Privacy Policy

Account Information

When you create an account, we collect:

• Email address
• Display name / username
• Avatar (if provided)
• Authentication data (managed by Supabase Auth)

Billing Information

When you subscribe to a paid plan, payment information is collected and processed directly by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. We receive from Stripe your Stripe Customer ID, subscription status, and billing period information.

Usage Data

We collect data about how you use our Services, including:

• Generation prompts and parameters (model, dimensions, steps, etc.)
• Credit usage and transaction history
• Generation history metadata (timestamps, status, cost)
• Community interactions (likes, public posts)

Technical Data

We automatically collect certain technical information:

• Browser type and version
• Device type (mobile or desktop)
• IP address (for rate-limiting and security)
• Page visit timestamps

Third-Party Login Data

When you sign in using a third-party account (such as Google), we may receive certain information from that provider, such as your email address, display name, and profile picture. You can review and adjust what data is shared through that provider's privacy settings.

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process your subscription payments and manage credit balances
• Send you service-related communications (billing receipts, account updates)
• Enforce our Terms of Service and Acceptable Use policies
• Detect and prevent fraud, abuse, and security incidents
• Generate aggregated, anonymised analytics to improve the Platform

We do not sell your personal information to third parties. We do not use your generation prompts to train AI models.

We use the following third-party services to operate our Platform:

Each third-party service has its own privacy policy. We encourage you to review their policies for details on how they handle your data.

We respect your privacy and do not sell your personal information. We may share your information in the following limited circumstances:

• Service providers: We share data with the third-party services listed above (Supabase, Stripe, Cloudflare R2, Runware) solely to operate and provide the Platform.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or government request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change.
• Safety and security: We may share information when we believe disclosure is necessary to protect the rights, safety, or property of our users or the public.

We do not serve third-party advertisements on our Platform. We do not share your personal information with advertisers or ad networks.

• Account data is retained for as long as your account is active, and for up to 30 days after deletion.
• Generation history is retained for as long as your account is active. You may delete individual generations at any time.
• Generated media stored in Cloudflare R2 is retained until you delete it or your account is closed.
• Billing records are retained as required by tax and accounting regulations (typically 7 years).

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your personal data (right to be forgotten)
• Export your data in a portable format
• Object to or restrict certain processing activities

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions (such as billing records we are legally required to retain).
• Right to Opt-Out of Sale: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioural advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at [email protected] with the subject line "California Privacy Request." We will verify your identity and respond within 45 days.

You may also designate an authorised agent to submit requests on your behalf. We may require proof of authorisation before processing such requests.

We use essential cookies and local storage to maintain your authentication session, theme preference, and sidebar state. We do not use third-party advertising or tracking cookies.

We take reasonable precautions to protect your personal information. Our security measures include:

• Row Level Security (RLS) policies on all database tables
• JWT-based authentication for API access
• HTTPS encryption for all data in transit
• Secure, hashed password storage (managed by Supabase Auth)

No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please report it to [email protected].

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our Platform. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: [email protected]