Privacy Policy
Last updated: June 2026 · Applies to the Chameleon Android app by CristaLabs
Introduction
This Privacy Policy explains how Chameleon, the Android app published by CristaLabs, collects, uses, and protects your information. Chameleon shares its account system and AI processing backend with cristalabs.com, so this policy works alongside, and is consistent with, our main website Privacy Policy.
By installing or using Chameleon, you agree to the practices described here. We never sell, trade, or misuse your personal information.
Accounts & Sign-In
Chameleon offers three ways to sign in:
- Google Sign-In — we receive your name, email, and profile picture from Google. We never see your Google password.
- Email & password — new accounts are verified with a 4-digit code emailed to the address you sign up with, so accounts can’t be created using an email you don’t own. Each account is also assigned a unique, editable username.
- Password reset — handled with a 6-digit code emailed to your account address, valid for 10 minutes and limited to 5 attempts.
We do not collect your phone number, government ID, or any sensitive personal information unless you choose to provide it (for example, in a support message).
Photos You Upload
When you use the Image Enhancer, Object Remover, or Background Remover, the photo you select is uploaded securely to our servers for processing and the result is sent back to your device.
We never use your photos to train AI models, and we never share them with any third party outside the processing pipeline described below.
Information We Collect
Beyond account details and the photo you’re actively editing, Chameleon collects:
- Credit balance and usage (so the app can show how many free/bought credits you have)
- Basic device and app diagnostics, used only to keep the app stable
- Any message you send us through “Report a problem”, along with the email you provide
We do not access your contacts, location, call logs, or any other app on your device.
Where Your Data Lives
Chameleon is built on Firebase (Google Cloud) for accounts, credit balances, and temporary photo storage, and uses RunPod for the AI processing itself. Both are reputable infrastructure providers bound by their own security and privacy commitments; we only send them the minimum data needed to do their job.
Enhanced photos you keep in the app’s “Recents” are stored locally on your device only, and automatically expire after 24 hours.
App Permissions
Chameleon requests the following Android permissions, and only for the reason stated:
- Photos / media access — to let you pick an image to edit. We never scan or upload your full photo library — only the image you choose.
- Internet access — required to upload photos for processing and sign you in.
Chameleon does not request camera, microphone, contacts, or location permissions.
Children's Privacy
Chameleon is designed to be safe and accessible for all ages, with no adult, violent, or otherwise inappropriate content. We do not knowingly collect personal information from children beyond what’s required to create an account.
If you believe a child has submitted personal data to us, please contact us and we will promptly delete it.
Data Security
All traffic between the app and our servers is encrypted with HTTPS/TLS. Passwords are never stored or transmitted in plain text — they’re hashed by Firebase Authentication, and OTP codes (signup and password reset) are time-limited and attempt-limited to prevent abuse.
No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security — but we design every flow to minimize what could go wrong.
Your Rights
You have the right to:
- Access the data we hold about your account
- Correct your display name, username, or profile picture at any time in-app
- Request deletion of your account and associated data
- Request a copy of your data
To exercise any of these rights, contact us at the email below.
Policy Changes
We may update this Privacy Policy as Chameleon evolves. Material changes will be reflected here with an updated date, and significant changes will be announced in-app or on cristalabs.com.
Contact Us
Questions or requests about this Privacy Policy or your data in Chameleon:
EMAIL ADDRESS
admin@cristalabs.comYou can also reach us from inside the app via “Report a problem”. We aim to respond within 48 hours.
