privacy
coolgirlapps is a small indie studio run by Johanna Weber, a sole proprietor based in Germany. This policy explains what data we collect when you use our website (coolgirlapps.com) and our app Eras, what we do with it, and the rights you have over it.
The short version:
Most of your photo analysis happens on your device. A small selection of photos is sent to Anthropic and Google for AI processing, then deleted. We don't sell your data, don't show ads, and don't use third-party cross-site tracking. You can delete everything we store about you at any time from Settings โ Delete my data in the app.
1. On this website
coolgirlapps.com is hosted on Vercel. Vercel logs standard request data โ IP address, user agent, requested URL, timestamps โ for security and operational purposes. We don't set cookies, run analytics, or load third-party trackers on this site.
2. In the Eras app โ what stays on your device
When you let Eras read your camera roll, most of the analysis happens entirely on your phone using Apple's on-device frameworks. The results of that local analysis are cached in app storage and never transmitted as raw photos.
3. In the Eras app โ what we send out
To generate your archetype result, Eras sends a small selection of your photos to two AI providers through our backend: Anthropic (Claude API) and Google (Gemini API). Photos are sent over HTTPS, used to produce that single result, and not stored by us afterward. Anthropic and Google process the images under their commercial API terms; we do not authorize them to use your data to train their models, and to our knowledge they do not retain API request content beyond what is needed to provide the service. See Anthropic's and Google's privacy documentation for the authoritative statement.
We also store the result of your analysis โ your archetype result and related metadata, but not your photos โ in our backend so you can come back to it across sessions.
4. Your account
Eras doesn't ask for an email, password, or social login. On first launch we create an anonymous account identifier and store it on your device. You can optionally add a display name. We use this identifier to associate your Eras result and any referral activity with your install.
5. Referral codes
If you generate or redeem a referral code, we store the code and link it to the accounts involved so we can enforce limits and prevent abuse. We don't share any other information between users.
6. Subscriptions and purchases
In-app purchases go through Apple's App Store. We use RevenueCat to verify and manage your subscription status. RevenueCat receives your Apple receipt and an anonymous customer ID; it does not receive your photos, results, or other personal data from us. Apple's payment-related processing is governed by Apple's own privacy policy.
7. Analytics
We use PostHog (EU region) to understand how features are used and where people get stuck. PostHog receives:
- your anonymous Supabase UUID, used purely as a join key;
- event names like screen views, "settings opened", "referral code generated", "screenshot taken";
- standard device/session metadata (app version, OS version, locale, lifecycle events).
PostHog does not receive your photos, image labels, archetype results, display name, IDFA, or any other content-level data. We do not enable PostHog's session recording.
8. Diagnostic logs
Our Supabase backend and Edge Functions log standard request metadata (IP address, timestamps, response codes) for security and debugging. Apple may also collect crash reports if you've opted in at the OS level; those reports go to Apple, not to us, unless we have explicitly enabled crash forwarding (we haven't).
9. Tracking, ads, and cookies
We don't use the IDFA, we don't show ads, we don't run third-party advertising trackers, and we don't sell or share your data with data brokers. Eras's privacy manifest declares NSPrivacyTracking = false.
10. Who else processes your data (sub-processors)
- Supabase โ backend database, auth, and Edge Functions (data hosted in their EU region where configured).
- Anthropic โ Claude API, for copy generation (US-based; processes images per request, no training).
- Google โ Gemini API, for photo verification (US-based; processes images per request).
- PostHog โ product analytics (EU region).
- RevenueCat โ subscription management (US-based).
- Apple โ App Store, payments, and platform services.
- Vercel โ website hosting.
11. Legal bases (GDPR)
Under the GDPR, we rely on the following legal bases:
- Performance of a contract (Art. 6(1)(b)) โ to deliver the core app: process photos through AI services, save your result, manage subscriptions.
- Legitimate interests (Art. 6(1)(f)) โ for security logs, fraud prevention on referral codes, and aggregate product analytics. You can object to processing based on legitimate interests at any time.
- Consent (Art. 6(1)(a)) โ for camera-roll access (requested via the iOS permission prompt). You can revoke this at any time in iOS Settings.
12. Your rights
If you are in the EU/EEA, UK, or Switzerland, the GDPR gives you the right to: access the data we hold about you, correct inaccurate data, delete your data, restrict or object to processing, request portability, and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, the CCPA/CPRA gives you the right to know what we collect, request deletion, correct inaccurate data, opt out of sale or sharing of personal information, and not be discriminated against for exercising those rights. We do not sell or share personal information.
To exercise any of these rights, use Settings โ Delete my data in Eras for deletion, or email hello@coolgirlapps.com for anything else. We'll respond within 30 days.
13. How to delete your data
Open Eras, go to Settings โ Delete my data, and confirm. This permanently removes your anonymous account, Eras result, referral code, and redemption history from our backend, and clears your local app cache. Your photos in your camera roll are not touched. If you can't access the in-app option for any reason, email hello@coolgirlapps.com and we'll handle it manually.
14. Data retention
We keep your Eras result and referral data for as long as you have the app installed and your account active. If you delete your data (in-app or by email), we remove it immediately and it is gone from active systems within 30 days, with any incidental copies in encrypted backups aging out per Supabase's backup retention.
15. International transfers
Some of our sub-processors (Anthropic, Google, RevenueCat, Apple) are based in the United States. Where personal data is transferred outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards provided by the vendor.
16. Children
Eras is not directed to children under 13 (or under 16 in the EU, where local law sets a higher age of digital consent). We do not knowingly collect personal data from children. If you believe a child has used Eras, email us and we'll delete the account.
17. Changes to this policy
If we make material changes, we'll update the "last updated" date above and, where appropriate, notify users in-app. The current version always lives at coolgirlapps.com/privacy.
18. Contact / Data controller
coolgirlapps is an unregistered trade name operated by Johanna Weber, a sole proprietor based in Germany, who is the data controller for the purposes of the GDPR. For any privacy question, deletion request, or to exercise the rights above, email hello@coolgirlapps.com.