Privacy Policy
GIF it - AI yourself into GIFs
Effective date: 6/30/2026
Last updated: 6/30/2026
Published at https://buildingthingsinc.com/privacy
1. Who we are
This Privacy Policy explains how Building Things Inc. ("we", "us", "our") collects, uses, and discloses information when you use GIF it - AI yourself into GIFs (the "App"), a service that lets you create and modify memes from images you provide, including images containing your likeness.
If you do not agree with this Policy, do not use the App.
Contact: privacy@buildingthingsinc.com · 9205 W. Russell Rd Ste. 305, Las Vegas, NV, 89149, USA
2. A plain-language summary
We've written the formal terms below, but in short:
- You upload photos (which may include your face or likeness). We send those images to our server, where they are processed by automated systems, including AI models, to generate or modify memes.
- We also use third-party content and media providers, such as GIPHY (and potentially others), to supply GIFs, stickers, and similar content. When you search for or use that content, certain information is shared with those providers under *their* privacy policies.
- We do not sell your personal data, and we do not share it with third parties for their own independent purposes. We do use service providers to operate the App.
- Our security is best-effort. No system is perfectly secure. You should not upload any photo you would not be comfortable becoming public, because we cannot guarantee it will never be exposed.
- You may not be individually notified if a security incident affects your data, except where the law requires us to notify you (see Section 9).
This summary is for convenience only and does not replace the full Policy.
3. Information we collect
a) Images and likeness data you provide. Photographs and images you upload, which may depict your face, body, or likeness, or the likeness of other people you choose to include.
b) Content you create. The memes and derivative images generated or modified through the App.
c) Search and interaction data. The search terms, selections, and prompts you enter to retrieve third-party content (for example, the keywords you send to GIPHY).
d) Account information (if applicable). [Username, email address, password, or third-party sign-in identifiers — edit to match what you actually collect, or delete if the App has no accounts.]
e) Technical and usage data. Information automatically collected when you use the App, such as device type and identifiers, operating system, app version, IP address, log data, timestamps, crash reports, and general usage analytics.
We do not intentionally collect more than is needed to operate the App.
4. How we use your information
We use the information above to:
- receive, host, and process the images you upload, including by sending them to our server and through AI models, in order to create and modify memes at your request;
- retrieve and combine third-party content (e.g., GIFs from GIPHY) with your content;
- operate, maintain, secure, debug, and improve the App;
- enforce our Terms of Service and prevent abuse, fraud, or violations of our rate limits;
- comply with legal obligations.
5. The AI and content-generation pipeline
When you create or modify a meme, the relevant image and request are transmitted to our server for automated processing. That processing may be performed by one or more AI models. The specific models and their providers may change over time, and we may substitute one model or provider for another to maintain or improve the service.
Where processing is performed by a third-party AI provider, that provider acts as our service provider / processor and is permitted to use the data only to perform the processing we request, not for its own purposes.
6. Third-party content providers (GIPHY and others)
The App integrates third-party content and media providers, including GIPHY and potentially others. When you use features powered by these providers:
- your search terms and certain technical information (such as IP address and device data) may be transmitted to the provider;
- that information is governed by the provider's own privacy policy, not this one;
- content supplied by these providers (GIFs, stickers, images) belongs to those providers or their licensors and is subject to their terms.
For GIPHY, see GIPHY's Privacy Policy and terms, available at [https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy](https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy).
7. How we share information
We do not sell or rent your personal data. We do not share it with third parties for their own independent marketing or commercial purposes.
We share information only in these limited circumstances:
- Service providers and sub-processors. Vendors who host our infrastructure, process images through AI models, supply third-party content (Section 6), or provide analytics, security, or similar operational services, strictly to perform those services for us. We maintain a current list of these providers, including the data they receive and where they are located, in our Sub-processors list at [https://buildingthingsinc.com/subprocessors](https://buildingthingsinc.com/subprocessors), which we update as our providers change.
- Legal and safety. Where we believe in good faith that disclosure is required by law, legal process, or governmental request, or is necessary to protect the rights, safety, or property of any person, or to investigate fraud or abuse.
- Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.
8. Data retention
We retain your information only as long as needed to provide the App and for the purposes described in this Policy, after which we delete or de-identify it.
9. Security and security incidents
a) Best-effort security. We use reasonable, best-effort technical and organizational measures to protect information on the server that creates and modifies memes. However, no method of transmission or storage is completely secure, and we cannot and do not guarantee the security of your information. You use the App at your own risk.
b) Public-exposure warning. Because we cannot guarantee security, you should not upload any photograph or image that you would not be willing to have become public. Do not upload images that are sensitive, confidential, or that depict anyone (including yourself) in a way you would not want disclosed.
c) Incident notification. To the maximum extent permitted by applicable law, we are not obligated to notify you individually of any security breach, unauthorized access, or data incident affecting your information, and you should not rely on receiving such notice. Where applicable law requires us to provide notification, we will do so within the timeframes and in the manner the law requires.
10. Your responsibilities
You are responsible for the content you upload and create. You agree that you:
- have the right to upload each image and to have it processed as described;
- will not upload images of other people without their consent, particularly where their face or likeness is used;
- will not upload unlawful, infringing, or otherwise prohibited content (see the Terms of Service);
- understand the public-exposure warning in Section 9(b).
11. Children's privacy
The App is not directed to, and we do not knowingly collect personal information from, children under 13 in the US / 16 in the EEA & UK — at minimum, match GIPHY's age floor. If you believe a child has provided us information, contact privacy@buildingthingsinc.com and we will take appropriate steps to delete it.
12. International data transfers
We and our service providers may process your information in countries other than the one where you live, which may have different data-protection laws. Where required, we implement appropriate safeguards for such transfers. *[Specify mechanisms, e.g., Standard Contractual Clauses, if you have EU/UK users.]*
13. Your rights and region-specific disclosures
Your rights depend on where you live. To exercise any right described below, contact privacy@buildingthingsinc.com. We will verify your request and respond within the timeframe the applicable law requires. You may also have the right to complain to your local data-protection authority. We will not discriminate against you for exercising a privacy right.
13.1 California (CCPA/CPRA)
If you are a California resident and we meet the statute's applicability thresholds, you may have the right to know what personal information we collect and how we use and disclose it; to access, delete, and correct it; and to opt out of any "sale" or "sharing" of it. Where we process sensitive personal information (which can include biometric information and, depending on use, images of your face), you may have the right to limit its use.
13.2 Other U.S. states
About twenty U.S. states now have comprehensive consumer-privacy laws in effect, most following a common model (Virginia-style). If you are a resident of one, you may have rights to access, delete, correct, and port your data and to opt out of targeted advertising, sale, and certain profiling. Most of these laws require opt-in consent before processing sensitive data, including biometric data, and many require us to honor browser-based universal opt-out signals (e.g., Global Privacy Control).
13.3 United States — federal law and biometric statutes
There is currently no single comprehensive U.S. federal privacy law. However, several federal and state regimes still bind you:
- COPPA restricts collecting personal information from children under 13 — relevant given face uploads (see Section 11).
- The FTC Act (Section 5) lets the Federal Trade Commission treat broken privacy/security promises as unfair or deceptive practices, so the commitments in this Policy are enforceable against us.
- State biometric laws are the highest-risk item for a face app. Illinois's Biometric Information Privacy Act (BIPA) requires informed written consent *before* collecting face geometry or other biometric identifiers, a published retention-and-destruction schedule, and bars profiting from biometric data — and it carries a private right of action with statutory damages per violation, which has produced very large class-action settlements. Texas (CUBI) and Washington have biometric laws (regulator-enforced), and Washington's My Health My Data Act regulates a broad category of consumer health data with consent requirements and its own private right of action.
13.4 EEA and United Kingdom (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, you have rights to access, rectify, erase, restrict, and port your personal data, to object to certain processing, and to withdraw consent at any time. Where we use your face or likeness to identify you, that is special-category data under Article 9, which generally requires your explicit consent. We will tell you the legal basis on which we rely, and you may lodge a complaint with your supervisory authority.
13.5 Canada (PIPEDA, B.C. PIPA, Alberta PIPA, Quebec Law 25)
If you are in Canada, your personal information is protected by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, depending on the province, by British Columbia's PIPA, Alberta's PIPA, or Quebec's Law 25. You generally have the right to access your information, to request corrections, and to withdraw consent, subject to legal limits. Because biometric and face data is sensitive, we rely on your express opt-in consent to collect and process it.
14. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate or legally required, provide additional notice. Your continued use of the App after changes take effect constitutes acceptance of the updated Policy.
15. Contact us
Questions about this Policy or your data: privacy@buildingthingsinc.com · Building Things Inc., 9205 W. Russell Rd Ste. 305, Las Vegas, NV, 89149, USA.
