Privacy Policy – RizBIT Icons

This is a privacy policy for RizBIT Icons App

Effective date: 20/03/2026

App Version: 2.4.0+

This Privacy Policy explains how RizBit (“we”, “us”, “our”) collects, uses, and protects information when you use RizBIT Icons (the “App”), including the web version available at rizbit.uk (the “Website”) and the mobile versions distributed via app stores (Android and iOS).

1. Who we are (Data Controller)

RizBIT Icons is operated by RizBit, a UK-based Developer & IT Freelancer.

For the purposes of UK GDPR and EU GDPR, RizBit is the data controller for processing activities described in this Privacy Policy.

Contact email: [email protected]

For address see contact page.

2. Scope of this policy

This Privacy Policy applies to the RizBIT Icons App and associated services we operate. It does not cover third-party websites, services, or platforms that may be linked to or used in connection with the App (for example, third-party AI providers, advertising partners, or apps you share files to). Those services are governed by their own privacy policies.

3. Summary

  • No account required. We do not require registration or login.
  • Images and prompts are processed only when you choose AI features. We do not use them for profiling or to train our own AI models.
  • Temporary storage: images uploaded for AI inpainting are stored in our Cloudflare R2 bucket for up to 48 hours then deleted.
  • Prompts: AI action prompts are stored on our server for up to 48 hours then deleted.
  • IP address: we temporarily process a hashed form of IP addresses for security and rate limiting.
  • Third-party processing: AI generation/inpainting is provided via Pixazo, which may retain content for its own operational period, as described in its own privacy policy.
  • Advertising: we show Google AdSense (Website) and Google AdMob (mobile apps). Personalised ads are only shown where you have given consent via a consent message or in-app settings, where required by law.

4. Personal data we collect

The App does not ask for, and we do not knowingly collect, profile-style personal data such as names, email addresses, phone numbers, addresses, or account credentials through the core icon generation features.

However, some technical information may be processed as part of operating the service safely and reliably (for example, IP addresses for rate limiting and abuse prevention, and infrastructure logs). In certain regions, this information may be considered personal data.

5. Images, prompts, and content you provide

You may upload images and/or enter text prompts when using optional AI features. This content is processed only at your request to provide the requested functionality (for example, generating an image or modifying an uploaded image using inpainting).

  • We do not use your images or prompts for profiling or behavioural advertising.
  • We do not use your images or prompts to train our own AI models.
  • We do not permanently store your prompts.
  • Where legally required, we may need to retain specific content for a longer period to comply with law, resolve disputes, or enforce our terms.
  • AI-generated images, prompts, uploaded source images used for editing or inpainting, and related technical metadata are normally stored only temporarily to provide the service. However, if content is reported by a user, flagged for safety review, or reasonably suspected of misuse, abuse, unlawful activity, or policy violations, we may retain the relevant content and metadata for longer than the standard temporary retention period for review, moderation, abuse prevention, security, dispute handling, and legal compliance. This may include the generated image, uploaded image, prompt, report details, task identifiers, timestamps, username, and IP address.

6. Mobile Apps (Android & iOS) — device storage and sharing

The mobile apps allow you to select images from your device using the operating system’s file/photo picker. The App does not request broad photo library access permissions when the system picker is used.

You can save generated icons to your device or share them using your device’s share features (for example, sending to messaging or social apps). When you share a file, the recipient app/service you choose will process the file under its own policies.

7. AI processing and third-party services

The App offers optional AI-powered image generation and image modification (inpainting). These features rely on third-party services acting as processors or independent controllers for certain data.

Pixazo (AI provider)

  • Text prompts and, where applicable, image data (or temporary image links) are sent to Pixazo to generate or modify images.
  • We store your prompts on our servers for up to 48 hours then delete them.
  • Pixazo may retain generated/modified images for approximately 20 days and then delete them, in line with its own policies.
  • Pixazo processes data according to its own privacy policy: https://www.pixazo.ai/privacy-policy

Cloudflare (infrastructure and temporary storage)

  • We use Cloudflare services for security and performance, and Cloudflare R2 for temporary storage.
  • Images uploaded for AI inpainting/modification are stored in our Cloudflare R2 bucket for a maximum of 48 hours and then automatically deleted.
  • Cloudflare may process technical data (including IP addresses and request metadata) as part of providing security and infrastructure services, in accordance with Cloudflare’s own privacy policy.

Where necessary, we may disclose reported or flagged content and related information to service providers, hosting/storage providers, professional advisers, law enforcement, regulators, or other authorities where required by law, to protect rights and safety, or to investigate misuse of the service

8. IP address, security, and rate limiting

To protect the service and prevent abuse (for example, automated spam requests), we apply rate limits to certain AI endpoints. For this purpose, our server temporarily processes your IP address and stores a hashed representation of it (for example, a file key derived from md5(IP)) along with timestamps/counters.

  • Purpose: security, abuse prevention, and service stability (rate limiting).
  • How it’s stored: a hashed identifier derived from the IP address (not a user account or profile).
  • Retention: temporary; automatically expires/clears as part of the rate-limiting system.
  • We do not use IP addresses to identify you and we do not build user profiles from this data.

9. Local storage and in-browser data (Website / Web App)

The Website version may use browser-based storage for functionality:

localStorage

  • Used only for client-side limits related to AI modification usage.
  • Storage key: rizbit_modify_limits
  • Data stored: timestamps and counters (for example, lastModifyTime, dailyCount, dailyResetDate).
  • No personal or identifying information is stored.

In-browser memory (session data)

  • Temporary images (uploaded or generated).
  • Crop selections, effect settings, generated icons.
  • This data exists only during your session and is cleared when you close the tab or browser.

The Website does not use IndexedDB and does not set first-party cookies for the core icon generation features. Separate consent banners or tools may apply to advertising (see “Advertising and cookies”).

10. Advertising and cookies

Website (Google AdSense)

The Website may display advertising provided by Google AdSense. Google and its partners may use cookies, device identifiers, or similar technologies to serve ads, measure performance, and personalise advertising where permitted by law.

Where required (for example, for users in the EEA, UK and certain other regions), we display a Google-approved Consent Management Platform (CMP) allowing you to manage consent preferences for advertising and related technologies, including personalised and non-personalised ads.

Google may act as an independent data controller for data it collects via ads. Learn more here: https://policies.google.com/privacy

Mobile Apps (Google AdMob)

The App uses Google AdMob to display advertisements. When you view or interact with ads:

  • AdMob collects standard advertising data including device information, IP address, ad interactions, and approximate location, as described in Google’s privacy policy.
  • Depending on your region and your choices, this data may be used to serve personalised ads or non-personalised ads.
  • You control ad personalisation and consent via the in-app consent/UMP screen and the “Ad Preferences” option in the App, where available.
  • For iOS, certain advertising features may rely on the device’s tracking permission (App Tracking Transparency). If you decline tracking, you may still see ads, but they will be less personalised.

AdMob / Google Privacy Policy: https://policies.google.com/privacy

Mobile apps may also display simple in-house promotional banner ads for RizBit products or services. These are first-party promotions and do not use third-party advertising networks, tracking technologies, profiling, or personalised advertising.

11. Analytics

The App does not include third-party analytics SDKs such as Google Analytics or Firebase Analytics.

Cloudflare may provide aggregated operational metrics (for example, request counts, caching, performance and security events) to operate and secure the service. We do not use these metrics to create user profiles.

12. Legal bases for processing (UK GDPR / EU GDPR)

Where applicable, our legal bases for processing are:

  • Performance of a contract / service or user request — processing images and prompts to generate or modify icons when you request it.
  • Legitimate interests — operating, securing, and improving the service, enforcing rate limits, and preventing abuse.
  • Consent — where required for advertising technologies, cookies or similar technologies, and certain region-specific requirements (for example, personalised ads in the EEA/UK).

13. Data retention

  • Images uploaded for AI inpainting (Cloudflare R2): up to 48 hours then deleted.
  • Text prompts: up to 48 hours then automatically deleted.
  • Rate limiting data: temporary (hashed IP identifier with timestamps/counters), expires as part of the rate-limit mechanism.
  • Website localStorage limits: retained in your browser until cleared by you or overwritten.
  • Session data (in-browser memory): cleared when you close the browser/tab.
  • Legal retention: in limited cases we may keep certain information for a longer period if required to comply with legal obligations, resolve disputes, or enforce our agreements.
  • Extended retention: Reported or flagged content may be retained for a longer period where reasonably necessary to investigate reports, enforce our terms and policies, detect and prevent abuse, respond to complaints, protect users and third parties, or comply with legal obligations.

14. International data transfers

The App is available worldwide. Some providers we use (such as Cloudflare, Google, and Pixazo) may process data outside the UK or European Economic Area.

Where applicable, such transfers are protected using appropriate safeguards in accordance with data protection laws (for example, adequacy decisions, standard contractual clauses, or equivalent mechanisms).

15. Your data protection rights

Depending on your location, you may have rights under data protection laws, including the right to:

  • Request access to personal data.
  • Request correction or deletion of personal data.
  • Object to or restrict certain processing, including processing based on legitimate interests or for direct marketing.
  • Withdraw consent where processing is based on consent (this will not affect the lawfulness of processing before withdrawal).
  • Lodge a complaint with your local data protection authority.

As we do not maintain user accounts and we retain limited data, these rights may be limited in practice. However, you may contact us at [email protected] with any questions or requests. We will respond in accordance with applicable law.

16. Children

The App is not intended for children under 13. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe a child has provided personal data via the App, please contact us so we can take appropriate steps, such as deleting the information.

17. Security

We use reasonable technical and organisational measures to protect the App and any temporary data processed, including secure infrastructure and encrypted connections (HTTPS). However, no system is completely secure and we cannot guarantee absolute security.

18. Future features

If we introduce new features that change data handling (for example, in-app purchases, push notifications, accounts, or new types of mobile advertising), we will update this Privacy Policy and any required in-app disclosures before those features are enabled.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on the Website. If changes are material, we will take additional steps to inform you where required (for example, by showing a notice in the App or on the Website).

20. Contact us

If you have questions about this Privacy Policy or data protection matters, contact:

Email: [email protected]