Last updated: July 2026
The short version: no accounts, no names, no emails. Photos you choose are uploaded only to be processed and are automatically deleted from our servers within 72 hours. They are never used to train AI models, never sold, and never shared beyond the processing described below.
It Was Never You (“the app,” “we,” “us”) is an iOS app that replaces one person with another in photos you select from your library (“reCasting”). Contact: support@itwasneveryou.app.
Photos are processed on our servers using Google’s Gemini API to generate the reCast results. Photo data is sent to Google for that processing under Google’s API terms, which for paid API usage exclude the use of your data to train Google’s models. No other third parties receive your photos.
Before upload, every selected photo is screened on your device for nudity and sensitive content, using Apple’s Sensitive Content Analysis and a bundled on-device classifier. Flagged photos are excluded by default and stay on your phone; if you explicitly choose to include one anyway, it remains subject to the same server-side safety checks during processing. Additionally, our processing refuses requests where the person being replaced appears to be a young child (under 13).
Only reCast photos of yourself or people who have agreed. You are responsible for the content you process and for how you use the results.
Because we hold no identifying information, most data requests are satisfied automatically by the 72-hour deletion cycle. If you want your anonymous device record and credit ledger deleted, email support@itwasneveryou.app from within the app’s Settings → Support (which includes your anonymous device ID) and we will delete them. Depending on where you live (e.g. the EU/EEA, UK, or California), you may have additional statutory rights to access, correct, or delete personal data.
The app is not directed at children and is rated for adult audiences. Processing refuses requests that appear to involve minors as the replaced person.
All transfers use TLS. Server-side data is stored on infrastructure in the EU with access limited to the operator. Photos are stored only transiently, as described above.
We’ll post any changes to this policy on this page and update the date above. Material changes will be noted in the app.