RookiePixRookiePix Back to App

Privacy Policy

Last updated: April 13, 2026

In short: RookiePix uses AI to process the facial features in your uploaded photo to generate a custom sports card. We collect only what we need, we don't sell your data, and you can delete your account and data at any time. Read below for the full details.

1. Who We Are

RookiePix Inc. ("RookiePix," "we," "us," or "our") operates the RookiePix platform at rookiepix.com, an AI-powered service that transforms photos into professional-quality sports trading cards.

Privacy Officer: For all privacy-related inquiries, contact us at privacy@rookiepix.com.

2. Information We Collect

We collect the following categories of information:

a) Information You Provide

  • Account information: Email address, name (optional), and password when you register.
  • Google Account data: If you sign in with Google, we receive your Google account email address, display name, and profile picture URL from Google Identity Services. We do not receive or store your Google password.
  • Uploaded photos: Images you upload for card generation.
  • Player details: Player name, sport, team, jersey number, position, and other details you provide for the card.

b) Information Collected Automatically

  • Session data: A randomly generated session identifier stored in your browser.
  • Device information: Browser type, operating system, and device category (mobile, desktop, tablet).
  • Network information: IP address and approximate geographic location (country and region) derived from your IP.
  • Usage data: Pages viewed, features used, and timestamps of your interactions.

c) Information Generated by Our Service

  • AI-generated content: Card images, player statistics, and biographical text created by our AI models.
  • Photo analysis: Quality scores, face detection results, and content assessments generated when you upload a photo.

3. Sensitive Data — Facial Features & Biometric Processing

This is important: When you upload a photo, our AI analyzes and processes the facial features in the image to generate a custom sports card. Under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), the processing of facial features constitutes Sensitive Personal Information and/or Special Category Data.

We process this data solely to provide the card generation service you request. We do not use your facial data for surveillance, identification, or profiling. We do not build facial recognition databases. We do not use your photos to train AI models.

You must provide explicit consent before uploading any photo. This consent is collected through a mandatory consent prompt that appears before your first upload.

4. How We Use Your Information

  • Service delivery: Processing your photo and generating sports card imagery and content.
  • Account management: Creating and maintaining your account, authenticating your sessions (including via Google Sign-In).
  • Platform improvement: Aggregated, anonymized analytics to understand usage patterns and improve performance. We do not use individual-level data for this purpose.
  • Security & abuse prevention: Detecting and preventing fraudulent, abusive, or unauthorized use of the platform.
  • Legal compliance: Responding to lawful requests from authorities and enforcing our Terms of Service.

We do not use your information for marketing, advertising, behavioral profiling, or selling to third parties.

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:

  • Explicit Consent (Article 9(2)(a)): For processing facial features in your uploaded photos. You provide this consent before each upload session through our consent prompt.
  • Performance of a Contract (Article 6(1)(b)): For processing account data and delivering the card generation service you requested.
  • Legitimate Interest (Article 6(1)(f)): For platform security, abuse prevention, and aggregated analytics. We have assessed that these interests do not override your fundamental rights and freedoms.

You may withdraw your consent at any time by deleting your account or contacting us at privacy@rookiepix.com. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

6. Data Sharing & Third Parties

We share your data only with the following service providers, solely to operate the platform:

ProviderPurposeData Shared
Google (Gemini AI)AI image and text generationUploaded photos, player details
Google Identity ServicesGoogle Sign-In authenticationGoogle ID token (verified server-side; see Section 7)
Microsoft AzureCloud hosting and file storageUploaded photos, generated images
SupabaseDatabase hostingAccount data, session data, generation records

We do not sell, rent, or trade your personal information to any third party for any purpose. We do not share data with advertisers or data brokers.

7. Google Account Data & Limited Use Disclosure

Google API Services User Data Policy: RookiePix's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

a) What Google Data We Access

When you choose to sign in with Google, we request access to the following scopes via Google Identity Services:

  • Email address (email) — used to create or link your RookiePix account.
  • Basic profile information (profile) — your display name and profile picture URL, used to personalize your account.

We receive this data via a Google ID token, which is verified server-side. We never receive or store your Google password, access token, or refresh token.

b) How We Use Google Data

Data obtained from Google APIs is used exclusively for the following user-facing features that are prominent in the RookiePix application:

  • Account creation and authentication: Your Google email is used as your account identifier so you can sign in without creating a separate password.
  • Profile display: Your name and profile picture are displayed in the app header and account settings so you can identify your logged-in account.

We do not use Google user data for any other purpose, including advertising, analytics, market research, or any purpose unrelated to delivering the RookiePix service to you.

c) How We Store Google Data

Your Google email address, display name, Google account identifier, and profile picture URL are stored in our database alongside your RookiePix account record. This data is protected by the same security measures as all other account data (encrypted connections, access controls, and secure cloud hosting). You can request deletion of this data at any time by deleting your account or contacting us.

d) Limited Use Compliance

RookiePix complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Limited to user-facing features: We only use Google user data to provide or improve user-facing features that are prominent in the RookiePix interface (account sign-in and profile display).
  • No unauthorized transfers: We do not transfer Google user data to any third party except: (a) to provide the RookiePix service with your consent; (b) for security purposes such as investigating abuse; (c) to comply with applicable laws; or (d) as part of a merger, acquisition, or sale of assets with your explicit prior consent.
  • No human access without consent: RookiePix employees, agents, and contractors do not read your Google user data unless: (a) you have given affirmative consent to view specific data; (b) it is necessary for security purposes (e.g., investigating a bug or abuse); (c) it is necessary to comply with applicable law; or (d) the data is aggregated, anonymized, and used for internal operations in accordance with applicable privacy requirements.
  • No advertising or profiling: We do not transfer, sell, or use Google user data for serving ads (including retargeting, personalized, or interest-based advertising), for determining credit-worthiness, or for lending purposes.
  • No sale to third parties: We do not sell or transfer Google user data to third parties such as advertising platforms, data brokers, or information resellers.
  • Organizational compliance: We ensure that all employees, agents, contractors, and successors comply with this Google API Services User Data Policy.

8. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

Data TypeRetention Period
Uploaded photos (anonymous users)24 hours after card generation completes
Uploaded photos (registered users)30 days after last access, or upon account deletion
Generated card images (anonymous)7 days after generation
Generated card images (registered)While your account is active; deleted upon account deletion
Account data (including Google profile data)Until you request deletion
Activity logs90 days, then deleted or anonymized
Anonymous session data24 hours (no generations) or 30 days (with generations)

When data is deleted, we remove both the database records and any associated files from our storage systems. This includes all Google account data linked to your profile.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data. We will delete your account, uploads, generated content, and associated records.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw your consent for biometric processing at any time. This will prevent future uploads but does not affect prior processing.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority.

CCPA/CPRA (California): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at privacy@rookiepix.com.

PIPEDA (Canada): You have the right to access your personal information, challenge its accuracy, and withdraw consent. Our designated Privacy Officer can be reached at privacy@rookiepix.com.

To exercise any of these rights, email us at privacy@rookiepix.com. We will respond within 30 days (or sooner as required by applicable law).

10. International Data Transfers

RookiePix is operated from Canada. Your data may be processed in Canada and the United States, where our cloud infrastructure providers (Microsoft Azure, Google Cloud, Supabase) maintain servers. If you are located in the EEA or UK, these transfers are protected by Standard Contractual Clauses approved by the European Commission and/or by the service providers' adherence to recognized data protection frameworks.

11. Children & Age Requirements

RookiePix is intended for use by adults (18 years of age and older). While the sports cards we generate may feature young athletes, the platform is designed for parents, guardians, and coaches — not for children to operate directly.

By using RookiePix, you confirm that you are at least 18 years old. We do not knowingly collect personal information from individuals under 18. If we discover that a user is under 18, we will promptly delete their account and all associated data.

If you are a parent or guardian uploading a photo of a minor, you represent that you have the legal authority to consent to the processing of that minor's image on their behalf.

12. Cookies & Tracking

RookiePix does notuse cookies for advertising, marketing, or third-party tracking. We store a session identifier and authentication token in your browser's local storage (not cookies) to keep you logged in and maintain your session. No data is shared with advertising networks. If we introduce analytics or marketing tools in the future, we will update this policy and implement a cookie consent mechanism before deploying them.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — particularly to how we process sensitive data or Google user data — we will notify you by displaying a prominent notice on the platform and, where required, requesting renewed consent. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

RookiePix Inc.

Privacy Officer

Email: privacy@rookiepix.com