Privacy Policy
Last updated: June 19, 2026
1. Introduction
This Privacy Policy describes how Take 220 Productions LLC (“Company,” “we,” “us,” or “our”) collects, uses, shares, and protects your information when you use the Starrd application, website at getstarrd.app, and related services (collectively, the “Service”).
Take 220 Productions LLC is the data controller responsible for your personal information. You can reach us at info@getstarrd.app.
Important — biometric and facial data.Starrd creates AI videos from photos of people. When you upload a photo, we and our AI processors analyze facial features to recreate a person’s likeness. Depending on where you live, this may be treated as “biometric” or “sensitive” personal information. Please read Section 4 (Biometric Data) carefully. We ask for your express consent before your first video generation.
2. Information We Collect
Account Information
You can create an account in one of two ways, and what we collect depends on the method you choose:
- Phone number (SMS one-time code). On the web and in some app flows, you sign in with your mobile phone number and a one-time verification code sent by SMS. We store your phone number to identify your account, send login codes, and prevent abuse.
- Apple or Google sign-in. If you sign in through Apple or Google, we receive your name (where provided), email address, and a unique identifier from that provider. We do not receive or store any password.
Photos, Facial Data, and Media
You upload photos to generate videos. These photos typically depict faces, and our system analyzes facial features to recreate the subject’s likeness in a generated video. Your photos and the facial/reference data derived from them are stored in our cloud storage (Supabase Storage) and are shared with the third-party AI processors listed in Section 6 solely to fulfill your video generation request. See Section 4 for how we handle biometric data and Section 7 for international transfers.
Generated Videos
AI-generated videos are stored in our cloud storage and associated with your account. Videos you generate are accessible to you and, if you choose to share them, to anyone with the share link.
Purchase Information
Credit purchases made through Apple In-App Purchase are processed by Apple. Web purchases are processed by Stripe. We and our purchase providers (Apple, Stripe, RevenueCat) receive transaction confirmations and purchase details (such as product, amount, and a transaction identifier). We do not collect or store your full payment card number.
Device and Usage Data
We collect device type, operating system, app version, and usage activity such as the templates you view, taps, shares, downloads, and the pages you visit. Some of this activity is linked to your account or a device/user identifier so we can measure engagement, operate features, and improve the Service. We do not use this data for cross-app advertising tracking.
Push Notification Tokens
If you enable push notifications on iOS, we store your Apple Push Notification service (APNs) device token to send you updates about your video generation progress. You can disable notifications at any time in your device settings.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service.
- Authenticate you and secure your account.
- Process your photo uploads and generate AI videos on your behalf.
- Send push notifications about video generation status (if enabled).
- Process and track credit purchases.
- Communicate with you about your account, updates, or support requests.
- Analyze usage to operate, improve, and optimize the Service.
- Detect, prevent, and address fraud, abuse, or misuse.
- Comply with legal obligations and enforce our Terms.
4. Biometric Data
To generate your video, our AI processors analyze the geometry of faces in the photos you upload and create reference images that recreate the subject’s likeness. In some U.S. states (including Illinois, Texas, and Washington) and under certain laws (such as the Illinois Biometric Information Privacy Act), this analysis may be considered the collection of a “biometric identifier” or “biometric information.”
- Consent. We collect and process facial/biometric data only after you provide express consent within the Service. You may decline, but you will not be able to generate videos without it.
- Purpose. We use facial/biometric data solely to generate the video you request. We do not sell it, and we do not use it to train our own facial-recognition models.
- Retention and destruction schedule. We retain your uploaded photos and derived facial/reference data only as long as needed to provide the Service and your account remains active, and we will permanently destroy this data when the initial purpose for collecting it has been satisfied or within three (3) years of your last interaction with the Service, whichever occurs first. When you delete a photo or your account, we delete the associated photos and derived reference data (see Section 9).
- You must have the right to upload. Only upload photos of yourself or of people who have consented to your use of their image with Starrd.
5. Legal Bases for Processing (EEA / UK Users)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:
- Contract — to create your account, process uploads, and generate and deliver your videos.
- Consent — to process facial/biometric data (special-category data under Article 9), to send marketing communications, and to enable push notifications. You may withdraw consent at any time.
- Legitimate interests — to secure the Service, prevent fraud and abuse, and understand and improve how the Service is used, balanced against your rights.
- Legal obligation — to comply with applicable laws and respond to lawful requests.
6. Third-Party Services and Subprocessors
We use the following third-party services to operate Starrd. Each has its own privacy policy governing its handling of data. We may update this list as our providers change; the version reflected by the “Last updated” date above is current.
- Supabase (hosted on AWS) — authentication, database, and file storage.
- Apple Sign In / Google Sign In — authentication providers.
- SMS provider — delivery of one-time login codes to your phone number.
- Apple / Stripe / RevenueCat — payment processing and in-app purchase management.
- Anthropic (Claude) — analyzes your photos to personalize the scene and generate descriptive prompts.
- KIE.ai — generates reference/storyboard images that guide video creation.
- MuAPI — the AI gateway through which we submit your photos and reference images to the video-generation model.
- ByteDance (Seedance) — generates the final AI video from your photos and reference images.
- Kuaishou (Kling) — generates or animates video for certain templates.
- Apple Push Notification service (APNs) — delivery of push notifications to iOS devices.
These AI processors receive your photos and reference data only to perform the requested generation. We do not authorize them to use your photos to train their models for unrelated purposes; however, each provider’s own terms and retention practices govern data once it is transmitted to them, and we cannot guarantee how long any provider retains data on its systems.
7. International Data Transfers
We are based in the United States, and your information is stored and processed in the United States. In addition, to generate your video we transmit your photos and reference data to AI providers that operate outside your country, including providers located in or affiliated with the People’s Republic of China (for example, the providers of the Seedance and Kling video models).
These countries may have data-protection laws that differ from, and may be less protective than, the laws of your jurisdiction. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for transfers out of the EEA/UK. By uploading photos and consenting to generation, you acknowledge and agree to these international transfers, including transfers to China-based providers, for the purpose of generating your video.
8. Data Storage and Security
Your data is stored on servers provided by Supabase (hosted on AWS). We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS).
- Row-level security policies on our database.
- Secure, scoped access to cloud storage.
- Authentication via trusted providers.
While we take reasonable measures to protect your information, no system is completely secure, and we cannot guarantee the absolute security of your data.
9. Data Sharing and Selling
We do not sell your personal information for money, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. We disclose your data only in the following circumstances:
- Service providers / subprocessors: with the providers listed in Section 6, solely to operate the Service.
- Legal requirements: when required by law, regulation, legal process, or a lawful government request.
- Safety: to protect the rights, property, or safety of our users, the Company, or the public.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, in which case your information may be transferred as part of that transaction.
10. Data Retention and Deletion
- Photos and facial/reference data: retained while your account is active, subject to the destruction schedule in Section 4. You may delete individual photos or your entire account at any time.
- Generated videos: retained while your account is active.
- Account data: retained until you delete your account.
- Transaction records: retained as required for tax, accounting, and fraud-prevention purposes.
When you delete your account, we delete your account data, uploaded photos, derived reference data, and generated videos from our active systems within a reasonable timeframe. Some data may persist in encrypted backups for a limited period or be retained where required by law. We may also retain a one-way record of a deleted phone number to prevent abuse of promotional credits.
11. Your Privacy Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data.
- Obtain a portable copy of your data.
- Object to or restrict certain processing.
- Withdraw consent (including for biometric processing).
- Opt out of any “sale” or “sharing” of personal information (we do not sell or share — see Section 9).
- Not be discriminated against for exercising your privacy rights.
- Lodge a complaint with your local data-protection authority (EEA/UK users).
To exercise any of these rights, email us at info@getstarrd.app, or use the in-app account controls. We will verify your request and respond within the timeframe required by applicable law. You may use an authorized agent to submit a request on your behalf.
12. California Privacy Rights (CCPA / CPRA)
This section provides additional detail for California residents. In the preceding 12 months we have collected the following categories of personal information:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Name, email, phone number, account ID | Account creation, login, support |
| Sensitive personal information | Photos containing facial/biometric data | Video generation (with your consent) |
| Commercial information | Credit purchases and transaction history | Processing and tracking purchases |
| Internet / device activity | Device type, OS, app version, usage events | Operating and improving the Service |
| User content | Uploaded photos and generated videos | Providing the Service |
California residents have the right to know, delete, and correct their personal information, to opt out of sale/sharing, and to limit the use of sensitive personal information. We do not sell or share personal information. To exercise these rights, contact us at info@getstarrd.app.
13. Children’s and Teens’ Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Users between 13 and 18 may use the Service only with the consent and supervision of a parent or legal guardian. Because the Service recreates a person’s likeness, do not upload photos of a minor without the verifiable consent of that minor’s parent or guardian. If we learn that we have collected personal information from a child under 13, or biometric data from a minor without proper consent, we will delete it promptly. Contact us at info@getstarrd.app with any concern.
14. EEA / UK Representative
If we are required to appoint a representative in the EEA or the United Kingdom under Article 27 of the GDPR / UK GDPR, that representative’s contact details will be listed here. In the meantime, EEA/UK users may contact us directly at info@getstarrd.app.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new “Last updated” date and, where required by law, by obtaining your renewed consent. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
16. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact Take 220 Productions LLC at info@getstarrd.app.