Korin - Privacy Policy

1. Introduction

This Privacy Policy explains in detail how Korin ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information, especially facial image data, when you use our AI-powered eyelash enhancement application. We are committed to protecting your privacy and personal data in compliance with global data protection regulations, including but not limited to CCPA, GDPR, and Apple App Store Privacy Guidelines (5.1.1(i) and 5.1.2(i)).

Before uploading any facial photo for AI eyelash enhancement processing, we will obtain your explicit, informed consent through an in-app pop-up confirmation. By using Korin, you agree to the collection and use of information as described in this policy. If you have any questions, contact us at Korin@gmail.com.

2. Types of Information We Collect

We only collect information necessary to provide AI eyelash retouching, image optimization, and core service functions. No unnecessary data is collected. Prior to collecting any data, we explicitly disclose to users the specific data to be collected and obtain active consent.

2.1 Explicit Disclosure of Collected Facial/Photo Data

Official Answer: What Exact Data Does Korin Collect and Upload?

Full facial portrait photos voluntarily selected and uploaded by you from your device's photo album for the sole purpose of AI eyelash enhancement processing.
Eye-region specific data extracted from your uploaded photos: eye contour, eyelid shape, original eyelash distribution, eye corner coordinates, and eye texture features.
AI-recognized facial key points from your uploaded photos: eye keypoints, eyebrow keypoints, orbital bone keypoints, and facial feature location markers used for precise eyelash fitting.
Original eye makeup texture data from your uploaded photos: eyeshadow color, eyeliner style, lash line details, and skin texture around the eyes to maintain a natural makeup effect.
Processed image data generated from your uploaded photos: AI-modified eyelash effect images and parameter records of the retouching process.

We explicitly notify you before any upload that your selected facial photo will be transmitted to our designated third-party AI service provider for processing.

2.2 Other Non-Facial Information

Device information: model, operating system version, screen resolution, and unique device identifier (for service stability only; explicitly disclosed to users before collection).
Usage logs: function usage frequency, image processing records, and crash reports (no personal location or sensitive behavior data; disclosed in advance).
Account information (if registered): username, email, and payment ID (for premium services only; explicit consent obtained during registration).

3. Purposes of Using Your Information

Official Answer: Explicit Purpose of Collected Facial/Photo Data

To perform AI-powered eyelash analysis on your uploaded facial photo: identify your original eyelash length, density, curvature, and growth direction to generate natural, non-exaggerated, fit eyelash effects.
To locate eye and facial key points precisely on your uploaded photo: ensure AI-drawn eyelashes match your eye shape, eye angle, and facial structure without distortion or misalignment.
To retain original eye makeup texture from your uploaded photo: analyze and preserve your native eyeshadow, eyeliner, skin tone, and makeup layers to avoid destroying your original makeup style.
To generate high-definition retouched images from your uploaded photo: render slim, slender, natural eyelash effects and export finished images to your device.
To optimize AI algorithm effects: use anonymous, aggregated facial image data (with no identifiable personal information) to improve lash fitting accuracy, naturalness, and rendering speed (individual user photos/data are never used for model training).
To troubleshoot service errors: use partial image processing logs (without identifiable personal data) to fix functional bugs, crashes, or rendering failures.
To verify service authorization: confirm that image processing behavior comes from a legitimate user who has given explicit consent and prevent abusive use of the service.

All facial/photo data is used solely for providing you with core eyelash retouching services and will never be used for advertising profiling, social analysis, or any unrelated commercial purpose. This purpose is explicitly disclosed to users before obtaining consent for data upload.

3.2 Other Usage Scenarios (With Explicit Consent)

Maintain account security and manage paid service privileges (explicit consent obtained during account creation).
Send important service notifications, policy updates, and function upgrades (users can opt out of non-essential notifications).
Comply with legal obligations and respond to lawful regulatory requests (disclosed in advance in this policy).

4. Explicit Disclosure of Third-Party Data Sharing & Storage Location

Official Answer: Exact Third-Party Recipient of Facial/Photo Data & Data Protection Commitments

Identified Third-Party Service Provider: Korin transmits your uploaded facial photos and extracted eye-region data to OpenRouter for AI-powered eyelash enhancement processing. We explicitly disclose this third-party recipient to users in an in-app pop-up before any data upload and obtain explicit consent.

Restrictions on Third-Party Use: Korin DOES NOT sell, rent, trade, or publicly disclose your original facial data, eye images, or portrait photos to any third-party advertisers, data brokers, marketing companies, or social platforms. OpenRouter is strictly prohibited from:

Using your facial/photo data for any purpose other than providing AI eyelash enhancement processing for Korin users.
Training any AI models with your personal facial/photo data (anonymized aggregated data may be used for service optimization only, with no identifiable information).
Sharing your data with any other third parties without explicit written authorization from Korin and you.

Third-Party Data Protection Standards: OpenRouter maintains data protection measures equivalent to Korin's, including end-to-end encryption, automatic data deletion after processing, and strict access control. OpenRouter complies with Apple App Store Privacy Guidelines, CCPA, and GDPR to ensure the same level of privacy protection for your data.

Storage Location: All facial data and uploaded images are stored on secure cloud servers operated by OpenRouter in the United States, encrypted and isolated. Data is stored in regional compliant cloud nodes that meet international privacy and security standards. No cross-border transmission occurs except as required by law, and this storage location is explicitly disclosed to users before consent.

4.1 Third-Party Data Processing Rules (Explicitly Disclosed to Users)

Any third party (including OpenRouter) that processes data on our behalf must comply with this Privacy Policy, Apple App Store Privacy Guidelines, and applicable laws. They are restricted to process data only to perform AI eyelash enhancement services for Korin and are forbidden from using your facial data for their own purposes. We provide users with the right to review OpenRouter's data protection policies upon request.

5. Data Retention Period (Explicitly Disclosed to Users)

Official Answer: Exact Retention Period for Facial/Photo Data (Disclosed Before Consent)

Korin retains your facial data and uploaded images only for the shortest time necessary to fulfill the purposes for which it was collected, and this retention period is explicitly communicated to users in the consent pop-up:

Temporary processing data: original uploaded facial photos are automatically deleted from OpenRouter's servers immediately after image processing is completed (usually within 15–30 minutes).
User-saved finished images: stored only in your own device; Korin and OpenRouter do not retain finished images on their servers unless you voluntarily enable cloud backup (explicit consent obtained for cloud backup).
Cloud backup data (optional): retained until you actively delete the backup or terminate your account; backup data will be permanently erased from OpenRouter's servers within 72 hours after deletion request (disclosed in advance).
Anonymous log data: retained for up to 30 days for system maintenance, then permanently deleted or fully anonymized (no identifiable personal information).
Legally required data: retained only for the period mandated by applicable laws, then securely and permanently destroyed (disclosed in this policy).

We do not permanently store any original facial images, eye data, or portrait data on our servers or OpenRouter's servers for long-term commercial or analytical use. This is explicitly confirmed to users before they provide consent for data upload.

6. Data Security Measures (Disclosed to Users Before Consent)

We implement industry-standard security technologies and procedures to protect your facial data from unauthorized access, use, modification, leakage, damage, or loss, and we explicitly disclose these measures to users before obtaining consent:

End-to-end encryption: all uploaded images and facial data are encrypted during transmission between your device and OpenRouter's servers, and during storage.
Isolated cloud storage: user data is stored in independent encrypted partitions on OpenRouter's servers with strict permission control.
Automatic temporary data destruction: temporary processing files are deleted instantly after task completion (confirmed with OpenRouter).
Access control: internal employee access to user data (and OpenRouter employee access) is strictly limited and audited, with no unauthorized access permitted.
Regular security testing: vulnerability scanning, penetration testing, and encryption system updates for both Korin and OpenRouter systems.

While we take all reasonable security measures, no electronic storage system or transmission method is 100% secure. We will notify users and regulators in accordance with the law if a data breach occurs, and this limitation is disclosed to users before consent.

7. User Data Rights (Enhanced for Apple Guidelines)

You retain full rights over your personal data and facial information. Before collecting any data, we explicitly inform you of these rights, and you may contact us at Korin@gmail.com to exercise the following rights:

Access: request a copy of the facial data and personal information we or OpenRouter hold about you (within 48 hours of request).
Correction: request correction of inaccurate or incomplete personal data held by us or OpenRouter.
Deletion: request immediate deletion of your uploaded images, facial data, account, and all related records from both Korin and OpenRouter systems.
Restriction: request restriction of data processing by us or OpenRouter under specific legal conditions.
Data portability: request export of your data in a commonly used format (where applicable) from both our systems and OpenRouter's systems.
Withdraw consent: withdraw your consent to data collection and processing at any time (with immediate effect for future data uploads; existing processed data will be deleted within 15 minutes of withdrawal).
Opt-out of third-party processing: request to stop transmission of your data to OpenRouter at any time (will disable AI eyelash enhancement features but retain basic app functionality).

We will respond to valid requests within 24 hours (in compliance with Apple guidelines) without charging unnecessary fees, and confirm completion of requests (e.g., data deletion) via email.

8. Children’s Privacy Protection

Korin is not intended for use by children under the age of 13 (or the applicable age of majority in your region). We do not knowingly collect personal information or facial data from children under 13. Before any data collection, we include age verification to prevent minors from uploading photos or providing personal data.

If we become aware that we have collected facial data from a child under 13 without parental consent, we will immediately delete such data from both our systems and OpenRouter's servers. If you believe we have collected information from a child, contact us at Korin@gmail.com for immediate deletion.

9. Policy Update Mechanism (Compliant with Apple Guidelines)

We may update this Privacy Policy periodically to reflect changes in our services, technologies, legal requirements, or Apple App Store guidelines. Significant updates (especially related to data collection, third-party sharing, or consent mechanisms) will be notified through in-app pop-up confirmations, push notifications, and email, and will require re-consent from users for continued use of AI eyelash enhancement features.

The updated policy will take effect immediately upon publication, but will not apply retroactively to data collected before the update without your explicit consent. Your continued use of Korin after the update constitutes your acceptance of the revised policy. You can review the latest version of this policy at any time within the app’s settings page, and we will provide a summary of key changes for easy review.

10. Contact Us (Enhanced for Apple Compliance)

If you have any questions, complaints, or requests regarding this Privacy Policy, facial data processing, third-party (OpenRouter) data handling, or exercise of your data rights, please contact us at:

Korin@gmail.com

We respond to all privacy-related inquiries within 24 hours (in compliance with Apple App Store guidelines).