Document: Privacy Policy

Operator: C.P.F Silicondali Development LTD

Privacy Policy — Doodle Magic AI

Effective date: 28 April 2026 Operator: C.P.F Silicondali Development LTD Contact: info@silicondali.com

TL;DR

We don't collect any personal data.
We don't use any third-party analytics, tracking, advertising, or crash-reporting SDK.
Your prompts and your generated images never leave your device unless you explicitly enable an Online generation provider (see §5).
No accounts, no logins, no signups — ever.

This policy describes precisely what data the Doodle Magic AI mobile app (the "App") and the team behind it collect, store, and share. The honest summary above is the whole story; the rest of this document is detail for clarity and regulatory compliance.

1. Data we collect on the device

1.1 What you type

Your prompts are tokenized and fed to the on-device AI engine to generate an image. Both the tokenization and the inference happen entirely on your phone or tablet. Prompt text is never sent to any server, and is not logged anywhere outside the running process — unless you have explicitly enabled the optional Online generation provider described in §5, in which case your prompt is sent only to the provider you chose (HuggingFace or Stability AI).

1.2 What the AI generates

Every generated image is saved to the App's private storage on your device under the Gallery tab. You can delete any saved image at any time from the Gallery (long-press → Delete). The App has no copy of your gallery anywhere else.

1.3 Camera frames

When you use the Trace feature, the App accesses the live camera feed to overlay your AI-generated image on real paper for tracing. Camera frames are processed in-memory only — they are not saved, not uploaded, and not retained beyond the moment they are displayed on screen.

1.4 Photo library

If you use Import Image to trace one of your own photos, the App reads that photo so it can be displayed in the tracing overlay. The image is read from your device's photo library only when you explicitly pick it. It is not uploaded.

1.5 Microphone

The App does not request or use the microphone for any feature in the user-facing build. (The Android manifest historically declared a RECORD_AUDIO permission as a side-effect of react-native-vision-camera — this permission is unused by the App and will be removed in a future update.)

2. Network requests

The App makes only the following outbound network requests, all of which are essential for the app to function or are explicitly opted into by the user.

2.1 First-launch safety bundle

On first launch the App downloads a small (~72 MB) bundle of two on-device classifiers (a text-prompt classifier and an image-content classifier) from a fixed HuggingFace revision:

https://huggingface.co/silicondali/doodle-magic-safety/resolve/<pinned-commit>/...

These classifiers run locally and are what enforce the kid-safe content guarantee. The download is resumable, content-addressed, and pinned to an immutable git commit hash so an attacker cannot swap out the safety bundle from under a live install.

The HuggingFace request includes a standard User-Agent and (on Apple platforms) URLSession-default fields. We do not pass any user identifier, and HuggingFace's logs (which we do not access) cannot be linked to an individual user of this App.

2.2 AI engine downloads

When the user taps Download on an AI engine in Create with AI, the App downloads the engine's archive(s) from a fixed HuggingFace revision:

https://huggingface.co/silicondali/doodle-magic-models/resolve/<pinned-commit>/...

Same character as the safety bundle — content-addressed, pinned, no identifier shared.

2.3 No third-party analytics, tracking, or crash-reporting SDKs

We do not use Firebase Analytics, Google Analytics, Crashlytics, Sentry, Mixpanel, Segment, Amplitude, or any other analytics, tracking, or telemetry SDK. There is no "phone-home" of any kind on app launch, on generation, on error, or at any other time.

2.4 Optional online generation providers (default: OFF)

See §5 for details on the optional online providers (HuggingFace and Stability AI). If you do not enable an online provider, the App makes no requests beyond §2.1 and §2.2.

3. Data we do not collect

For absolute clarity, we never collect any of the following:

Name, email address, phone number, or any other contact info
Device identifiers (IDFA, IDFV, ADID, MAC address, etc.)
IP addresses (HuggingFace's CDN sees IP addresses for the downloads listed in §2.1 and §2.2; Stability AI sees IP addresses only when you have explicitly enabled the §5 online provider; we do not see or have access to those logs)
Location data (precise or approximate)
Browsing or app-usage history
Behavioural data (taps, screen views, session length)
Generated images, prompts, or any creative output (subject to §1.1 if you have explicitly opted into an online provider)
Camera frames, photos, or microphone audio
Health, financial, payment, or biometric data

4. Children's privacy (COPPA)

The App is designed for use by children. We have built it specifically to comply with the United States Children's Online Privacy Protection Act (COPPA) and analogous regulations in other jurisdictions:

We do not knowingly collect personal information from any user, regardless of age.
We do not require any account, login, or registration.
We do not show advertising of any kind.
We do not offer in-app purchases.
We do not include social features, comments, chat, or third-party content.
We do not profile or behaviorally track users.
The optional Online generation providers in §5 require a user-supplied API key and are disabled by default, which we recommend leaving disabled for child users; on-device generation is the intended default.

If you believe we have inadvertently received any personal information from a child, please contact us at info@silicondali.com and we will investigate and delete it immediately. (As described above, we believe this is structurally impossible because the App does not collect personal information at all; we list this contact path for completeness and compliance.)

5. Third-party services

The App interacts with the following third-party services. Two are always-on (required for the App's safety bundle and on-device AI engine downloads); two are opt-in and disabled by default.

5.1 HuggingFace (always-on, content delivery only)

Used as the content host for the on-device safety bundle (§2.1) and the on-device AI engine archives (§2.2). The App downloads files from immutable, commit-pinned URLs and shares no user identifier. HuggingFace's privacy policy: https://huggingface.co/privacy

5.2 HuggingFace Inference Router (opt-in online provider, default OFF)

If you choose to enable Online generation in Settings → Manage Models → switch provider and select HuggingFace, your prompt is sent to https://router.huggingface.co/hf-inference/models/<model-id> along with the API key you provide. The returned image is then run through the on-device safety check before being shown. To use this provider you must supply your own HuggingFace API key — the App ships with no embedded key and never bills your account on our behalf.

5.3 Stability AI Platform API (opt-in online provider, default OFF)

If you choose to enable Online generation in Settings → Manage Models → switch provider and select Stability AI, your prompt is sent to https://api.stability.ai/... along with the API key you provide. Stability AI applies its own safety filters in addition to ours, and the returned image is run through the on-device safety check before being shown. To use this provider you must supply your own Stability AI API key — the App ships with no embedded key and never bills your account on our behalf. Stability AI's privacy policy: https://stability.ai/privacy-policy

5.4 No social or authentication providers

The App does not integrate with Google Sign-In, Apple Sign-In, Facebook, Twitter/X, TikTok, Discord, or any other social or authentication provider.

6. Data retention & deletion

Because the App does not collect personal data, there is no personal data to retain or delete on our side.

The on-device data (your generated images, your prompt history, and the App's settings) is stored only on your device and can be deleted in any of the following ways:

Inside the App: delete individual generated images by long-pressing them in the Gallery; manage downloaded AI engines from Settings → Manage Models.
On Android: clear all on-device data via Settings → Apps → Doodle Magic AI → Storage → Clear data.
On iOS: offload or delete the App via Settings → General → iPhone Storage → Doodle Magic AI.

Uninstalling the App removes all on-device data.

7. Changes to this policy

If we materially change how the App handles data, we will:

Update this document and bump the Effective date at the top.
Show an in-app notice on next launch explaining what changed.
Where required by law, request fresh consent before the new behaviour takes effect.

We will not retroactively apply a more permissive policy to data that was already collected (none has been, given §3) under the prior policy.

8. Contact

For any privacy-related question or request:

Email: info@silicondali.com Operator: C.P.F Silicondali Development LTD

We aim to respond within 7 calendar days.