Biometric Consent

• Your source photo stays in your account for as long as you keep your account — so you can reuse it to try new styles, variants, and emotes without re-uploading every time.
• Delete it anytime.Go to Settings → Privacy and click “Delete my source photos.” Permanent deletion completes within 24 hours.
• Biometric analysis is ephemeral. The facial geometry analysis that happens during generation is done by our AI partner (fal.ai) in the moment and is discarded immediately after each generation. We never store facial templates, vectors, or descriptors.
• Never sold. Never used to train AI models. Your photo is used for one purpose — generating the avatars you asked for.

When you upload a photo, we store it securely in a private storage bucket that only you and a tightly scoped set of our backend services can reach. Access is enforced by row-level security — not even other QtPie users (or our own support staff without a legitimate technical reason) can see your photo.

We retain your source photo for the lifetime of your account because most users generate multiple avatars over time (different styles, emotes, banners). Keeping your photo in your account means you don't have to re-upload it every time. It also lets you recreate or remix older avatars when a new style drops.

No timer. No silent deletion. We do not run a scheduled job that purges your photo after 30 days, 90 days, or any other interval. The only events that delete your photo are (a) you deleting it yourself, or (b) you deleting your account.

You are in control of when your source photo leaves our systems. To delete it:

1. Sign in and go to Settings → Privacy.
2. Click “Delete my source photos” and confirm the action.
3. We mark the photo as deleted immediately. The underlying file is removed from our storage bucket and — allowing for propagation across our infrastructure — permanent deletion completes within 24 hours.

Deleted source photos cannot be recovered. Previously generated avatars remain in your gallery (they are outputs, not your biometric input) until you delete them individually or close your account.

If a generation is actively in progress when you click delete, we will ask you to wait for that generation to finish. This prevents a half-completed avatar from being discarded mid-run.

When you close your QtPie account — via Settings → Privacy → Delete account — all source photos, generated avatars, emote sets, and associated job records are permanently deleted. Consent records (the fact that you accepted this page on a given date, and the SHA-256 hash of the exact text you accepted) are retained for three years after account closure as an audit artifact required by US state biometric laws.

When you click Generate, the following happens inside a single request window:

1. A short-lived, signed URL to your photo is handed to our AI partner, fal.ai, over TLS.
2. fal.ai runs face and feature detection, extracts the geometric information the AI model needs to preserve your likeness, and feeds it into the FLUX.1 Kontext model.
3. The model renders your stylized avatar and returns it to us. We save the generated avatar (not the biometric intermediate) to your gallery.
4. Per fal.ai's terms, the input image and any extracted biometric intermediates are discarded on their side immediately after processing completes.

QtPie never stores a facial template, vector, descriptor, or embedding of your face. The biometric information exists only for the duration of a single generation request. This is the biggest difference between QtPie and apps that build persistent biometric profiles for you.

We do strip EXIF metadata (GPS coordinates, camera model, timestamps) from your uploaded photo on ingestion so that your precise location and device details are never sent to fal.ai or stored in our systems.

QTPIE COM, LLC does not, and will not:

• Sell, lease, rent, or trade your photo to any third party.
• Use your photo to train, fine-tune, distill, or evaluate any AI model without a separate, explicit consent event that is distinct from this page.
• Share your photo with advertisers, data brokers, analytics providers, or any party other than the AI processing provider that needs it to produce your requested avatar.

These are not policy commitments we can unilaterally change. Under BIPA § 15(c)-(d), VA CDPA § 59.1-580, and related statutes, selling or disclosing biometric information without separate written consent is unlawful.

You have the following rights at any time, with no charge:

• Delete your photo— Settings → Privacy → “Delete my source photos.” 24-hour SLA.
• Withdraw biometric consent— Settings → Privacy → “Withdraw biometric consent.” We record the withdrawal and stop accepting new generations against your photo.
• Delete your account— Settings → Privacy → “Delete account.” Removes everything.
• Request a copy of your data — email [email protected]. We respond within 30 days.

The full list of rights (including GDPR rectification, objection, portability, automated-decision-making, and the right to lodge a complaint with a supervisory authority) lives in Section 13 of our Privacy Policy.

Our legal basis for processing your photo and biometric information is:

• GDPR Article 9(2)(a) — your explicit consent (this page, plus the checkbox at signup).
• BIPA § 15(b) — written release to collect and use biometric information.
• Texas CUBI § 503.001 — informed consent for commercial use.
• Washington HB 1493 — notice and consent for enrollment in a commercial database (we do not enroll).
• Virginia CDPA § 59.1-580 — consent to processing sensitive data.

Each time you accept (or later withdraw) this biometric consent, we record: the date and time of the action, the version of this page you accepted, a SHA-256 hash of the exact consent text you were shown, and whether the action was initial consent, re-consent after a policy update, or withdrawal. These records are retained for three years after your account is closed, in line with the longest applicable biometric-law limitations period (BIPA § 15(a)).

If you would like a machine-readable export of your consent history, email [email protected].

QTPIE COM, LLC (dba QtPie.com)

Privacy questions: [email protected]

Website: QtPie.com/legal/biometric-consent