Privacy Policy
Last updated: May 15, 2026
1. Who We Are
Foyro is operated by Andrii Tsyhanok, based in Romania. This Privacy Policy explains how we collect, use, and protect your personal data when you use our AI photo retouching service at foyro.com.
Contact: [email protected]
2. What Data We Collect
- Account data: Email address and authentication information (via Clerk).
- Uploaded photos: Images you upload for processing.
- Usage data: IP address, browser type, and activity logs necessary for service operation and security.
- Payment data: Transaction history and token balance (payment details are handled by Whop — we do not store card numbers).
3. How We Use Your Data
- To provide and maintain the Foyro service.
- To process your photos using our AI retouching pipeline.
- To manage your account, token balance, and transactions.
- To ensure security and prevent fraud.
- To comply with legal obligations.
4. Legal Basis (GDPR)
We process your personal data under the following legal bases:
- Contract performance: Processing necessary to deliver the service you signed up for.
- Legitimate interest: Security, fraud prevention, and service improvement.
- Consent: Where explicitly requested (e.g., optional marketing communications).
5. Sub-Processors
We use trusted third-party services to operate Foyro. These providers process data on our behalf:
| Provider | Purpose | Location |
|---|
| Clerk | Authentication & user management | USA |
| Whop | Payment processing (Merchant of Record) | USA |
| Neon | Database hosting | USA / EU |
| Vercel | Website hosting & analytics | USA |
| Google Cloud Platform | Cloud infrastructure & photo storage | USA / EU |
6. Data Retention
- Uploaded photos: Retained for up to 30 days to allow downloads, then permanently deleted.
- Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
- Transaction records: Retained for 5 years as required by tax and accounting laws.
7. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure:Request deletion of your data ("right to be forgotten").
- Portability: Receive your data in a structured format.
- Restriction: Limit how we process your data.
- Objection: Object to processing based on legitimate interest.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage, role-based access controls, and regular security monitoring.
9. International Transfers
Some of our sub-processors are based in the United States. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where required.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will notify you via email or in-app notice.
11. Contact
If you have questions about this Privacy Policy or your data, contact:
Andrii Tsyhanok
Email: [email protected]