1. Information We Collect
Nesi is designed for creating natural, non-greasy dewy skin effects on matte complexions. We collect the following types of data to deliver our core functionality, with strict limits on data collection to ensure minimal privacy impact:
- Facial Image Data: To provide AI skin enhancement, facial image data is transmitted to and processed by our secure third-party AI partners (OpenRouter). No facial data is stored on our servers after the processing session is complete.
- Device & Usage Data: Non-identifiable device information (device model, operating system version, unique device identifier) and usage data (editing features used, session duration, App performance metrics) to optimize the App’s functionality and user experience.
- Log Data: Technical logs generated when you use the App, including crash reports, error logs, and access times, to resolve technical issues and improve stability.
2. Purposes of Data Usage
We use your collected data solely for the following specific purposes, with no unauthorized expansion of usage scenarios:
- Core Image Editing: Process the uploaded facial images to apply subtle dewy skin effects exclusively to the forehead, nose, and cheekbones—ensuring a natural, non-greasy finish as the App’s core feature.
- Function Optimization: Analyze usage and device data to fix bugs, optimize editing speed, and improve the accuracy of facial feature recognition for dewy skin application.
- Service Maintenance: Ensure the App runs smoothly, provide technical support, and provide technical support.
- Compliance & Security: Comply with legal requirements and protect against unauthorized access, fraud, or other security risks.
3. Third-Party Services & Data Sharing
We partner with trusted third-party AI services to enhance the accuracy of our facial editing features. All data sharing is strictly limited to necessary processing and complies with global privacy regulations (including GDPR, CCPA, and Apple’s App Store guidelines).
- Third-Party AI Service: We share facial image data with OpenRouter and its integrated AI model providers (such as OpenAI, Google, and Meta) strictly for transient real-time processing.
- Data Storage: All data shared with OpenRouter is processed on their secure cloud servers, which comply with SOC 2, GDPR, and ISO 27001 certifications. We do not store your original facial images on our own servers—processed results are retained locally on your device.
- No Additional Sharing: We do not sell, rent, or share your facial data with any other third parties beyond OpenRouter, and we do not use your data for targeted advertising.
We confirm that OpenRouter and its sub-processors (including AI model providers) provide at least the same or equal protection of your facial data as required by the App Store Guidelines and Nesi’s own privacy standards.
4. Data Retention
We adhere to a "minimal retention" principle to protect your privacy:
- Facial Image Data: Original uploaded images are deleted from your device immediately after the editing process is complete (unless you choose to save the edited image to your device). No original facial images are stored on our servers or retained by OpenRouter beyond the processing session.
- Processed Results: Edited dewy skin images are stored only on your device’s local storage, and you retain full control to delete them at any time.
- Usage & Device Data: Non-identifiable usage and device data is retained for 12 months from the date of collection to support ongoing optimization, after which it is anonymized and aggregated for statistical analysis.
5. Data Security Measures
We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction:
- Secure Transmission: Facial image data is transmitted to our AI partners via TLS 1.3 encrypted connections. The processing is transient and no original facial data is persistently stored by any party.
- Encryption: Data transmitted to OpenRouter is encrypted via TLS 1.3, and their servers use end-to-end encryption for stored data.
- Access Controls: OpenRouter restricts access to your facial data to only authorized personnel for processing purposes, with strict audit trails for all access.
- Regular Security Audits: We conduct periodic security assessments of the App and third-party partners to identify and mitigate potential vulnerabilities.
6. User Data Rights
You have full control over your data with the following rights, which we will fulfill within 30 days of your request:
- Right to Access: Request details of the facial data we process (note: we do not store original facial data, so we will confirm this and provide usage logs if applicable).
- Right to Delete: Request permanent deletion of your usage/device data stored by us or OpenRouter (original facial images are already deleted post-processing).
- Right to Opt-Out: Opt out of non-essential data collection (e.g., crash logs) by adjusting your device settings or App preferences.
- Right to Data Portability: Export your edited dewy skin images and non-identifiable usage data in a readable format.
7. Children's Privacy Protection
Nesi is not intended for use by children under the age of 13 (or the applicable age of majority in your jurisdiction). We do not knowingly collect facial data or personal information from children. If we become aware that a child under 13 has provided us with data, we will immediately delete such data from our systems and third-party partners.
Parents or guardians who become aware that a child has used Nesi and provided personal data may contact us to request deletion of the data.
8. Policy Update Mechanism
We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or App functionality. We will notify you of material changes by:
- Posting the updated policy within the App (in the "Settings" or "About" section) at least 7 days before the effective date of the change.
- Providing a prominent in-app notification for significant updates.
Your continued use of Nesi after the effective date of the updated policy constitutes your acceptance of the revised terms.
Last Updated: March 13, 2026