Octio

Privacy Policy

Last Updated: January 7, 2026

This Privacy Policy explains how Octio ("Octio," "we," "our," or "us") collects, uses, discloses, and safeguards your information when you use our AI-powered platform and related services available at https://octio.ai ("Services"), including tools for generating AI-based content (e.g., images, videos, documents) and interacting through Octio's interfaces or APIs. This policy applies to all users, including developers and individual end users.

By using Octio, you consent to the practices described in this policy.

1. Information We Collect

Information You Provide Directly

  • Account registration data (name, email, password)
  • Billing/payment information via our payment processors
  • User-generated content, prompts, and inputs
  • Support requests and communication records

Information Collected Automatically

  • Device and log information (IP, browser, OS, activity logs)
  • Usage data (API usage, tool access, content generation stats)
  • Cookies and similar tracking technologies

Third-Party Platforms

  • When signing up or logging in via a third-party platform (e.g., Google, Apple), we access basic profile info as permitted.

2. Face Data and Uploaded Images

Octio allows users to upload images containing faces for AI-powered content generation features. This section explains how we handle face data in compliance with applicable privacy laws and platform guidelines.

What Face Data We Collect

When you voluntarily upload images containing faces to use features such as face swap, portrait enhancement, or video generation, we process these images to fulfill your requests. We want to be clear about what we do and do not do:

  • We process facial images solely for AI content generation purposes
  • We do NOT use facial recognition technology to identify individuals
  • We do NOT create or store biometric identifiers or facial recognition templates
  • We do NOT extract facial geometry or biometric data for identification purposes

How We Use Face Data

  • To process your AI generation requests (e.g., face swap, portrait effects, video generation)
  • To deliver the generated content back to you
  • To allow you to access your creation history and regenerate content
  • Face images are used solely for the creative purposes you request

Face Data Storage and Retention

  • Uploaded images containing faces are securely stored on our infrastructure
  • Images are retained to allow you to access your creation history and regenerate content
  • You can delete all your data by deleting your account
  • Upon account deletion, all associated images are permanently removed within 30 days

Face Data Processing and Service Providers

To provide AI content generation services, your uploaded images may be transmitted via secure APIs to our trusted AI processing partners:

  • Google - AI video and image generation
  • OpenAI - AI content processing
  • fal.ai - AI model inference

These service providers:

  • Process your data solely to fulfill your AI generation requests
  • Operate under strict contractual data protection obligations
  • Do not retain, store, or use your images beyond processing your request
  • Are bound by their own privacy policies and security standards

We do NOT:

  • Sell, rent, or share your images with third parties for marketing purposes
  • Publicly display your uploaded content
  • Add your images to facial recognition databases
  • Use your images for advertising purposes

Your Rights Regarding Face Data

  • You have full control over the images you upload
  • You can delete all your data by deleting your account through account settings
  • You may request complete data deletion by contacting [email protected]
  • We recommend not uploading images of others without their consent

3. iOS Biometric Authentication

On iOS devices, our app does not collect or process any facial recognition data or biometric identifiers for AI or analytics purposes.

If you choose to log in with "Sign in with Apple", the system may use Face ID or Touch ID to verify your identity. This biometric authentication is entirely handled by Apple's secure enclave, and Octio does not access, receive, or store any biometric authentication data.

4. Other Uploaded Files and Media

In addition to face images, Octio processes other uploaded files (videos and audio) for AI content generation.

How We Handle Other Media Files

  • Video and audio files are processed to complete your AI generation requests
  • These files are stored securely on our servers
  • We do not share these files with third parties

5. Use of Your Information

We use your information to:

  • Provide, maintain, and improve our Services
  • Authenticate your account and manage access
  • Process transactions and provide support
  • Monitor and prevent misuse, fraud, or abuse
  • Send transactional and marketing communications (with opt-out options)
  • Comply with legal obligations (including under applicable data protection laws)

6. Disclosure of Information

We may share your data with:

  • Vendors and service providers (hosting, payment processing, analytics)
  • Law enforcement or regulators when legally required
  • Legal and financial advisors
  • Corporate transactions (e.g., mergers or acquisitions)
  • With your consent or direction

We may also share aggregated or de-identified data that does not reasonably identify you.

7. Prohibited Use & Content

To protect users and the public, Octio prohibits using its platform to generate, promote, or disseminate:

  • Pornographic, explicit, or sexually exploitative content
  • Scam, phishing, impersonation, or fraud-related content
  • Hate speech, violent, discriminatory, or unlawful content
  • Content violating copyright or intellectual property laws

Violation may result in account suspension or permanent bans.

8. User Rights

You may:

  • Access, update, or delete your data at any time by contacting [email protected]
  • Opt out of marketing communications
  • Manage cookie preferences through your browser

9. Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined above or to comply with legal obligations.

10. Security

We take commercially reasonable security measures to protect your data. However, no method of transmission or storage is 100% secure.

11. Regional Privacy Rights

For Users in Other Jurisdictions

If you are located in a jurisdiction not explicitly mentioned above (such as Brazil, India, Australia, or others with comprehensive data protection laws), you may have additional rights under your local laws. These rights may include the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of inaccurate or outdated information
  • Withdraw consent or object to specific types of data processing
  • File a complaint with a local data protection authority

To exercise any such rights, please contact us at [email protected]. We are committed to respecting the data protection principles applicable in your region and responding to your request in accordance with applicable law.

For Users in the European Union (GDPR)

If you are located in the European Economic Area (EEA):

  • You have the right to access, rectify, or erase your personal data.
  • You may object to or restrict certain processing.
  • You have the right to data portability.
  • You may withdraw your consent at any time.
  • Contact your local Data Protection Authority (DPA) for unresolved complaints.

Legal bases for processing under GDPR include:

  • Contractual necessity (e.g., account creation, transaction processing)
  • Legitimate interests (e.g., service improvement, fraud prevention)
  • Compliance with legal obligations
  • Consent (e.g., marketing communications)

Data may be transferred outside the EEA under appropriate safeguards (e.g., standard contractual clauses).

For Users in Canada (PIPEDA)

If you are located in Canada:

  • You have the right to access and correct your personal information.
  • You may withdraw your consent at any time, subject to legal or contractual restrictions.
  • We only collect, use, and disclose personal data for identified and reasonable purposes.
  • Data is stored in data centers that may be located outside Canada.

For Users in California (CCPA)

If you are a California resident:

  • You may request access to or deletion of your personal information.
  • You have the right to know what categories of data we collect and the purposes.
  • You may opt out of the "sale" of personal data (we do not sell personal data as defined by CCPA).
  • You will not be discriminated against for exercising your CCPA rights.

To submit a request, email [email protected] with "CCPA Request" in the subject line.

12. Contact Us

If you have questions about this policy or your privacy rights, email [email protected]