Privacy Policy
Effective: June 4, 2026
Short version. Roastly is an AI comedy app. To generate a roast we send the bio you type or the selfie you pick to Google's Gemini AI (a third-party AI service). We do not store your photos, bios, or any personal data on our servers. There are no accounts, no analytics SDKs, and no advertising. Your roast history stays on your device.
1. Who we are
"Roastly" (the "App") is operated by an independent developer ("we", "us", "our"). This Privacy Policy explains what data the App collects, how we use it, the third-party AI service we share data with, and the choices you have.
2. Third-party AI service โ what we share and with whom
Roastly uses a third-party generative AI service to create roasts. Before the App sends any of your data to this service you will see an in-app disclosure on first launch and must tap "I Agree โ Continue" to proceed.
- AI provider: Google LLC (United States). The App calls Google's Gemini API at
generativelanguage.googleapis.com.
- What is sent: the bio text you type, the selfie photo you choose, and (for Party Mode) the names and bios of the party members you enter. Nothing else from your device โ no contacts, location, address book, identifiers for advertisers, or any other personal data.
- What Google does with it: generates the roast text and returns it to our backend, which forwards it to the App. Google processes the content to provide the AI response, governed by Google's Privacy Policy and the Gemini API Additional Terms of Service. See Gemini API Additional Terms and Google Privacy Policy.
- What we store: we do not store your photos, bios, or roasts on our servers. The content is sent to Google only to generate the roast and is not retained on our backend beyond the request lifecycle.
- Your control: if you do not agree to share data with Google, do not tap "I Agree โ Continue" on the disclosure screen. Without consent the App cannot generate roasts, but the rest of the App (history view, settings) remains usable.
3. Information we collect
3.1 Information you provide
- Selfie photos โ when you use Selfie Roast, the image is uploaded to our backend (Hetzner, Germany) and immediately forwarded to Google's Gemini API for analysis. The image is not stored on our servers beyond the request lifecycle.
- Bio text โ when you use Bio Roast or Party Mode, the text you type is sent to our backend and forwarded to Google's Gemini API for analysis. It is not stored on our servers.
3.2 Information collected automatically
- Anonymous device identifier โ a random UUID generated on your device, used only for rate-limiting (3 free roasts per day). This identifier cannot be linked back to you and is not tied to your Apple ID, email, name, or any other personal information.
- Standard server logs โ IP address, request timestamp, and User-Agent. Kept for up to 14 days for security and abuse-prevention only.
3.3 Information stored on your device
- Roast history โ your past roasts (text, emoji rating, date) are stored locally via
UserDefaults. They never leave your device and we cannot access them. You can clear this history at any time.
- Settings โ onboarding state, AI-disclosure consent flag, daily roast count.
4. What we do NOT collect
- We do not create user accounts.
- We do not ask for your name, email, phone number, or social profiles.
- We do not access your contacts, location, calendar, or address book.
- We do not use analytics SDKs, advertising IDs, or fingerprinting.
- We do not share data with advertisers.
- We do not track you across apps or websites.
5. How we use information
The data we receive is used only to:
- Generate the roast you requested.
- Enforce the daily free roast limit.
- Protect the service from abuse and bots.
- Maintain and improve the App.
6. Other third-party services
- Apple StoreKit โ handles in-app purchases and subscriptions. Purchase data is handled by Apple under Apple's Privacy Policy.
- Hosting provider โ our backend runs on a server provided by Hetzner Online GmbH (Germany).
7. Data retention
- Selfie photos and bio text โ not stored on our servers after the roast is returned.
- Server logs โ up to 14 days.
- On-device history โ until you delete it or uninstall the App.
8. Children's privacy
The App is rated 17+ and is not intended for users under 17. We do not knowingly collect data from children. If you believe a child has used the App, please contact us so we can take appropriate action.
9. Your rights
You have the right to:
- Delete all on-device history by deleting the App.
- Withdraw consent to AI processing at any time by uninstalling the App.
- Request information about any data we may have related to your anonymous device identifier (within the 14-day server log window) by contacting us.
- If you are in the EU/EEA, UK, or California: rights under GDPR / UK GDPR / CCPA, including access, deletion, and objection.
10. Security
All communication between the App and our backend uses HTTPS (TLS 1.2+). Communication between our backend and Google's Gemini API is also HTTPS. API keys are stored as server environment variables and never embedded in the App.
11. International transfers
Our backend is hosted in Germany. Roast requests are forwarded to Google's Gemini API, which may process data in the United States. By tapping "I Agree โ Continue" on the in-app disclosure you consent to these transfers.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Effective" date above shows when it was last changed. Material changes will be announced in-App or via the App Store update notes.
13. Contact
Questions about this policy? Email akbaralixasanov2000@gmail.com.