Skip to content
Legal

Privacy Policy

Last updated: March 2026

At Namo, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS application and website (collectively, the "Service"). Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

1. Introduction

This Privacy Policy ("Policy") describes how Sabry Aleksandr, an individual developer ("we," "us," or "our"), collects, uses, discloses, and protects your personal information when you access or use the Namo mobile application (available on the Apple App Store), the Namo website located at namo.snth.ai, and any related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Policy, please do not access or use the Service.

We reserve the right to make changes to this Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Policy. You are encouraged to periodically review this Policy to stay informed of updates.

2. Information We Collect

a) Information You Provide Directly

When you create an account or use the Service, you may provide us with the following information:

  • Account Information: Your email address and name, as provided through Google One-Tap or Apple Sign-In authentication via Supabase.
  • Profile Information: Your chosen avatar emoji, avatar color, and display name.
  • User Content: Images you upload for processing, text prompts you provide, and any generated images or videos created through the Service, including associated metadata such as selected aspect ratios and quality tiers.

b) Information Collected Automatically

When you access or use the Service, we may automatically collect certain information, including:

  • Usage Data: Page views, user interactions, features accessed, and navigation patterns, collected via Google Analytics (GA4, Measurement ID: G-440GZGCRLS).
  • Device & Technical Data: Application version, platform (web or iOS), browser type, device type, operating system, and IP address.
  • Session Data: Authentication session cookies managed by Supabase, including JSON Web Tokens (JWT) used to maintain your login session.
  • Billing & Subscription Data: Token balance, subscription plan type (weekly or monthly), and subscription status. Payment processing is handled by Apple (for in-app purchases) and does not pass through our servers.

c) Information from Third Parties

We may receive information about you from third-party services that you use to authenticate with our Service:

  • Google: When you sign in via Google One-Tap, we receive your email address, name, and profile picture URL as authorized by your Google account settings.
  • Apple: When you sign in via Apple Sign-In, we receive your email address (or a private relay email) and name, as authorized by your Apple ID settings.

d) Face Data

When you upload photographs containing faces for use with our AI generation features, these images are processed as follows:

  • Collection: We collect face photos solely as input for AI-powered image and video generation. We do not perform facial recognition, extract biometric identifiers, or create facial geometry maps.
  • Processing: Uploaded photos are sent to our third-party AI providers (fal.ai, Google Cloud) exclusively to fulfill your generation request. Providers perform inference and return the result — they do not retain your photos or use them for model training.
  • Storage: Generated content and input images are stored on our infrastructure. Free users share a common storage pool. Subscribers receive up to 5 GB of dedicated storage. In both cases, older content is automatically cycled out (deleted) as storage fills.
  • Deletion: You may delete your content at any time. Upon account deletion, all associated data including face photos is removed within 30 days.
  • Consent: Before your first generation, the app displays a consent prompt informing you that your photos, including facial data, will be sent to AI providers for processing.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate the Service: To create and manage your account, authenticate your identity, process your image and video generation requests, and deliver generated content to you.
  • Maintain and Improve the Service: To monitor usage patterns, diagnose technical issues, analyze performance, and develop new features and improvements.
  • Manage Subscriptions and Tokens: To track your token balance, process subscription entitlements, and manage your access to premium features.
  • Analytics: To understand how users interact with the Service, identify trends, and measure the effectiveness of features using Google Analytics.
  • Communications: To respond to your inquiries, provide customer support, and send service-related notifications.
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent or unauthorized activity, and to protect the rights and safety of our users and the Service.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Information Sharing & Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party service providers who perform services on our behalf, including:
    • Supabase — Authentication, session management, and data storage.
    • Third-Party AI Providers — To process your image and video generation requests, your uploaded images and text prompts are sent to third-party AI services, including but not limited to Google (Gemini, Vertex AI), FAL AI, and other providers, proxied through our backend at namo-dashboard.snth.ai. These providers process your data solely to fulfill your generation request. Your data is not used by these providers to train or improve their AI models. The specific providers used may change over time; this policy will be updated accordingly.
    • The Nine CDN (media.thenine.co) — Content delivery and media hosting for generated images and videos.
    • Google Analytics — Website and app analytics.
    • Google & Apple — OAuth authentication providers.
  • Legal Requirements: We may disclose your information if required to do so by law, or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).
  • Protection of Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account Data: Retained for the duration of your account. When you delete your account, your personal data will be deleted or anonymized within 30 days, except where retention is required by law.
  • Generated Content: Input images, prompts, and generated images/videos are retained as part of your generation history for as long as your account exists. You may request deletion of specific content at any time.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical and research purposes.
  • Log Data: Server logs and technical data are typically retained for up to 90 days for security and debugging purposes.

Upon account deletion or at the end of the applicable retention period, we will securely delete or anonymize your personal information, unless longer retention is required or permitted by applicable law.

6. Data Security

We implement commercially reasonable technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols.
  • Secure authentication via industry-standard OAuth 2.0 protocols (Google One-Tap and Apple Sign-In) managed through Supabase.
  • JWT-based session management with secure, HTTP-only cookies.
  • Access controls limiting data access to authorized systems and processes only.
  • Regular review and updates to our security practices.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

7. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: You have the right to request a copy of the personal information we hold about you.
  • Correction: You have the right to request that we correct inaccurate or incomplete personal information.
  • Deletion: You have the right to request the deletion of your personal information, subject to certain exceptions required by law.
  • Data Portability: You have the right to request a machine-readable copy of your personal data.
  • Objection & Restriction: You have the right to object to or request restriction of the processing of your personal information in certain circumstances.
  • Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your information is collected, the business purpose for collecting your information, and the categories of third parties with whom we share your information.
  • Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different level of quality for exercising your rights.
  • No Sale of Personal Information: We do not sell your personal information as defined under the CCPA.

GDPR Rights (European Economic Area Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the rights outlined above. The legal bases for processing your information include performance of a contract, legitimate interests, and your consent. You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or within the timeframe required by applicable law.

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service. The types of technologies we use include:

  • Essential Cookies: These cookies are strictly necessary for the operation of the Service. They include session cookies managed by Supabase that maintain your authentication state (JWT tokens). These cookies cannot be disabled as the Service cannot function without them.
  • Analytics Cookies: We use Google Analytics (GA4, Measurement ID: G-440GZGCRLS) to collect anonymized usage data, including page views, user interactions, session duration, and traffic sources. Google Analytics may set its own cookies to distinguish users and throttle request rates.

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable essential cookies, you may not be able to use certain features of the Service, including authentication.

To opt out of Google Analytics tracking, you may install the Google Analytics Opt-out Browser Add-on.

9. Children's Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we learn that we have collected personal information from a child under the age of 13 without verification of parental consent, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and you believe that your child under 13 has provided us with personal information, please contact us at [email protected] so that we can take appropriate action.

Users between the ages of 13 and 18 may use the Service only with the involvement and consent of a parent or legal guardian.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. Our third-party service providers, including Supabase, FAL AI, Google, and Apple, may process data in the United States and other jurisdictions.

These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to these countries. We take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

Where required by applicable law (such as the GDPR), we ensure that appropriate safeguards are in place for international data transfers, including standard contractual clauses or reliance on the data recipient's participation in recognized data protection frameworks.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will:

  • Update the "Last Updated" date at the top of this page.
  • Post the updated Policy on the Service.
  • Where required by applicable law, notify you by email or through a prominent notice within the Service prior to the change becoming effective.

Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the updated terms. If you do not agree to the revised Policy, you should discontinue your use of the Service and delete your account.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will make every effort to respond to your inquiry within 30 days.