wabihana

Privacy Policy

Last updated: 2026-06-07

A plain-English explanation of what Wabihana collects, how we use it, and the controls you have.

1. The short version

  • Your photos are yours. We process them to make paint-by-numbers scenes and delete the originals from our servers within 24 hours of successful processing.
  • You can paint as a guest, with no account, no email, no name.
  • You can delete your account and export your data from inside the app at any time.
  • We don't sell your personal data. We don't use third-party advertising trackers.
  • Inside the EU, UK, and EEA, crash & error reporting is off by default and only runs after you opt in. Outside those regions, it runs by default and can be turned off from Settings.

2. Who is responsible for your data

Wabihana is operated as an individual sole proprietorship based in Vietnam, and is the data controller ("we", "us") for the personal information described in this policy. Postal address: available on request by emailing [email protected]. For any privacy-related question, access request, or complaint, contact [email protected] or by phone at +840325370648.

3. What we collect

We try to collect as little as possible. The data we do collect falls into these groups:

3.1 Account data

  • If you sign in with Google, Apple, or Telegram, we receive a stable account identifier and your email address (Google/Apple) or Telegram user ID (Telegram). We do not receive your contacts, calendar, or any other profile data.
  • If you sign in with email magic-link, we store your email address and a hashed verification code.
  • As a guest, we generate a random device-local identifier ("guest UUID") and a signed anonymous token so we can attribute your projects and balance to a session. No email, no name, no profile.

3.2 Content you upload

  • The photo you upload for a painting. We strip EXIF metadata (location, camera model, timestamps) on your device before upload. The original photo is deleted from our servers within 24 hours of successful processing.
  • The derived assets we generate from your photo — the index map, colour palette, contour data, and the thumbnail — are kept so the painting stays playable. These are not the original photo.
  • Your painting progress (which zones are filled). On free accounts this lives only on your device. On Pro accounts it's backed up to your account so you can sync across devices.

3.3 Economy and payments

  • Your token balance and a ledger of grants, spends, and purchases. The ledger is what lets us refund correctly when something goes wrong.
  • If you buy tokens or Pro on the web, PayPal processes the payment. We receive a record of the purchase (price, SKU, status, PayPal's order and capture/transaction IDs) and a customer reference — not your full card number. PayPal's own privacy policy applies to the data they collect at checkout.
  • On mobile, in-app purchases are processed by the platform store (Google Play, Apple App Store, or Telegram Stars). We receive a verified receipt from the store; the store sees the payment details.

3.4 Device + diagnostic data

  • Standard server logs — IP address, user-agent, timestamp, requested route, status code. We keep these for up to 30 days for security, abuse investigation, and debugging, then they roll off.
  • Crash reports (Sentry). Sent on errors so we can fix bugs. Contain the stack trace and limited environment data. We try to scrub anything that looks like personal data on the way out.

3.5 Cookies and similar storage

  • Strictly necessary: a session token (keeps you signed in) and a consent record (remembers what you chose in the cookie banner).
  • Functional: IndexedDB (web) or SQLite (mobile) to store your projects, painting progress, and queued uploads on your device.
  • Crash & error reporting: only set after you opt in (EU / UK / EEA) or until you opt out (everywhere else).

We do not use third-party advertising cookies for tracking.

4. How we use what we collect

  • To run the service — generate paintings, save your gallery, sync Pro projects across devices, deliver push notifications you opted into.
  • To process payments and apply refunds.
  • To moderate uploaded content (see section 5).
  • To fix bugs, measure performance, and improve the product.
  • To prevent abuse, fraud, and violations of our Terms of Service.
  • To comply with legal obligations, including the mandatory CSAM reporting described in section 5.

We do not profile you for advertising, build a behavioural advertising audience around you, or sell your personal data.

5. Content moderation

Every uploaded photo is checked automatically before we generate a painting:

  • An on-device NSFW classifier runs in your browser as a soft check.
  • A server-side NSFW classifier runs on every upload, regardless of account tier.
  • A CSAM hash match against industry-standard datasets (PhotoDNA / NCMEC) runs on every upload regardless of account tier. Matches are blocked and reported to the appropriate authorities as required by law. This cannot be disabled by any tier — it is a legal obligation, not a moderation preference.
  • Edge cases are reviewed by a human moderator. Reviewers see the image and your account identifier only.

6. Legal basis (EU / UK / EEA)

If GDPR or UK GDPR applies to you, our legal basis for processing is:

  • Performance of a contract — running the service, processing your purchases, syncing your projects.
  • Legitimate interests — preventing abuse, keeping the service secure, measuring aggregate usage, debugging.
  • Consent — for crash reporting and non-essential cookies in regions where consent is required. You can withdraw consent at any time from Settings.
  • Legal obligation — CSAM hash matching, retention for tax / accounting purposes, response to lawful requests.

7. Who we share data with

We share data only with the service providers we need to run the product, and only the minimum each one needs to do its job:

  • Cloudflare R2 — object storage for derived assets and thumbnails.
  • Our managed database and Redis providers (e.g. Neon, Upstash) — store your account, balance, and project metadata.
  • PayPal — processes web payments (token packs and Pro subscriptions).
  • Google Play, Apple App Store, Telegram — mobile / Mini-App payments and authentication.
  • Resend — outbound transactional email (verification codes, receipts).
  • Sentry — crash & error reporting (subject to consent in EU / UK / EEA).
  • Google AdSense / AdMob — ads for free users on web and Android, configured for non-personalised ads where consent is not given.
  • NCMEC / equivalent agencies — where required by law, in the event of a confirmed CSAM hash match.
  • Law-enforcement and regulators — only in response to a lawful, properly scoped request, and only the data the request actually covers.

We do not sell personal data and we do not share it with third parties for their own marketing purposes.

8. Where your data lives

Our primary infrastructure runs in the European Union. Some of the service providers listed in section 7 process data in other countries — including the United States. Where required, we rely on the European Commission's Standard Contractual Clauses (or the EU-US Data Privacy Framework, where the provider is certified) to cover those transfers.

9. How long we keep it

  • Original uploaded photo — deleted from our servers within 24 hours of successful processing.
  • Derived painting assets (index map, palette, thumbnail) — kept as long as the project exists in your gallery, so the painting stays playable.
  • Account and balance data — kept while your account is active.
  • Deleted accounts — soft-deleted immediately, hard-purged after 30 days (grace period for accidental deletion). Some records may be kept longer where law requires it (payment records for tax, moderation records for safety).
  • Server logs — up to 30 days.
  • Crash & error events — retained per the relevant provider's default (typically 90 days).

10. Your rights

Subject to your local law (GDPR / UK GDPR / CCPA / and similar), you can:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your account and the data tied to it.
  • Export a copy of your data in a portable format.
  • Object to or restrict processing based on legitimate interests.
  • Withdraw consent for crash reporting and personalised ads at any time.
  • Lodge a complaint with your local data-protection authority. We would, of course, much prefer you tell us first so we can fix the problem.

Most of these are self-service in Settings → Account:

  • Export my data — generates a ZIP with your account info, project metadata, thumbnails, and payment history. We email you a download link that's valid for 7 days.
  • Delete my account — soft-deletes immediately. After 30 days, all personal data is hard-purged.

For anything not available in-app, email [email protected]. We respond within 30 days, usually much sooner.

11. Children

Wabihana is not intended for children under 13. We block under-13 sign-ups at the age gate and don't knowingly collect personal data from children. If you believe a child has provided personal data, email [email protected] and we will delete it.

12. Security

We use industry-standard measures: HTTPS everywhere, encrypted-at-rest object storage, server-issued signed tokens, hashed credentials, short-lived signed URLs for asset access. No system is perfectly secure; we do our best, and we will tell affected users without unreasonable delay if a breach occurs.

13. California residents (CCPA / CPRA)

If you live in California you have additional rights, including the right to know what personal information we collect about you and the right to delete it. The controls in section 10 also satisfy these requests. We do not "sell" personal information as that term is defined by the CCPA, and we do not share personal information for cross-context behavioural advertising.

14. Changes to this policy

We may update this policy from time to time. Material changes — for example, expanded data collection, new categories of recipients, or changes that reduce your rights — will be announced in the app or by email at least 30 days before they take effect, so you have a chance to review and, if you disagree, delete your account before they apply. Minor edits (clarifications, typo fixes, contact-detail changes) may take effect immediately.

15. Contact

Wabihana is operated as an individual sole proprietorship based in Vietnam.
Postal address: available on request by emailing [email protected].
Privacy questions, access requests, or anything you'd like us to know: email [email protected].
Phone: +840325370648.

See also: Terms of Service · Refund Policy · Pricing.

back home