The short version:
- No account, no sign-up - we don't know who you are.
- No tracking, no ads, no analytics, no advertising identifiers.
- Your photos stay on your device. The only exception: to remove the background, your car photos are sent - without any information that identifies you - to our background-removal provider, processed, and returned. They are not stored on our servers.
- Payments are handled entirely by Apple and Google. We never see your card or billing details.
This Privacy Policy explains how CarMagic (the “App”) handles information when you use it. The App is provided by Łukasz Fryc, ul. Ślusarska 6/85, 30-710 Kraków, Poland (“we”, “us”, the “Provider”), who is the data controller for any personal data processed through the App. You can reach us at wegielski.michal.dev@gmail.com with any privacy question or to exercise your rights.
We built CarMagic to be private by design: it works almost entirely on your device, needs no account, and does not track you.
1. Information we process
We deliberately keep this to a minimum. Here is everything:
(a) Photos you capture
When you photograph your vehicle, the images are stored locally on your device, in the App's private storage. To create the studio result, your car photos are sent for background removal (see Section 2). Before they are sent, location and other EXIF metadata are removed from the image. We do not extract, read, or store license plates, VINs, faces, or any text from your photos.
(b) Session details you provide
Information you enter to set up a shoot - such as the car's body style and an optional name you give a session - is stored locally on your device only. It is not sent to us.
(c) Purchase information
Purchases are processed by Apple (App Store) or Google (Google Play). We receive a confirmation containing a product identifier and a transaction identifier so the App can unlock the photos you paid for. We never receive or store your payment card or billing details. This purchase record is kept on your device.
(d) Technical processing logs
When a photo is processed (Section 2), we record limited, non-image technical metadata - a random session/photo identifier, timing, image size, and a success or error status - to operate, secure, and debug the service. These logs do not contain your photos and are not used to identify you.
2. Background removal - the only external processing
To turn your shots into clean studio images, each photo is sent over an encrypted (HTTPS) connection to a server function we operate in the European Union (Frankfurt, Germany), which forwards the image to Remove.bg, a background-removal service operated by Kaleido AI / Canva. Remove.bg returns the image with its background removed, and the final studio look is then composed on your device.
- Only the image and a shot-type label (e.g. “front”, “rear”) are sent. No name, account, device identifier, or location is included.
- The image is processed in transit and is not stored on our servers - it exists only in memory for the few seconds processing takes.
- Remove.bg processes the image and then deletes it within a short period (per their policy, typically within 60 minutes), and states it does not use uploaded images to train its AI unless you explicitly opt in. Full details are in their privacy policy: https://www.remove.bg/privacy.
This processing happens only after you have purchased and only after you have given explicit consent on the in-app consent screen.
3. Why we process it and legal bases (GDPR)
- To provide the App's core feature (processing your photos): performance of our contract with you (Art. 6(1)(b) GDPR) and your explicit consent for the upload (Art. 6(1)(a) GDPR).
- To complete and validate purchases: performance of contract.
- To keep the service working and secure (technical logs): our legitimate interests (Art. 6(1)(f) GDPR).
4. Where your data is processed (international transfers)
Our processing function runs in the European Union (Frankfurt). Our infrastructure provider (Google / Firebase) and Remove.bg may process data in or outside the European Economic Area. Where data leaves the EEA, these providers rely on appropriate safeguards such as the EU Standard Contractual Clauses.
5. How long we keep it
- Your photos and session data stay on your device until you delete them. You can delete a session in the App at any time, which removes its photos and data from your device. Uninstalling the App removes all local data.
- Images sent for background removal are not retained by us after processing.
- Technical processing logs are kept for a short period for debugging and security, then deleted.
6. No tracking, no ads, no analytics
CarMagic contains no advertising, no analytics or measurement tools, no crash-reporting that profiles you, and no advertising identifiers (such as the IDFA). We do not build a profile of you, and we do not sell or share personal data.
U.S. residents (including California): we do not “sell” or “share” your personal information as those terms are defined under U.S. state privacy laws (including the California Consumer Privacy Act), and we do not use it for cross-context behavioral advertising. The rights described in Section 7 are available to you regardless of where you live.
7. Your rights
Because the App requires no account, we generally hold no personal data on our servers that identifies you. The personal data in CarMagic - your photos and session details - lives on your device and is under your control: you can view it in the App and delete it at any time.
To the extent we process any personal data relating to you, under the GDPR you have the right to access, rectification, erasure, restriction of processing, objection, and data portability, and the right to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority - in Poland, the President of the Personal Data Protection Office (UODO). To exercise any right, email us at wegielski.michal.dev@gmail.com.
8. Children
CarMagic is not directed to children and is rated for general audiences (4+). We do not knowingly collect personal data from children.
9. Security
Photos and data on your device are protected by your device's operating-system security. Transfers to our processing function and to Remove.bg use encrypted (HTTPS) connections.
10. Changes to this Policy
We may update this Policy from time to time. We will post the new version on this page and update the “Last updated” date above. Material changes will be reflected here before they take effect.
11. Contact
Questions or requests about your privacy: wegielski.michal.dev@gmail.com.