Remini
Bending Spoons
Good disclosure · High confidence
A GDPR-grounded policy that trains on user images only with explicit opt-in, names standard contractual clauses, and gives a full rights flow, though its own retention figures contradict each other (1, 14, and 15 days).
What the policy says
Training is opt-in for user content
User photos feed model training only in the narrow case of "user-provided images where users have explicitly opted in to model training," which keeps Remini off the train-by-default ceiling.
Short but self-contradictory media retention
The retention section says uploaded "images, videos and audio-recordings" are deleted "after 1 day," yet the purposes section says the same media is deleted "after 15 days" and unauthenticated users' media "after 14 days." All three fall in the short-retention band, but the policy contradicts itself.
Full GDPR rights with an in-app mechanism
Access, rectification, erasure, restriction, portability, object, and withdraw-consent are all enumerated and exercisable via "Tap Send a Privacy Request" inside the My Account area.
Silent on biometric and breach handling
Despite processing images "often of people" for face transformations, there is no biometric-specific governance clause and no breach-notification commitment anywhere in the policy.
Details
- Category
- Image & video
- Modalities
- image
- Processes biometrics
- Yes
- Policy last updated
- 2026-01-20
- Region scored
- Global / US-default
- Assessed
- 2026-06-20
Every grade scores what an app discloses about its data governance in its public privacy policy and terms, not its verified behaviour. A strong policy can hide weak practice, and a thin policy can hide good practice.