Privacy Policy

Last Updated: April 30, 2026

Welcome to Roast Me ("we," "us," or "our"). This Privacy Policy explains how Dedaldev DOO ("Company") collects, uses, discloses, and protects your personal information when you use our mobile application and related services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

Account Information: Email address, display name, and authentication identifiers (Sign in with Apple / Google) if you create or upgrade an account. The Service may also be used with an anonymous (device-bound) account that does not require a sign-in.
Usage Data: Information about how you use the Service, including features accessed, time spent, generation counts, and interaction patterns.
Uploaded Photos: Portrait photos you submit to generate a roast. These are used as visual context for the AI to produce a textual (and optional spoken) roast — they are not transformed into another image.
Pasted Text Content: Text you paste into the Service to be roasted (for example a tweet, a bio, a chat screenshot transcript, or context describing a friend you want roasted). This text is used solely as input for the AI to produce a textual roast and, optionally, a spoken version of it. It is stored together with the resulting roast in your roast history (see Section 5) so the entry remains meaningful when you revisit it.
Generated Content: Roast text and synthesized voice audio (MP3) produced by the Service, stored as part of your roast history (see Section 5).
Device and Technical Information: Device type, operating system, app version, locale, mobile network information, IP address, and a stable client identifier (identifierForVendor on iOS, androidId on Android) used for free-tier accounting and abuse prevention.
Payment Information: Transaction details processed through Apple App Store and Google Play, with subscription state and entitlements managed via RevenueCat. We do not receive or store your payment card details.

2. Photo Processing and Face Data

What does the app do with my photo?

When you generate a roast, you provide a portrait photo from your camera or photo library. This photo may contain an image of a face. We do not extract, analyze, or store any biometric data (such as facial geometry, facial recognition templates, or identity markers). The photo is used solely as visual context so the AI can produce a textual roast and, optionally, a spoken version of that roast (text-to-speech, "TTS"). We do not transform your photo into another image.

How is the photo processed?

Your photo is sent over an encrypted HTTPS connection to our secure server.
Before generation, the photo is screened by a third-party AI content moderation service for prohibited content.
The photo is then forwarded to a third-party AI provider that returns a textual roast based on what it sees.
If a voice option is selected, the resulting text is synthesized into an MP3 audio file using the same provider's TTS service.
The textual roast and the audio URL are returned to your device and saved to your roast history (see Section 5).
No facial recognition, biometric profiling, or identity analysis is performed at any stage.

Is my photo shared with third parties?

Yes — your photo is transmitted to third-party AI service providers for content moderation and roast text generation, as described above. We may evaluate and change AI providers over time to ensure the best quality and safety. Our current AI provider is OpenAI, L.L.C. (USA), whose services are governed by their Privacy Policy. Per our integration, submitted photos are not used by the AI provider to train its models. Your photo is not shared with any other third parties.

How long is my photo retained?

On your device: The photo is held in memory during your active session. It is not saved to your device unless you explicitly choose to save the resulting roast.
On our server: A copy of the input photo is stored together with the roast you generated, so that it can be displayed alongside the roast in your "My Roasts" history. It is retained as long as the corresponding roast history entry exists. You can delete the entry (and the linked photo) at any time from within the app, or by requesting account deletion (see Section 8).

Is my photo linked to my account?

Your input photo is linked to the specific roast it generated, and that roast is linked to your account (anonymous or signed-in) so that it can be shown in your personal roast history. It is never used to identify you across sessions, never shared with other users, and never used to build a biometric or identity profile.

3. How We Use Your Information

We use the collected information to:

Provide and maintain the Service, including generating textual roasts and synthesized voice audio (TTS).
Display your past roasts in your personal "My Roasts" history.
Track free-tier usage and enforce subscription and per-day generation limits.
Process transactions and manage subscriptions and one-time purchases.
Improve and personalize your experience.
Send promotional communications (with your consent, where required).
Detect, prevent, and address technical issues, fraudulent activity, and abuse of the Service — including automated scripting, systematic circumvention of free-tier and subscription limits, and unauthorized API usage.
Comply with legal obligations.

Abuse and Fraud Prevention: We collect and analyze technical usage data — including IP addresses, request frequency, device identifiers, device fingerprints, and API usage patterns — for the purpose of detecting, preventing, and responding to abuse, fraud, automated scripting, and violations of our Terms of Service. Accounts identified as abusive may be classified as restricted accounts and may have their access to the Service limited or terminated. This processing is carried out on the basis of our legitimate interests in maintaining the security, integrity, and fair availability of the Service for all users (Article 6(1)(f) GDPR). By using the Service, you acknowledge and consent to this processing.

4. Analytics and Tracking

We use analytics services to understand how users interact with our Service. Our analytics partners include:

Firebase Analytics (Google LLC) — app usage analytics and crash reporting.
Microsoft Clarity (Microsoft Corporation) — session recording and user interaction heatmaps. Clarity may record screen interactions during your session to help us improve the app experience. Recorded sessions do not include the input photos you submit or the generated voice audio.

These services may collect information about your device, location, and usage patterns. You can opt out of analytics tracking through your device settings.

4a. App Tracking Transparency (iOS) and Advertising Identifier

On iOS, the first time you launch the app we present Apple's standard App Tracking Transparency (ATT) prompt asking for your permission to track you across other companies' apps and websites. This permission controls our ability to read your device's Advertising Identifier (IDFA).

If you allow tracking: The app may read your IDFA and pass it, together with limited device information, to advertising partners so that any future advertising or promotional content shown within or for the app can be measured and personalized. The IDFA is a device-level identifier maintained by iOS that you can reset or disable at any time from Settings → Privacy & Security → Tracking.
If you decline tracking: The app will not access your IDFA, and the analytics signals listed above will operate without ad-personalization or cross-app measurement features. The core app functionality (generating roasts, voice playback, history, purchases) is unaffected.

You can change this choice at any time in Settings → Privacy & Security → Tracking (toggle Roast Me off/on) or globally for all apps in the same screen.

We do not sell the IDFA or any other identifier to data brokers. Tracking signals, when permitted, are used only for advertising measurement and personalization performed via the providers listed in Section 6.

5. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy, or to comply with legal obligations. Specifically:

Input photos: Stored on our server linked to the corresponding roast history entry, for as long as that entry exists. Deleted when you delete the entry or your account.
Roast text and generated voice audio (MP3): Stored as part of your roast history so you can revisit, replay, share, or export them. Retained until you delete the entry or your account.
Account information: Retained until you delete your account or request deletion.
Usage and abuse-prevention data: Retained for up to 24 months for analytics, billing reconciliation, and abuse-prevention purposes.

6. Third-Party Services and AI Processing

We use the following third-party services to operate the app:

Third-party AI service providers — content moderation, AI roast text generation (vision-based language model), and text-to-speech voice synthesis. Your input photo is transmitted to our current AI provider for moderation and roast generation, and the generated roast text is sent to the same provider for voice synthesis. We evaluate AI tools continuously and may change providers to ensure the best available quality and safety. Our current provider is OpenAI, L.L.C. (USA) — see OpenAI Privacy Policy.
Firebase / Google LLC — Authentication (Sign in with Google, anonymous sign-in), push notifications, and analytics.
RevenueCat, Inc. — Subscription and in-app purchase management.
Microsoft Clarity — Session recording and interaction analytics.
Apple, Inc. — Sign in with Apple authentication and App Store payments.

We may also share your information in the following circumstances:

Legal Requirements: When required by law, court order, or governmental authority.
Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties.

7. Data Security

We implement industry-standard security measures to protect your information:

Encryption in transit (HTTPS/TLS) and at rest where supported by the underlying storage.
Secure cloud infrastructure with access controls.
Payment processing handled by Apple and Google in accordance with PCI-DSS standards; we never receive your card data.
Regular security assessments and updates.

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under GDPR:

Access: Request a copy of your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your personal data, including your roast history and any linked input photos.
Restriction: Request limitation of processing.
Portability: Request transfer of your data to another service.
Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at the email below. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children. In line with our Terms and Conditions, you must be at least 16 years of age to use the Service. We do not knowingly collect personal information from children under 16 (under 13 where COPPA applies). If we discover that a child below the applicable minimum age has provided us with personal information, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Serbia, where our company is located, and the United States, where some of our service providers operate. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Dedaldev DOO
Belgrade, Serbia
Email: info@dedaldev.com