Privacy Policy

Account information: your name, email address, hashed password, and any social-login identifiers (Apple, Google).

Photos you upload: the three photos you submit for analysis. These are stored for up to thirty days after the analysis to let you revisit reports, then deleted unless you choose to keep them.

Usage data: the scopes you select, the reports you generate, badges you earn, the battles you join. This is used to power the product itself.

Device information: device type, OS, language, push-notification token, and a coarse location (city or country level) detected via your device — never precise GPS.

Payment confirmations: receipt identifiers returned by Apple App Store or Google Play. We never see your card details.

Contact form: when you write to us through the website, we receive your name, email address, message, and approximate IP for spam prevention.

To run the AI analysis you requested and return your score and report.

To operate your account, history, battles, friends and badges.

To verify subscriptions and one-time purchases.

To send transactional notifications (analysis ready, battle invitations, password resets).

To improve the product. We never sell your data and we never use it for third-party advertising.

Performance of a contract: providing the analysis you asked for and operating your account.

Legitimate interests: keeping the service secure, preventing abuse, improving the product.

Consent: for non-essential notifications and for the AI analysis of your photos. You may withdraw consent at any time by deleting the relevant content or your account.

OpenAI (United States) — performs the AI analysis on your photos.

Apple App Store and Google Play — process subscription and in-app purchase receipts.

Resend (United States) — delivers transactional emails and the website contact form.

Our cloud database and hosting provider — stores your account and report data.

We do not sell your data to anyone, and we do not share it with advertisers.

Some of our sub-processors operate outside Türkiye and the EU. Where required, we rely on Standard Contractual Clauses and on your explicit consent (for AI analysis and contact email) to transfer data internationally.

Photos: up to thirty days after the analysis, then deleted automatically unless you save the report.

Account and reports: until you delete them or close your account.

Contact form submissions: up to twelve months after the conversation ends.

Passwords are stored hashed with bcrypt. Sessions are protected with signed tokens. Communications run over TLS. We restrict access to production systems to a small number of people on a need-to-know basis.

You can access, correct, export, restrict, or delete your personal data at any time from the profile screen of the app, or by writing to us. We will respond within thirty days. If you are in the EU or UK, you may also lodge a complaint with your local data protection authority.

Out of Ten is intended for users aged 13 and over. If you become aware that a child under 13 has created an account, please contact us and we will delete the account and its content.

We may update this Privacy Policy from time to time. Material changes will be announced inside the app and reflected here with a new "last updated" date.