Privacy Policy

Wallpaper Animator
Last updated: May 18, 2026

This privacy policy explains what data Wallpaper Animator ("the App") collects, how it is used, the legal bases on which we process it, and your rights regarding that data. The App is developed and operated by Fashtag s.r.o. (IČO: 21531854), Czech Republic ("we", "us"), which acts as the data controller under the EU General Data Protection Regulation (GDPR).

Lawful bases under GDPR Article 6. Depending on the purpose, we rely on:

• Performance of a contract — operating your account, processing purchases, generating and storing the content you request, and publishing community wallpapers.
• Legitimate interests — content moderation, debugging, environment and gallery analytics, and recommendation ranking. You can object to processing on this basis (see "Your Rights").
• Legal obligation — retaining purchase records under Czech tax and accounting law.

1. Data We Collect

Steam ID

When you log in, we verify your identity through Steam. Your Steam ID (a unique numeric identifier) is stored on our server to manage your account and energy balance. We do not collect your email, real name, or any other personal information from Steam. On each login we also call Steam's CheckAppOwnership API to determine whether you own the full game or are running the free demo; only this true/false flag is stored.

Session Cookie

We set a single session cookie (wa_session) to keep you logged in. It is HttpOnly (not accessible to scripts), expires after 30 days, and contains only a random token — no personal data.

Usage Data

We log the following events on our server to understand how the App is used and to improve the service:

• Authentication events
• Image and video generation requests, including the text prompts you provide and remaining energy balance
• Content moderation outcomes (whether a prompt or uploaded image was accepted or rejected, and the reason)
• Video generation failures (model errors, timeouts) and the model used
• Energy purchase events (package chosen, order status: initiated, declined, or finalized)
• Community wallpaper publishing, unpublishing, reporting, and deletion actions
• Community gallery search queries
• Card and view interactions in the gallery (clicks, view switches)
• Client-side error reports
• System environment on launch (OS, architecture, Linux distribution, desktop environment, session type) — used to triage compatibility issues
• Recommendation signals: which community wallpapers your client renders on screen (impressions) and how long each wallpaper is set as your active wallpaper (play sessions). These rank the community gallery by what users actually keep, not just what they click.
• In-app feedback submissions

Each event is associated with your Steam ID and a timestamp. We do not share this data with third parties.

Purchase Records

When you buy energy through Steam, we store a record of the transaction (Steam order ID, package, amount, status, timestamps) so we can grant the correct energy and reconcile payments with Steam. Payment is processed entirely by Steam — we do not receive or store your payment card details, billing address, or any financial information. Your IP address is passed to Steam as part of initiating the transaction, as required by their Microtransaction API.

Feedback

If you submit feedback through the App, we store your message alongside your Steam ID in our database so we can read, categorize, and (if needed) follow up via Steam. Feedback is not shared publicly.

Generated Content

Images and videos you generate are stored on our cloud storage (Tigris S3) under your Steam ID. If you publish a wallpaper to the community gallery, it becomes publicly visible at a Tigris URL.

Local Data

The App stores your wallpapers locally in your Steam Cloud folder or in ~/.wallpaper-animator/. A log file is written to ~/.wallpaper-animator/wallpaper-animator.log and overwritten each time the App launches.

2. Content Moderation

To enforce our content policy, the App sends prompts and uploaded images to an AI moderation model before generation:

• Text prompts (for image generation and image edits) are sent to OpenAI's GPT-5.4 model via OpenRouter to check for policy violations (NSFW content, violence, real people, copyrighted characters, political content, hate). Accepted prompts may be refined by the model before being passed to the image generation model.
• User-uploaded images used as the starting frame for video animation are sent to OpenAI's GPT-5.4 via OpenRouter for a lenient moderation check (rejects gore and obvious nudity). Images that were generated by the App, imported from the community gallery, or already moderated at creation time are not re-checked.
• Generated images are sent to OpenAI's GPT-5.4 via OpenRouter for a short scene description used to power semantic search in the community gallery.

Rejected prompts and images are not stored on our servers beyond the analytics log described above.

3. Third-Party Services

We use the following third-party services to provide the App's functionality. When you generate images or videos, your text prompts and reference images are sent to these services for processing. No personally identifying information (such as your Steam ID) is sent to AI providers.

• Steam Web API (Valve Corporation, USA) — to verify your identity during login and process energy purchases via the Steam Microtransaction API. Steam Privacy Policy
• OpenRouter (OpenRouter Inc., USA) — API gateway used to reach OpenAI's GPT-5.4 for prompt moderation, refinement, and image description. Prompts and reference images pass through OpenRouter to OpenAI. OpenRouter Privacy Policy
• OpenAI (OpenAI, L.L.C., USA) — provides GPT-5.4 (accessed via OpenRouter) for prompt moderation, refinement, and image description, and GPT Image 2 (accessed via fal.ai) for image generation and editing. OpenAI Privacy Policy
• fal.ai (Features & Labels Inc., USA) — hosts the image and video generation models we use: OpenAI's GPT Image 2 for stills, and either ByteDance's Seedance 1.5 Pro or Google's Veo 3.1 Fast for video. Prompts and reference images are uploaded to fal.ai for both image and video generation. fal.ai Privacy Policy
• ByteDance (ByteDance Ltd., Singapore / China) — author of the Seedance 1.5 Pro video model that we run via fal.ai. Whether and how ByteDance receives data is governed by fal.ai's arrangement with ByteDance.
• Google (Google LLC, USA) — author of the Veo 3.1 Fast video model that we run via fal.ai as an alternative to Seedance. Whether and how Google receives data is governed by fal.ai's arrangement with Google. Google Privacy Policy
• Tigris Object Storage (via Fly.io) — for storing generated images and videos in our EU storage region. Fly.io Privacy Policy
• Fly.io (Fly.io Inc., USA) — hosts our server and Postgres database in the EU (Frankfurt). Fly.io Privacy Policy

Several of these providers are based in the United States. By using the App, you acknowledge that your prompts and reference images may be processed in the United States and elsewhere outside the European Economic Area. We rely on the EU–US Data Privacy Framework or Standard Contractual Clauses, where applicable, as the legal basis for these transfers.

We may change or add AI providers in the future. This policy will be updated accordingly.

4. How We Use Your Data

• Steam ID: To identify your account, track your energy balance, distinguish demo from full-game users, and associate generated content and orders with your account.
• Usage data: To understand how the App is used and improve the service.
• Recommendation signals: Impressions and play-session dwell times feed the popularity ranking used to order the community gallery. They are not used to build a profile of you outside the App.
• Environment data: To triage compatibility issues and prioritize which operating systems and desktop environments we invest in.
• Prompts and images: Sent to the AI providers listed above to moderate and generate the content you requested. We do not train any AI models ourselves. How those providers handle prompts and images is governed by their own policies.
• Purchase records: To grant energy, reconcile transactions with Steam, and handle refund requests.
• Feedback: To improve the App and, where helpful, follow up with you via Steam.
• Community wallpapers: Displayed publicly in the community gallery when you choose to publish them.

5. Data Retention

• Account data: As long as your account exists; deleted within 90 days of a deletion request.
• Session cookies: 30 days.
• Usage and analytics data (including search queries, impressions, and play sessions): Up to 24 months, then deleted or aggregated into anonymous statistics.
• Purchase records: 10 years, as required by Czech tax and accounting law.
• Feedback: Up to 24 months, or until you request deletion.
• Generated content and community wallpapers: Until you delete them or your account is deleted.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access a copy of the data we hold about you.
• Rectify inaccurate data.
• Delete your account and associated data. Purchase records are retained until the statutory period under Czech tax law expires, then deleted.
• Port your data in a machine-readable format.
• Object to processing based on legitimate interests, including analytics and recommendation ranking. On request we will exclude your future events and delete or anonymize existing rows.
• Restrict processing while a dispute is being resolved.
• Lodge a complaint with the Czech Office for Personal Data Protection (uoou.cz) or your local supervisory authority.

To exercise any of these rights, contact us at the email address below. We respond within 30 days.

7. Data Security

Your data is stored on servers hosted by Fly.io in the EU (Frankfurt). All communication between the App and our server is encrypted via HTTPS. Session cookies are marked HttpOnly and Secure in production.

8. Children

The App is not directed at children. We do not knowingly collect data from users below the GDPR digital-consent age in their country (16 by default, 15 in the Czech Republic). Steam's own age restrictions also apply.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision.

10. EU Digital Services Act contact

For matters under the EU Digital Services Act (Regulation 2022/2065), including notices about illegal content in the community gallery, communications from authorities or recipients of the service, and inquiries about our content moderation:

Email: [email protected]
Postal: Fashtag s.r.o., Ivana Javora 3097/18, Boršov, 697 01 Kyjov, Czech Republic
Languages: English, Czech

We aim to respond to DSA-related communications within 14 days. When we remove community content you published, we record the reason for the removal and will provide it to you, together with information on how to contest the decision, on request via the channels above.

11. Contact

If you have questions about this privacy policy or want to exercise your data rights, contact us at:

Fashtag s.r.o. (IČO: 21531854)
Ivana Javora 3097/18, Boršov, 697 01 Kyjov, Czech Republic
Email: [email protected]