Free Preview · No Signup Required

Privacy Policy

Last updated: 13 June 2026

1. Data Controller

Fable by Figoodle (“we”, “us”) is operated by s-basics.de, registered in Germany. For any privacy-related enquiries, please contact us via contact form or at privacy@figoodle.com.

2. What Data We Collect

  • Email address — provided when you place an order or sign in via the iOS app, used for order confirmation, digital delivery, and shipping updates.
  • Uploaded photos — the image(s) you upload to generate your portrait. Photos may contain faces and other personal likenesses (see Section 4).
  • Generated portraits — AI-generated artwork based on your uploaded photo.
  • Shipping address — provided at checkout for physical product orders (framed prints and canvases).
  • Payment information — processed directly by Stripe (web) or Apple App Store / RevenueCat (iOS); we never see or store your full card details.
  • Device identifier — on the iOS app, an anonymous device identifier is used to associate your session with your purchases. No other device data is collected.

We do not collect precise location data, contacts, browsing history, or any data unrelated to portrait generation and order fulfilment.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds:

  • Contractual necessity (Art. 6(1)(b) GDPR) — processing your photo, email, and shipping address is necessary to fulfil your order.
  • Legitimate interest (Art. 6(1)(f) GDPR) — retaining order records for fraud prevention and legal compliance.
  • Legal obligation (Art. 6(1)(c) GDPR) — retaining financial transaction records as required by German tax law.
  • Consent (Art. 6(1)(a) GDPR) — where you have explicitly agreed to the processing of your photo data via the in-app consent screen (iOS app only).

4. Face & Photo Data

When you upload a photo, it may contain your face or the faces of others. Here is exactly how this data is handled:

  • What is collected: The photo you upload, which may contain one or more faces or personal likenesses.
  • How it is used: Solely to generate an AI portrait in the style you selected. Your photo is not used for facial recognition, identity verification, advertising, user profiling, or any purpose other than portrait generation.
  • Who receives it: Your photo is transmitted to Google (Gemini API) for AI processing. No other third party receives your photo, except Prodigi (print fulfilment) if you order a physical print — in which case only the generated portrait (not the original photo) is shared.
  • Is it retained by Google? No. Google processes the image to generate the portrait and does not retain it after generation, in accordance with Google's Privacy Policy.
  • How long we retain it: Your uploaded photo and generated portrait are stored on our servers solely for order fulfilment. They are permanently deleted after successful delivery of your order (digital: after file delivery; physical: after shipment). You may request earlier deletion at any time by contacting privacy@figoodle.com.
  • iOS app consent: Before your first portrait is generated in the iOS app, you are shown an explicit consent screen explaining that your photo will be sent to Google (Gemini API). You must agree before any photo is uploaded.

Where in this policy is face data addressed?

This section (Section 4) fully describes our collection, use, disclosure, sharing, and retention of face and photo data. Section 5 names the third-party processors who may receive your photo.

5. Third-Party Processors

We share your data with the following third-party service providers, solely for the purposes described in this policy:

  • Google (Gemini API) — receives your uploaded photo to generate the AI portrait. Images are processed solely for generation and are not retained by Google after generation. See Google's Privacy Policy.
  • Prodigi (printing & shipping) — prints and ships your framed prints and canvases. Receives your shipping address and the generated portrait image (not the original uploaded photo).
  • Stripe (web payment processing) — processes your payment securely. We do not see or store your card details. See Stripe's Privacy Policy.
  • RevenueCat (iOS in-app purchases) — manages in-app purchase verification on iOS. Receives your anonymous device identifier and purchase receipt. See RevenueCat's Privacy Policy.
  • Apple App Store — processes in-app purchase payments on iOS. We do not collect or store your payment information.
  • Resend (email delivery) — sends transactional emails on our behalf (order confirmations, digital deliveries, shipping updates). Receives your email address only.

All third-party processors are contractually required to provide the same or equivalent level of data protection as described in this policy. We do not sell, rent, or share your data for advertising or marketing purposes.

6. International Data Transfers

Our servers are located in Finland, European Union. Some third-party processors (including Google and RevenueCat) are based in the United States and process data outside the EU/EEA. Where this occurs, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented in Google's and other processors' Data Processing Agreements.
  • Adequacy decisions where applicable.

You can request a copy of the applicable transfer safeguards by contacting us at privacy@figoodle.com.

7. Data Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • All data is transmitted over encrypted connections (HTTPS/TLS).
  • Uploaded photos and generated portraits are stored on access-controlled servers in the EU.
  • Payment data is never transmitted to or stored on our servers — it is handled entirely by Stripe or Apple.
  • Access to personal data is restricted to authorised personnel only.

No system is completely secure. If you believe your data has been compromised, please contact us immediately at privacy@figoodle.com.

8. Cookies & Tracking

Website: We use a single session cookie (cart_session) to maintain your shopping cart. This is strictly necessary and does not require consent under EU law. We do not use tracking cookies, analytics cookies, or advertising cookies.

iOS app: The app does not use cookies. It does not track you across other apps or websites. No data is collected for advertising or cross-app tracking purposes.

9. Data Retention

  • Uploaded photos & generated portraits — deleted after successful order delivery (see Section 4). You may request earlier deletion at any time.
  • Order records (email, order details, shipping address) — retained for 7 years for tax and legal compliance.
  • Payment records — managed by Stripe or Apple in accordance with their retention policies.
  • Contact form submissions — retained for up to 2 years.
  • iOS app consent record — stored locally on your device only; cleared if you delete the app.

10. Children's Privacy

Fable by Figoodle is intended for use by adults (18+) and by minors only under the supervision of a parent or legal guardian. We do not knowingly collect personal data directly from children under the age of 13 (or the applicable age of digital consent in your jurisdiction).

If a parent or guardian believes that a child under 13 has submitted personal data to us without consent, please contact us immediately at privacy@figoodle.com and we will promptly delete the data.

Photos of children may be uploaded by a parent or guardian as part of the portrait generation service. Such photos are handled with the same protections described in Section 4 and are deleted after order delivery.

11. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Restriction — request restriction of processing in certain circumstances.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@figoodle.com. We will respond within 30 days.

You also have the right to lodge a complaint with the German Federal Commissioner for Data Protection (BfDI) at bfdi.bund.de.

12. Changes to This Policy

We may update this privacy policy from time to time. Any significant changes will be communicated via in-app notification or email where required. The most recent version is always available at figoodle.com/privacy.