Quick reference (TL;DR)
| What you should know | Where to read more |
|---|---|
| What we collect, your email, the photos you choose to relight, your subscription state, basic device info. | §3 |
| Why, to operate the app, deliver AI-relit photos, manage your account, comply with law. | §4 |
| AI processing, your photos are sent to Google Gemini for relighting. Google does not use your photos to train its AI models. Photos are not retained by Google beyond a 24-hour abuse-monitoring buffer. You may revoke AI consent any time. | §5 |
| Face detection, happens on your device only via Apple's Vision framework. Facial geometry never leaves your phone. We do not collect, store, or transmit biometric identifiers. See our separate Biometric Notice. | §6 |
| No advertising, no analytics SDKs, no data sale. We do not sell or share your data for cross-context behavioral advertising. | §9 |
| Your rights, access, correction, deletion, portability, withdraw consent. Delete your account anytime in Settings. | §11 |
| Account deletion, Settings → Account → Delete Account. Server purges within 30 days, typically <10 minutes. | §12 |
| Contact, privacy@quarym.com | §19 |
1. Who we are (Data Controller)
Quarym is operated by Arketon Tecnology, the company under which we publish the app. Arketon Tecnology operates through the registered Brazilian legal entity Arketon Tecnologia Ltda., which is the data controller responsible for processing your personal data and the contracting party for all matters under this Policy.
- Operating company (trade name): Arketon Tecnology
- Registered legal entity (razão social): Arketon Tecnologia Ltda.
- CNPJ: 64.909.714/0001-08
- Registered address: Rua Sapucaí, 220, Apt. 402, Rosário, Cláudio/MG, CEP 35530-000, Brasil
- Country of incorporation: Brazil
- Email for privacy matters: privacy@quarym.com
- General support: support@quarym.com
- Encarregado pelo Tratamento de Dados Pessoais (DPO under LGPD Art. 41): contact via dpo@quarym.com
References in this Policy to "Arketon", "we", "us", or "our" mean Arketon Tecnology operating through Arketon Tecnologia Ltda.
EU/UK Representative under GDPR Art. 27: Not appointed. Quarym is not currently distributed in the EU or UK via the App Store. If our distribution expands to those markets, an EU representative will be appointed before processing data of EU/UK residents.
2. Scope
This policy applies to the Quarym iOS application (bundle identifier com.arketon.quarym) distributed via the Apple App Store, the website at https://quarym.com, and any associated support channels operated by Arketon. It does not cover third-party services we link to (Apple, Google, Resend); their own privacy policies govern data they collect when you use those services.
This policy is provided in English. A Portuguese translation is available at https://quarym.com/privacidade. In the event of conflict, the Portuguese version prevails for users resident in Brazil; the English version prevails elsewhere.
3. Information we collect
We deliberately collect the minimum data needed to run the service ("data minimization", required by LGPD Art. 6(III), GDPR Art. 5(1)(c), and Maryland MODPA). We do not collect what we do not need.
3.1 Information you provide
| Category | What it is | Why we have it |
|---|---|---|
| Account credentials | Email + password (hashed by our auth provider, we never see plaintext), OR a federated identifier from Apple Sign In / Google Sign In | To sign you in and protect your account |
| Photos you select | Image bytes you upload via the camera or photo picker for AI relighting | To process your render request |
| Photo metadata (sanitized) | Image orientation only, we strip GPS, timestamps, camera serial, and other EXIF fields before any upload | Required for correct image display; everything else removed for privacy |
| Support communications | Anything you send to support@quarym.com or in-app feedback | To answer your questions |
3.2 Information collected automatically
| Category | What it is | Why we have it |
|---|---|---|
| Device identifier (hashed) | A non-personally-identifying device ID derived from Apple's identifierForVendor | To protect the free tier from abuse + diagnose crashes |
| Device model + iOS version | e.g., "iPhone 17 Pro running iOS 26.4" | To route the right pipeline (LiDAR vs CoreML fallback) and prioritize bug fixes |
| Render history metadata | Timestamps and tier of each render you've completed | To enforce subscription limits and show your usage history |
| Subscription state | Active subscription tier, renewal date, billing status, sourced from Apple's App Store Server Notifications | To deliver the features your subscription includes |
| Crash and error logs | Stack traces, free of photo content or PII | To fix bugs |
3.3 Information generated by AI
When you tap "Relight" we generate a rendered photo (the AI-relit version of your input). It is stored in your account until you delete it. It is also a piece of your personal data and is governed by this policy.
3.4 Information we deliberately do not collect
- Biometric identifiers, see §6 and the Biometric Notice.
- Precise geolocation, we do not request GPS access.
- Contacts, we do not access your address book.
- Health data, Quarym is not a medical device; we do not collect health information.
- Cross-app tracking identifiers (IDFA), we do not run ads and do not request App Tracking Transparency permission.
4. How we use information
We process your data only for the purposes listed below. For users in the EU/UK/EEA, the GDPR legal bases are noted; for Brazilian users, the LGPD Art. 7 bases apply correspondingly.
| Purpose | Data used | GDPR legal basis | LGPD basis |
|---|---|---|---|
| Operate your account, sign you in, recover your password | Email, hashed password, federated identifier, device ID | Contract performance, Art. 6(1)(b) | Execução de contrato, Art. 7(V) |
| Process AI relighting requests | Photo, sanitized orientation metadata | Contract performance, Art. 6(1)(b) AND explicit consent for transmission to Google Gemini, Art. 6(1)(a) | Execução de contrato + consentimento, Art. 7(I), (V) |
| Manage subscriptions, deliver entitled features, prevent free-tier abuse | Subscription state, hashed device ID, render history | Contract performance + legitimate interest in fraud prevention, Art. 6(1)(b), 6(1)(f) | Execução de contrato + interesse legítimo, Art. 7(V), (IX) |
| Send transactional emails (account confirmation, password reset, deletion confirmation) | Contract performance, Art. 6(1)(b) | Execução de contrato, Art. 7(V) | |
| Comply with legal obligations (tax, audit, lawful information requests) | Whatever the law requires | Legal obligation, Art. 6(1)(c) | Cumprimento de obrigação legal, Art. 7(II) |
| Diagnose bugs and improve performance | Crash logs (no photo content), device model | Legitimate interest, Art. 6(1)(f) | Interesse legítimo, Art. 7(IX) |
| Defend legal claims if needed | Whatever is relevant to the claim | Legitimate interest, Art. 6(1)(f) | Exercício regular de direitos, Art. 7(VI) |
Automated decision-making (GDPR Art. 22 / LGPD Art. 20): AI relighting is not solely automated decision-making in the legal sense, you initiate each render explicitly, the output is non-consequential (an edited photo), and you may discard it. We do not use AI to make decisions that produce legal or significant effects on you.
5. AI processing disclosure (Google Gemini)
This section is required by Apple App Store Review Guideline 5.1.2(i) and is the basis on which you grant in-app AI consent during onboarding.
When you tap to relight a photo:
- The photo bytes (JPEG/HEIC/PNG) and sanitized orientation metadata are sent over TLS-encrypted connection to a Quarym server (Supabase Edge Function).
- From there, the photo is forwarded to Google LLC's Vertex AI / Gemini API for two operations: scene classification + image relighting.
- Google returns the relit image, which is stored in your account and shown to you.
What Google does with your photo
Per Google Cloud's Vertex AI Customer Data Processing Terms and the Vertex AI Generative AI service-specific terms:
- Google does not use your photos to train Gemini, foundation models, or any other AI model.
- Photos may be cached for up to 24 hours for Google's automated abuse-detection systems, after which they are deleted.
- Google operates as a data processor acting on Quarym's instructions; we are the data controller.
Your control
- AI consent is granular and revocable: revoke from Settings → AI relighting at any time. After revocation, the app continues to work for browsing and editor preview, but no new renders are sent to Google.
- Each render is a fresh consent, closing the app or revoking consent stops further transmission.
- You may inspect what would be sent (image preview) before tapping "Relight".
International transfer (EU/UK/Brazil → US)
When Google processes your photo, the data crosses borders to Google's servers in the United States.
- For EU/UK users, this transfer relies on the EU-US Data Privacy Framework (Google is certified) AND the Standard Contractual Clauses included in Google's Cloud DPA, with supplementary measures (in-transit and at-rest encryption, no government access without challenge).
- For Brazilian users, transfer relies on the contractual safeguards required by LGPD Art. 33(II), reflected in Google's DPA.
You can withdraw consent for international transfer at any time as part of revoking AI consent.
6. On-device processing (no biometric collection)
Quarym uses Apple's Vision framework (the same APIs used by iOS Photos and Camera) and Apple Depth Pro (Core ML) to detect faces, segment subjects, and analyze depth, all running on your iPhone.
These on-device computations:
- Run on your device using Apple's CPU, GPU, or Neural Engine.
- Produce facial geometry features and depth maps that are used only to position virtual lights on the local Studio 3D preview.
- Are never transmitted to Quarym's servers, Google, or any third party.
- Are not stored persistently, they are computed for the active session and discarded.
6.1 Restricted use of depth and facial data (Apple App Store Guideline 5.1.2(vi))
Per Apple App Store Review Guideline 5.1.2(vi), data gathered from depth or facial-mapping tools (ARKit, the Camera APIs, the Photos APIs, Vision, or Apple Depth Pro Core ML) may not be used for marketing, advertising, or use-based data mining, including by third parties. We comply with this restriction without exception:
- We do not use depth maps or facial geometry for marketing or advertising of any kind.
- We do not use depth maps or facial geometry for use-based data mining, profiling, or analytics.
- We do not share depth maps or facial geometry with any third party (advertisers, analytics SDKs, AI training datasets, data brokers, or government authorities outside a lawful order narrowly construed).
- The only purpose for which this data exists at all is the on-device positioning of virtual lights for the Studio 3D preview, after which it is discarded.
6.2 BIPA, CUBI, MHMDA, and Maryland MODPA position
We therefore do not "collect", "capture", "store", or "transmit" biometric identifiers or biometric information as those terms are defined under the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/5), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington Biometric Privacy Act (RCW 19.375), the Washington My Health My Data Act (RCW 19.373), or the Maryland Online Data Privacy Act (MODPA). Our separate Biometric Notice explains this in more detail and is published as required by BIPA §15(a).
7. Who we share data with (Sub-processors and third parties)
We share data only with the service providers that make Quarym work and only for the purposes described.
| Recipient | Role | What is shared | Where they process | DPA + Safeguards |
|---|---|---|---|---|
| Google LLC (Vertex AI / Gemini) | AI processor, image scene analysis + relighting | Photo bytes, sanitized orientation metadata | United States | Google Cloud DPA + EU-US DPF + SCCs |
| Supabase Inc. | Hosting, authentication, file storage, edge functions | Account credentials (hashed by Supabase Auth), uploaded photo bytes (during the render lifecycle), rendered output, subscription state | United States (US-West region) | Supabase DPA + SCCs |
| Apple Inc. | App distribution, in-app purchase processing, push notifications, device authentication | Subscription transactions, device identifiers, App Store account info, handled per Apple's privacy policy | Various | Apple Developer Program License Agreement; Apple is the data controller for App Store and payment data |
| Resend, Inc. | Transactional email delivery (signup confirmation, password recovery, deletion confirmation) | Recipient email address, message content | United States | Resend DPA |
| Government authorities, courts | When legally compelled (subpoena, court order, mutual legal assistance treaty) | Whatever the lawful order specifies, narrowly construed | Variable | We notify users where lawful and feasible |
| Successor entities | If Arketon Tecnology (or its registered legal entity Arketon Tecnologia Ltda.) is acquired or merges, your data may transfer to the successor, bound by the same protections | Account, render history | Variable | We will notify you in advance |
We do not share data with advertising networks, analytics SDKs, data brokers, or AI training datasets.
8. International data transfers
Personal data we collect is processed in:
- United States (Supabase, Google, Apple, Resend)
- Brazil (Arketon's internal operations, support team)
For users in the EU/EEA/UK or Brazil whose data crosses to the US:
- Google is certified under the EU-US Data Privacy Framework.
- Standard Contractual Clauses (Module 3, controller-to-processor) are executed with each US sub-processor.
- Supplementary measures are in place (TLS in transit, AES-256 at rest, sub-processor access controls).
- For Brazilian users, transfer mechanisms align with ANPD Resolution CD/ANPD No. [TO VERIFY] on international transfers.
9. We do not sell or share your data
Quarym does not sell personal information as that term is defined by the California Consumer Privacy Act (CCPA, Cal. Civ. Code §1798.140(t)) or any other comparable state law (Virginia, Colorado, Connecticut, Texas, Utah, Florida, Oregon, Tennessee, Montana, Iowa, Indiana, New Hampshire, Delaware, New Jersey, Minnesota, Maryland, Rhode Island, Kentucky).
Quarym does not share personal information for cross-context behavioral advertising as that term is defined by the California Privacy Rights Act (CPRA).
We honor the Global Privacy Control (GPC) signal as a valid opt-out request from California, Colorado, Connecticut, New Jersey, Minnesota, Maryland, Oregon, Texas, New Hampshire, and Delaware residents.
10. Data retention
| Data category | Retention period | Why |
|---|---|---|
| Active account data (profile, subscription state) | Duration of your account + 30 days after deletion | Account recovery + audit |
| Uploaded photos pending render | Up to 24 hours | Service delivery; deleted after render or abandonment |
| Rendered output photos | Until you delete them OR you delete your account, plus 30 days for backup retention | You access them in your render history |
| Account deletion tombstone (no PII; only opaque user ID, timestamp, deletion reason) | 7 years | Audit trail; GDPR Art. 30 records of processing; Apple subscription webhook de-duplication |
| API rate-limit and audit logs | 30 days | Anti-abuse + diagnostics |
| Email delivery logs (recipient domain only, no message body) | 90 days | Deliverability diagnostics |
| Crash logs | 90 days | Bug triage |
| Tax / financial records (subscription history aggregates, no payment instrument) | 10 years | Brazilian tax law + LGPD Art. 16(II) |
Where law sets a longer minimum, the legal minimum applies.
11. Your rights
You have rights over your personal data. The exact set depends on where you live; the most common are listed below. Exercise any of them by emailing privacy@quarym.com or, where the right has an in-app shortcut, using Settings.
| Right | Available to | How to exercise |
|---|---|---|
| Access, request a copy of the data we hold about you | Everyone (GDPR Art. 15, LGPD Art. 18(II), CCPA §1798.110) | Email; we respond within 30 days (15 days if LGPD) |
| Correction, fix data that is wrong or out of date | Everyone | Email or Settings → Account |
| Deletion, delete your account and all associated data | Everyone (GDPR Art. 17, LGPD Art. 18(VI), CCPA §1798.105) | Settings → Delete Account (in-app, takes <30 days, typically <10 minutes) |
| Portability, get your data in a machine-readable format | EU/UK/EEA, Brazil, California (GDPR Art. 20) | Email; we deliver a ZIP within 7 days |
| Object to processing based on legitimate interest | EU/UK/EEA | |
| Restrict processing | EU/UK/EEA | |
| Withdraw consent for AI processing | Everyone | Settings → AI relighting (immediate) |
| Opt-out of sale/share | California + other state laws (we do not sell or share, opt-out is preserved as a no-op request) | Email or Global Privacy Control browser signal |
| Limit use of sensitive data | California, Maryland | Already limited by default, sensitive data minimization is built in |
| Non-discrimination for exercising rights | Everyone | Built into how we operate; we do not penalize or degrade service for users who exercise rights |
| Lodge a complaint with your supervisory authority | EU/UK/EEA → your national DPA; Brazil → ANPD; California → CPPA | See §17 |
| Designate an authorized agent | California | Email; we verify the agent's authority |
| Appeal a privacy rights denial | Colorado, Connecticut, Virginia, Maryland | Email with subject "Appeal", we respond within 60 days |
We verify identity before fulfilling rights requests to prevent account takeover. The verification process is the minimum needed to confirm you are the account owner.
12. Account deletion and data retention
You can delete your account and all associated personal data from Settings → Account → Delete Account. The flow is in-app, requires re-authentication, and triggers an automated server-side process that:
- Revokes all active sessions across all devices.
- Deletes your photos, rendered outputs, render history, credit ledger, and account profile from our database.
- Sends you a confirmation email.
- Records an audit-only tombstone (your opaque user ID + timestamp + reason, no name, no email, no photos) for 7 years to satisfy our Apple subscription webhook deduplication and any lawful audit obligation.
Typical completion time: under 10 minutes after you confirm. Maximum: 30 days, per GDPR Art. 17(1).
If you have an active Apple subscription, deleting your Quarym account does not cancel your Apple subscription. Cancel it separately at Settings → Apple ID → Subscriptions, or Apple will continue to bill you. We make this clear in the in-app deletion flow.
13. Security
We follow industry-standard security practices:
- Encryption in transit: TLS 1.2+ for all client-server communication.
- Encryption at rest: AES-256 on all databases and storage buckets.
- Authentication: Supabase Auth with rotating refresh tokens, hashed passwords (bcrypt-equivalent), Apple Sign In and Google OAuth as alternatives.
- Row-Level Security (RLS): every database table containing user data has policies enforcing that you can only access your own rows.
- App attestation: we use Apple's
DCAppAttestServiceto verify requests come from a genuine Quarym install on a real Apple device. - Data minimization: we collect what we need and nothing more.
- Vulnerability management: dependency audits + secret scanning before each release.
- Account deletion auditability: every deletion is logged server-side with timestamp + version of the deletion procedure.
No system is impenetrable. If we discover a personal data breach affecting you, we will notify you and the relevant supervisory authority within 72 hours per GDPR Art. 33–34 and within the timeline required by LGPD Art. 48 and applicable US state laws.
14. Children's privacy
Quarym is rated 13+ in the App Store. (Apple deprecated the legacy 12+ tier in July 2025; 13+ is the lowest rating Apple now offers for an app such as ours that includes AI-generated imagery.) We do not knowingly collect personal data from children under 13 years of age (under 16 in some EU member states that set 16 as the GDPR digital-consent age). The App Store age gate is the primary control. If we learn we have collected data from a child below this age, we will delete that data and the associated account.
If you are a parent and believe your child has created an account with us, please contact privacy@quarym.com.
15. AI Act (EU), Content provenance disclosure
Where the EU Artificial Intelligence Act (Regulation 2024/1689) applies (you are using Quarym from the European Economic Area), we comply with Article 50 by:
- Disclosing that images generated or modified by Quarym are AI-generated content. This Privacy Policy and the in-app onboarding both make this disclosure.
- Embedding provenance metadata in rendered images using the open C2PA Content Credentials standard, where the underlying image format supports it.
16. State-specific disclosures
16.1 California (CCPA / CPRA)
In addition to the rights listed in §11, California residents have:
| CCPA right | How |
|---|---|
| Right to know categories collected and shared | This policy is the disclosure |
| Right to delete | §12 |
| Right to opt-out of sale or sharing | We do not sell or share, preserved as a no-op |
| Right to limit use of sensitive personal information | Already minimized by default |
| Right to non-discrimination | We do not retaliate |
| Right to correct inaccurate data |
We respond to verified requests within 45 days (extendable by 45 days with notice). We honor Global Privacy Control signals.
We do not "sell" or "share" personal information as defined by CCPA §1798.140 and CPRA.
16.2 Colorado, Connecticut, Virginia, Utah, Texas, Florida, Oregon, Tennessee, Montana, Iowa, Indiana, New Hampshire, Delaware, New Jersey, Minnesota, Maryland, Rhode Island, Kentucky
Residents of these states have rights to access, deletion, correction, portability, and to opt-out of targeted advertising (we do not engage in targeted advertising) and profiling that produces legal/significant effects (we do not). For Colorado/Connecticut/Virginia/Maryland we provide an appeal process for denied requests. We honor universal opt-out signals (e.g., GPC) where required.
16.3 Illinois (BIPA)
Quarym does not collect biometric identifiers as defined by BIPA. See our separate Biometric Notice which is publicly available per BIPA §15(a).
16.4 Texas (CUBI), Washington (Biometric Privacy Act, MHMDA)
Same as Illinois, we do not collect biometric identifiers within the meaning of these statutes. The Biometric Notice covers our position.
16.5 Brazil (LGPD)
Brazilian residents have the rights enumerated in LGPD Art. 18 including confirmation of processing, access, correction, anonymization or deletion, portability, and information about shared parties. Our Encarregado (DPO) is named in §1. Complaints may be lodged with the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.br/anpd.
16.6 Quebec (Law 25)
Quarym is not currently distributed in the province of Quebec, Canada. App Store regional availability excludes Quebec from Quarym's launch markets. As a result, Quebec's Loi sur la protection des renseignements personnels dans le secteur privé (Law 25, formerly Bill 64) does not apply to our processing. If our distribution expands to include Quebec residents in the future, this policy will be republished in French and a Privacy Impact Assessment will be completed prior to any cross-border transfer of Quebec residents' personal data, as required by Law 25.
17. Supervisory authorities and complaints
If you believe we have processed your data unlawfully, you may complain to a supervisory authority:
- Brazil, Autoridade Nacional de Proteção de Dados (ANPD): https://www.gov.br/anpd
- EU/EEA, your national data protection authority. List: https://edpb.europa.eu/about-edpb/about-edpb/members_en
- United Kingdom, Information Commissioner's Office: https://ico.org.uk
- California, California Privacy Protection Agency: https://cppa.ca.gov
We strongly prefer the chance to resolve your concern first, please contact privacy@quarym.com before escalating.
18. Changes to this policy
We may update this Privacy Policy from time to time. When we do:
- Material changes (changes to data collected, purposes of processing, recipients, or your rights) require at least 30 days advance notice by email and an in-app prompt before they take effect.
- Non-material changes (clarifications, typo fixes, formatting) take effect on publication.
- The Last updated date at the top of this policy reflects the most recent change.
- We keep an archive of prior versions at https://quarym.com/privacy/archive.
19. Contact
| Reason | |
|---|---|
| Privacy questions, rights requests, GDPR/LGPD/CCPA matters | privacy@quarym.com |
| Encarregado (LGPD DPO) | dpo@quarym.com |
| General product support | support@quarym.com |
| Security vulnerability reports | security@quarym.com |
Postal: Arketon Tecnologia Ltda., Rua Sapucaí, 220, Apt. 402, Rosário, Cláudio/MG, CEP 35530-000, Brasil