Effective Date:2025.10.28
Last Updated:2025.10.21
Tables of Content
3. How We Use Your Information
4. Legal Basis for Processing (For Users in the EEA, UK, and Brazil)
5. Sharing and Disclosure of Information
6. Cross-Border Data Transfers
A. Rights You Can Exercise Yourself
B. Rights You Can Exercise by Contacting Us
10. Social Media and Third Party Services
12. Changes to This Privacy Policy
Welcome to HeyStar! This Privacy Policy explains how HeyStar ("we," "us," or "our") collects, uses, shares, and protects information when you use our products or services( "Service"). This policy applies to all visitors, users, and others ("Users," "you," or "your") who use our mobile application ("App"), visit our website, or interact and communicate with us through our online or social media channels.
Our Service is provided and controlled by Chongqing Cuyi Technology Co., Ltd,and we are the data controller. To ensure the highest standards of privacy and data security, we have appointed a dedicated Data Protection Officer (DPO). Our DPO is responsible for overseeing our data protection strategy and ensuring that all personal data collected from you is handled in accordance with applicable privacy laws and regulations. Our DPO is also responsible for ensuring that you can exercise your data protection rights, such as accessing your data, requesting corrections, or asking for deletion of your personal data. Our DPO can be reached at cqcuyi2024@gmail.com.
By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy.
We collect various types of information to provide and improve our Service to you.
A. Information You Provide to Us:
● Communications: If you contact us directly (e.g., for customer support), we will receive your email address, the contents of your message, and any other information you choose to provide.
● User Input:When you use our Service, we may collect your text input, prompt, uploaded files, feedback, chat history, or other content that you provide to us. We generate responses (“Outputs”) based on your Inputs.
● Face Data: When you use the image generation feature, we require you to provide a photo, which may include face data. This data is used solely to generate composite images using the templates we provide. After the image is successfully generated, we delete all collected face data and do not share it with any third parties.
B. Information We Collect Automatically:
● Device and Technical Information: We collect your your mobile device (hardware model, operating system, unique device identifiers). The information we collect may vary based on your device type and settings.
● Cookies and Similar technologies: We use cookies and similar technologies (e.g., web beacons, pixels) to collect and use your information. Cookies are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your settings and preferences, enable functionality, help us understand and analyze user activities, and facilitate online advertising. You can manage or disable cookies through your browser or device settings.
C. Information We Collect with Your Permission:
● Photo and Media Library Access: We request photo and media library access so you can upload existing personal photos and videos from your library to the App or save content from the App to your device. For instance, this allows you to select a new profile picture, share images and edit media.
● Clipboard Access:To improve your experience, we may request access to your clipboard. This allows you to easily paste content, such as shared links or referral codes, directly into the App. We will only read from the clipboard when you perform a "paste" action within our App.
● File Read/Write Access:We request file read/write access when you import/export files for editing and rendering. We only access files you explicitly select for import or export and do not browse your gallery without your action.
● External/SD Card Storage Access: We may request external storage access when you read and write media files on external storage (SD cards) for importing or exporting project files. We will only access files you select, and will not scan the entire SD card without your explicit action.
We use the information we collect for the following purposes:
● Provide, Operate, and Maintain Our Service, including to:
○ provide the essential features of our application;
○ ensure that our services are working as intended;
○ provide personalized content, services, and recommendations.
● Manage Your Account.We use your data to create, secure, and manage your user account, allowing you to log in securely to access to different functionalities of the Service that are available to you.
● Improve and Optimize Our Service, including to:
○ understand how our services are used and which service can be improved;
○ help us develop new products or features;
○ train and improve our AI technology, such as our machine learning models and algorithms.
● Ensure the Safety and Reliability of Our Service. For example, we prevent and detect abuse, fraud, and illegal activity which could harm us, our users or the public by conducting troubleshooting, data analysis, testing, and research.
● To communicate with you, including for customer support and to send you service-related notices.
● To comply with legal obligations, including to:
○ comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
○ protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
○ audit our compliance with legal and contractual requirements and internal policies.
We’ll ask for your consent before using your information for a purpose that isn’t covered in this Privacy Policy.
If you are a user in the European Economic Area (EEA), United Kingdom (UK), or Brazil, we process your personal information based on the following legal grounds under applicable laws(e.g., GDPR and LGPD)
● Consent: We process certain information based on your explicit consent, such as:
○ access to photo/media library, file, SD card storage;
● Performance of a Contract: We process your personal information to fulfill our contract with you, such as:
○ creating and managing your account;
○ providing app functionalities and services you request;
● Legitimate Interests: We process information for our legitimate interests, such as:
○ service improvement, troubleshooting, and analytics;
○ fraud detection and service security;
● Legal Obligation: We process your information to comply with our legal obligations,such as:
○ responding to lawful authority requests;
○ meeting financial and audit requirements.
● Protection of Vital Interests: We process your information in emergency or safety-related situations.
● Exercise of Rights in Legal Proceedings: We process your information to defend our rights in legal disputes.
Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object to such processing.
We are committed to protecting your privacy. We do not sell, rent or lease your personal information to third parties. We do not transfer your personal information to any company, organization, or individual, except in the following cases:
● With Your Separate Consent: We may share your information with third parties when we have obtained your separate and explicit consent to do so.
We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.
● Service Providers: We share information with third-party vendors that perform services on our behalf and we may integrate third-party software development kits (“SDKs”) for purposes such as cloud storage, Types of third-party service providers include:
○ Cloud hosting providers: We use cloud hosting service providers(such as Tencent Cloud) to securely store and manage user information and application data. The providers may collect information such as your profile information, usage data, and any other information you provide through the Service.
○ AI Generator providers:We use AI Generator service providers (such as Gemini and Jimeng) to generate images. The providers may collect information such as your images or videos.
We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.
● Business Transfers: We will not transfer your personal information to any third party, except in the case of a merger, acquisition, asset sale, or judicial liquidation where your information may be transferred as part of the transaction. We will ensure the confidentiality of such information during the transfer process and require the new holder to continue to be bound by this Privacy Policy.
● Legal Compliance and Safety: We may disclose your information if required to do so by law or to protect the safety of any person or our rights or property.
● Professional Advisors, such as lawyers and accountants, where doing so is necessary to facilitate the services they render to us.
● Affiliates: We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with us. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy.
● Your Sharing: Through the Services, you may be able to make your personal information available to others if you choose to do so, including:
○ social media platforms, when you choose to share content on social media.
Our primary server is located in Singapore. To keep our service safe and reliable, we may also back up or process data in other locations where our cloud providers operate. Please note that the Personal Information we collect from you may be stored on a server located outside of the country where you live and such jurisdiction may not provide the same protections as the data protection laws in your home country. By using our Service, you agree to transfer your information to countries where we and/or our service providers operate. Where required, relevant safeguards are in place to afford appropriate protection for your personal information and we will comply with applicable data protection laws.For more information about how we transfer personal information internationally, please contact us at [cqcuyi2024@gmail.com].
● We store your personal information on a secure server, with the latest firewall protection, saved in secure facilities. In addition, we implement administrative, technical and physical safeguards in line with commercially applicable and industry standards to protect the confidentiality and security of your personal information and to prevent unauthorized access.
● We have implemented appropriate, reasonable measures designed to protect the security of any personal information that we process,including:
○ In certain services(for example, services involving the collection of your personal photos and other sensitive information), we will use encryption technology (SSL) to protect your information, and isolate it using isolation technology;
○ We will employ multiple data anonymization techniques to enhance the security of information during use;
○ We will implement strict data access permission controls and multi-factor authentication technologies to protect information and prevent unauthorized use;
○ We will establish data classification and grading systems, data security management standards, and data security development standards to regulate the storage and use of information;
○ We will enforce comprehensive security controls through confidentiality agreements with information handlers and mechanisms about monitoring & audit;
○ We will organize security and privacy protection training programs to enhance employees' awareness of the importance of protecting personal information.
● However, despite our security measures and efforts to protect your information, any electronic transmission or information storage technology through the Internet cannot guarantee 100% security. We cannot promise or guarantee that no hackers, cyber criminals or other unauthorized third party destroy our security measures, nor can we promise that no third party improperly collect, access, steal or modify your information. Although we will do our best to protect your personal information, the risk of transferring your personal information to or from our services is at your own expense. You should access the service only in a secure environment. If you have any reason to believe that your interaction with us is no longer safe, please notify us by email immediately.
In short: We will retain your information if necessary to achieve the purpose outlined in this Privacy Policy, unless otherwise required by law.
● We will retain your personal information only for the time required for the purposes specified in this Privacy Policy, unless legally required or permitted for longer retention periods (e. g., tax, accounting or other legal requirements).
● Anonymous, aggregated, and other data uncertain of your personal identity, such as your activity data
● When we have no ongoing legal business to process your personal information, we will delete or anonymize such information, or if this is impossible (for example, because your personal information is stored in a backup file), we will securely store your personal information and isolate it from any further processing until it can be deleted.
We believe in giving you control over your information. For users from certain jurisdictions (e.g., EU/EEA, UK, California), additional rights or requirements may apply in accordance with local privacy laws.This section outlines your rights and the choices you have regarding your personal information. You can exercise these rights yourself through the app and your device, or by contacting us directly. Note that some of these rights may not be absolute. For example, if this means that we will no longer be able to fulfill our contractual obligations to you, or if this will prevent us from fulfilling our legal obligations, we may reject the request.
You can access and manage much of your information directly through your account and device settings:
● Manage Device Permissions: You have control over the data you share with us through your device's permissions system. You can enable or disable our access to your Photo and Media Library, Clipboard, and External/SD Card Storage at any time through your mobile device's settings menu. Please note that disabling certain permissions may affect the functionality of some features within the app.
● Manage Cookies: You can manage or disable cookies and similar tracking technologies through your web browser or device settings.
To exercise the rights below, or if you have any questions about them or you have special request, please contact us via email at [cqcuyi2024@gmail.com]. For your protection, we may need to verify your identity before fulfilling your request.
● Right to Access and Data Portability: You have the right to request a copy of the personal information we hold about you. You may also have the right to receive this information in a structured, commonly used, and machine-readable format to transmit to another service.
● Right to Correct Inaccurate Information: If you believe that any personal information we hold about you is incorrect or incomplete, you have the right to request that we correct it.
Depending on where you reside, you may have additional rights under local law. To exercise the rights below, or if you have any questions about them or you have special request, please contact us via email at [cqcuyi2024@gmail.com].
● For Residents of California and Virginia of the USA (under CCPA/CPRA and VCDPA)
In addition to the rights above, residents of California and Virginia have the following rights:
○ Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collecting it, and the categories of third parties with whom we have shared it.
○ Right to Opt-Out of "Sale" or "Sharing": You have the right to direct us not to “sell” or “share” your personal information as defined by California law.
○ Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit the use and disclosure of your sensitive personal information.
○ Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying you services, charging you different prices, or providing you a different level or quality of service.
○ Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.
○ Right to Object (under VCDPA) – You have the right to object to our processing of your personal information when it is based on our legitimate interests.
● For Residents of the European Economic Area (EEA), United Kingdom, and Switzerland (under GDPR/GDPR(UK)/FADP)
If you are a resident of the EEA, UK, or Switzerland, you have the following data protection rights:
○ Right to Object: You have the right to object to our processing of your personal information when it is based on our legitimate interests. You also have an absolute right to object to your data being processed for direct marketing purposes.
○ Right to Restrict Processing: You can ask us to suspend the processing of your personal information in certain circumstances.
○ Right to Withdraw Consent: Where we have collected and processed your information with your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
○ Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.
● For Residents of Brazil (under LGPD)
If you are a resident of Brazil, you have the following rights under the Lei Geral de Proteção de Dados (LGPD):
○ Confirmation of Processing: You have the right to confirm the existence of processing of your data.
○ Anonymization, Blocking, or Deletion: You have the right to request the anonymization, blocking, or deletion of unnecessary or excessive data or data processed in noncompliance with the LGPD.
○ Information on Data Sharing: You have the right to request information about the public and private entities with which we have shared your data.
○ Information on Consent: You have the right to be informed about the possibility of denying consent and the consequences of such denial.
○ Revocation of Consent: You have the right to revoke your consent at any time.
○ Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority about our collection and use of your personal information.
We may offer links to third party websites and services, includingTiktok,Instagram. When using any such features, certain information may be collected by such third parties, and such third parties may set a cookie to enable the feature to function properly. Any data collected by such third parties is governed by such third party’s privacy policy. You are encouraged to carefully review such third party privacy policies before using such features.
Our Service is not directed to children, and we do not knowingly process personal information from them. If we learn that we have collected personal information online from a child or an adolescent under age threshold of parent consent required by local laws(normally, the age threshold is 13, but it may vary in certain countries or regions), we will promptly delete that information. If you believe that we processed Personal Information about or collected from a child without parent consent, please contact us by sending email to [cqcuyi2024@gmail.com].
Our Privacy Policy may be amended or updated.
● Without your explicit consent, we will not reduce the rights you are entitled to under this Privacy Policy. We will post any changes to this Privacy Policy on this page.
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
For general inquiries: [cqcuyi2024@gmail.com]
For privacy-specific requests and to contact our Data Protection Officer (DPO): [cqcuyi2024@gmail.com]
Legal Entity:[Chongqing Cuyi Technology Co., Ltd][No. 62, Biyun Street, Xiannüshan Subdistrict, Wulong District, Chongqing, Room 1-101
]