Privacy Policy

Effective Date: February 4, 2024

Last Updated: May 4, 2025

This Privacy Policy outlines how Andor Communications Private Limited ("we", "our", "us") collects, processes, uses, and protects the information of users ("you", "your") who use the AI Picture Generator: AI Leap mobile application and related services.

We respect your privacy and are committed to complying with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the IT Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDPA).

1. Information We Collect

1.1. Personal Data You Provide

Under Indian law, personal data is any information that identifies an individual. We collect:

  • User Registration Details: Full name, email address, phone number, profile photo (if linked via social accounts).
  • Authentication Data: OAuth tokens from sign-in services like Google, Apple, or Facebook.
  • Subscription and Billing Info: Payment data via Google Play or Apple App Store. We do not store full card details ourselves; payments are handled by secure third-party processors.
  • Uploaded Images: Photos uploaded for AI processing (e.g., selfies for headshots).

Compliance:

  • As per DPDPA, 2023, we seek user consent before collecting or processing personal data and allow for revocation of consent.
  • As per IT Rules 2011, sensitive data like photos and biometric likenesses are treated with extra care.

1.2. Automatically Collected Information

When you use the app, we collect:

  • Device Information: Model, OS version, language, unique device identifiers.
  • Usage Patterns: Feature usage statistics, interactions, in-app navigation.
  • IP Address and Location Data: For fraud prevention and service customization.

1.3. Generated & Inferred Data

This includes:

  • AI-generated images, avatars, or edited content.
  • Preferences inferred through app interactions.

2. How We Use Your Information

We use your data for:

1 Core Services:

  • AI image generation, editing, and enhancement.
  • Personalized content creation using uploaded photos and prompts.

2 Account & Subscription Management:

  • Verifying user identity.
  • Managing credit usage and purchases.

3 Customer Support:

  • Responding to queries, complaints, or bug reports.

4 Communication & Marketing:

  • Sending promotional content (with opt-out).
  • Transactional alerts and app updates.

5 Analytics & Performance:

  • Improving service reliability, detecting bugs, and understanding usage trends.

6 Legal Compliance:

  • Meeting obligations under the IT Act, DPDPA, or foreign regulations like GDPR or CCPA where applicable

Legal Basis (DPDPA 2023):

All processing is done:

  • With consent,
  • To fulfill contractual obligations,
  • In the legitimate interest of the service provider (not harming the data principal).

3. Data Storage & Retention

  • Where We Store Data: India-based servers and/or cloud providers compliant with ISO/IEC 27001 standards (e.g., AWS, Google Cloud).
  • How Long We Keep It:
    • User data: Until account deletion or inactivity beyond 24 months.
    • Uploaded images: Auto-deleted within 7–30 days unless saved by you.
    • Payment records: As long as legally required (e.g., under GST or accounting regulations).

Under IT Rules & DPDPA:

We implement reasonable security practices, including:

  • Encryption in transit and at rest.
  • Role-based access controls.
  • Routine audits and penetration tests.

4. Sharing of Information

4.1. Third-Party Integrations

We may share limited data with:

  • Cloud Storage Providers (e.g., AWS, GCP)
  • Analytics Providers (e.g., Firebase, Google Analytics)
  • Payment Gateways (Apple/Google)

Each of these partners complies with contractual clauses ensuring data protection.

4.2. Legal & Regulatory Disclosure

We may disclose your data:

  • In response to legal process under Indian law (e.g., court orders, police requests under CrPC).
  • To protect the rights and safety of users or to investigate fraud.

4.3. With User Consent

We will never share images or prompts for marketing or training purposes without explicit opt-in.

5. International Data Transfers

  • Some of our third-party services may process data outside India.
  • In such cases, we ensure adequate safeguards, including:
    • Data transfer agreements,
    • Standard Contractual Clauses (SCCs),
    • Compliance with DPDPA, GDPR, or similar regulations.

6. User Rights (as per Indian & Global Laws)

Under DPDPA 2023 and other applicable laws, you have the right to:

  • Access Your Data: View your profile, history, and preferences.
  • Correct Your Data: Update incorrect or outdated information.
  • Erase Your Data: Delete uploaded images or your entire account.
  • Withdraw Consent: Disable data collection or delete content at any time.
  • Data Portability: Request a machine-readable copy of your data (on formal request).
  • Grievance Redressal: File complaints via our grievance officer.

You can exercise these rights via the app settings or by contacting us.

7. AI Data Practices

  • Your images and prompts are processed via AI models that run on our secure cloud servers.
  • We do not use your private content to train or improve our models unless you explicitly opt in.
  • Generated content is not shared or repurposed unless you share it publicly or give permission.

Special Note on Facial Data:

All AI face data is temporarily processed and never stored permanently. You may delete all content manually or request full removal.

8. Children's Privacy

This app is not intended for use by children under 13 (or 16 in EU countries).

  • We do not knowingly collect data from minors.
  • If informed of such collection, we will delete the data and the account promptly.

9. Security Practices

As per Section 43A of the IT Act and Rule 8 of the IT Rules, we implement:

  • End-to-End Encryption of all image uploads and AI responses.
  • Token-Based Access for secure sessions.
  • Regular Security Testing of our app and APIs.

10. Changes to this Policy

  • We may update this Privacy Policy from time to time.
  • Major updates will be notified via the app or email.
  • You are encouraged to review this policy periodically.

11. Grievance Redressal & Contact

As per Rule 5(9) of the IT Rules, we have appointed a Grievance Officer. For any privacy-related questions, complaints, or data requests, please contact us:

Andor Communications Private Limited
5th Floor, Pegasus Tower A10, 503, Sector 68,
Noida, Uttar Pradesh 201307, India

Android Support: android.aileap@lightxapp.com
iOS Support: ios.aileap@lightxapp.com

12. Consent and Acknowledgment

By using the AI Picture Generator: AI Leap app, you confirm that:

  • You are above 4+ years of age (or have parental consent).
  • You have read and agreed to this Privacy Policy.
  • You consent to the collection, use, and sharing of your data as described herein.