AI retro graduation photo app generator raise privacy concerns

Data security concerns grow amidst the app’s rising fame


At a glance

  • Epik AI Photo Editor collects user information, including but not limited to nicknames, profile images, user content like photos and facial scans, in-app purchase information, location information, behavioral advertising information, and face recognition data, even when the application runs in the background. The collection of such extensive data raises concerns regarding potential misuse or unauthorized access to sensitive user data.

  • The app engages with multiple third-party service providers and advertising networks, allowing the sharing or disclosure of both personally identifiable and non-personally identifiable information. The application permits the sharing of any information users provide to other users via the application and has disclosed varied categories of personal information to third parties in the preceding 12 months.

  • The collected data, coupled with sharing practices, can potentially be used to create comprehensive user profiles, heightening fears about user privacy and the exploitation of personal data for marketing or other malicious purposes. The combination of metadata, face recognition data, and other collected information can provide detailed insights into users’ identities and preferences, posing risks of exploitation.

  • Epik AI assures that it permanently deletes facial image data within three years of the last interaction or sooner if the initial purpose for collection no longer exists. However, even with this assurance, the application may retain other user information as required by law or for business purposes, thus prolonging concerns about data security.

  • The rise in popularity of such applications necessitates a comprehensive reevaluation of legal frameworks to safeguard user interests and protect them from unwarranted intrusions and exploitations of their personal information. Users must be vigilant about the permissions they grant and thoroughly review privacy policies to make informed decisions regarding app usage, balancing the conveniences against the potential risks associated with extensive data collection and sharing.


Epik AI Photo Editor recently gained significant traction for its ability to generate 90s-style graduation photos using Artificial Intelligence (AI). However, amidst its soaring popularity, I have concerns about user privacy and data security due to its information sharing and disclosure practices, as mentioned in the app's privacy policy.

385423326_271783005765127_4204846717879415515_n.jpg
Photo grabbed from the Epik Ai app.

 

The application employs many third-party service providers to aid in its functionalities, encompassing business analytics, marketing, and other varied services. According to the app's privacy policy, these service providers are granted limited access to user information, including user content, to accomplish tasks on Epik AI's behalf. However, their access to sensitive user information has sparked concerns over potential misuse or unauthorized disclosure of personal data.

Additionally, the application engages with third-party advertising networks, potentially allowing the sharing or disclosure of non-personally identifiable, aggregated, and device-level information with unaffiliated partners and third parties, including advertising networks. The provided information may include anonymous usage data, platform types, number of clicks, and location data, among other things. This practice has heightened fears about user privacy and the exploitation of personal data for marketing purposes.

Notably, the application permits the sharing of any information users provide to other users via the application. This provision means that users acknowledging and agreeing to this policy can be contacted via the application, introducing another layer of potential intrusion and unwarranted communications.

In the event of business transfers and affiliations, user information may be shared with companies or organizations connected or affiliated with SNOW, the parent company of Epik AI. The data can also be transferred to an affiliate, a subsidiary, or a third party in cases such as reorganization, merger, sale, joint venture, assignment, transfer, or other dispositions of all or any portion of SNOW's business, assets, or stock, even during bankruptcy or similar proceedings.

Epik Ai also admits to having sold or disclosed varied categories of personal information to one or more third parties in the preceding 12 months. This information encompasses identifiers like real names, aliases, postal addresses, telephone numbers, online identifiers, internet protocol addresses, and email addresses. The disclosure extends to the internet and other electronic network activity information, including browsing history, search history, interaction with websites, applications, or advertisements, and sensory information.

Users can update or correct information through the User Account settings within the application. They can also deactivate their accounts by deleting the application, but the app may retain their information as required by law or for business purposes. Moreover, users can opt out of receiving promotional communications and can limit ad tracking on their devices to avoid interest-based advertising.

The considerable sharing and disclosing practices by Epik Ai have ignited debates on user privacy, data security, and the ethical implications of information sharing in the modern digital age. The rising popularity of such applications calls for a comprehensive assessment and a reevaluation of legal frameworks to safeguard user interests and protect them from unwarranted intrusions and exploitations of their personal information.

What data does Epik AI collect?

According to its privacy policy, Epik AI Photo Editor collects personal information provided by users and obtained through automatic data collection technologies. As a cybersecurity advocate, I have to ask questions about the implications of data accumulation for my confidentiality and personal security.

According to its privacy policy, Epik AI Photo Editor collects information directly provided by users when they download, register, or use the application. This includes users’ Nicknames, Profile images, bio, profile images, user content like photos and facial scans, and customer service interactions.

Beyond willingly provided information, Epik AI also employs technology to automatically collect in-app purchase information, analytics, location information, behavioral advertising information, log information, metadata, face recognition data, device and usage information, and local storage data, even when the application runs in the background.

The extent of information collected by Epik AI makes me think about the potential misuse or unauthorized access to sensitive user data. Metadata and face recognition, which include facial marks and analysis results of facial features, can provide detailed insights into users’ identities and preferences. Although Epik AI states that it does not use such information to identify a specific person, the extent of collected data can potentially be exploited.

Location information collection, enabled by user consent, may allow the app to determine users’ precise locations, posing an elevated risk if this data is mishandled or accessed by malicious entities.

What concerns me more is that Epik AI's sharing user information with third-party companies for advertising and analytics is another cause for concern. These companies utilize cookies, pixels, and similar technologies to collect non-personally identifiable information. However, coupled with the other information collected by Epik AI, it could create comprehensive user profiles that might be exploited.

Epik AI assures users that it permanently deletes facial image data within three years of the last interaction or sooner if the initial purpose for collection no longer exists. While this offers some solace, users must understand the ramifications of such extensive data collection.

Users can restrict the collection of some information by modifying their device settings and opting out of interest-based or personalized advertising. However, these measures only partially eliminate the risks of collecting other sensitive information.

If you are a fan of any apps that collect user information, be vigilant about the permissions you grant to these apps and the information you share, considering the potential dangers associated with data collection by apps like Epik AI Photo Editor. I believe the National Privacy Commission (NPC) needs to scrutinize the data collection practices of such applications to ensure user privacy and data security.

It remains crucial for users to thoroughly review privacy policies and make informed decisions about the apps they use, weighing the benefits against the potential risks associated with information collection and sharing.