Choices

Depending on your jurisdiction you may have the following rights:

Access — request a copy of the data we hold about your Device ID.
Rectification — request correction of inaccurate data.
Deletion — request permanent deletion of your data. Email us with your Device ID (Settings → "Device") and everything tied to it is removed within 30 days.
Restriction — request restriction of certain processing.
Portability — request a machine-readable export of your comics and characters.
Withdraw consent — at any time, without affecting the lawfulness of any processing performed before withdrawal.
Object — object to processing based on legitimate interests.

To exercise any of these rights, email [email protected]. We respond within 30 days.

10.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information is collected, request its deletion, opt out of any sale or sharing of personal information, and not be discriminated against for exercising these rights. We do not sell personal information as defined by the CCPA / CPRA.

10.2 EU / EEA Residents (GDPR)

EU and EEA residents may, in addition to the rights above, lodge a complaint with their local supervisory authority if they believe their data protection rights have been violated.

11. Children's Privacy

The App is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from anyone in those age groups. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it promptly.

12. International Data Transfers

Our processors may store and process data in countries outside your country of residence, including the United States and the European Union. Where data is transferred outside the EEA or UK, we rely on the safeguards offered by the receiving processor (Standard Contractual Clauses or equivalent transfer frameworks).

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top always shows when the latest revision took effect. Material changes will be highlighted inside the App. Your continued use of the App after the effective date constitutes acceptance of the revised policy.

14. Contact Us

For privacy questions, data requests, or any concern related to this policy:

ReiDxSoft
Email: [email protected]