<- Back to home

Privacy Policy

Last updated: March 2026

1. Data Controller

PhotoAI is the data controller for your personal data. You can contact us at hel8rubbusiness@gmail.com.

2. Data We Collect

We collect the following data:

  • Account data: name, email address, and password (securely stored using hashing).
  • Uploaded images: product photos you upload for processing.
  • Payment data: fully processed by Stripe. We do not store card data.
  • Usage data: number of generations, credits consumed, and activity logs.
  • Technical data: IP address, browser type, and session cookies.

3. Purpose of Processing

We use your data to:

  • Provide the AI image generation service.
  • Manage your account and associated credits.
  • Process payments through Stripe.
  • Send service-related communications (updates, credit alerts, etc.).
  • Improve the platform through aggregated usage analysis.

4. Legal Basis

Processing is based on performance of the service contract you accept when registering, and on legitimate interest for platform improvement and security.

5. Service Providers

We share data with the following third parties only to provide the Service:

  • Supabase: user database and authentication.
  • Stripe: payment processing.
  • Replicate: AI models for image generation. Images are processed temporarily and are not retained.

6. Data Retention

We keep your data while your account remains active. Uploaded images are stored so you can access your results. You may request deletion of your account and data at any time.

7. Your Rights

You have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your account and data.
  • Portability: receive your data in a structured format.
  • Objection: object to processing for marketing purposes.

To exercise these rights, email us at hel8rubbusiness@gmail.com.

8. Cookies

We use strictly necessary cookies for authentication and session maintenance. We do not use tracking cookies or third-party advertising cookies.

9. Security

We apply appropriate technical and organizational measures to protect your data: encryption in transit (TLS), secure password storage, and restricted access to production data.

10. Changes to this Policy

We may update this policy occasionally. We will notify significant changes by email. The last updated date always appears at the beginning of this document.