Privacy Policy

Part 1: Introduction

1.1 Policy Purpose

This Privacy Policy (the "Policy") is intended to clarify our commitment to protecting your privacy rights. We recognize the importance of your personal information and will strive to keep it secure and reliable. This Policy will detail how we collect, use, store, share, and protect your personal information, as well as how you can manage it.

This Policy applies to all user information collected and processed through our website, applications, and all related image generation services (collectively, "our Services"). By using our Services, you acknowledge that you have read, understood, and agreed to this Policy and its updated versions from time to time.

1.2 Key Terms

To help you better understand this Policy, the following key terms are defined as follows:

Personal Information: Refers to any information recorded electronically or otherwise that can, alone or in combination with other information, identify a specific natural person or reflect their activities, such as email addresses, user credentials, etc.
User Content: Refers to all content that you upload, create, generate, or otherwise provide while using our Services. This primarily includes:
- Input Content: The original materials you upload to use the image generation feature, including but not limited to photos, sketches, designs, and other forms of image files.
- Output Content: The images and related data generated by our Services based on your Input Content.
Usage Data: Refers to information automatically collected related to your use of the Services when you interact with them. This may include non-personally identifiable information about the time, frequency, and duration of your visits, the features you use, and performance metrics.

Part 2: Information We Collect

To provide, maintain, and improve our Services, we collect the following types of information:

2.1 Information You Provide Directly

Account Information: When you register for an account, we collect your username, email address, and securely store your encrypted password. We use this information to create and manage your account and to communicate with you about account-related matters.
Payment Information: When you choose to use our paid services, all payment transactions are processed by secure third-party payment processors (e.g., Stripe or PayPal). We do not directly store, process, or control your full payment card information. We only receive the necessary information to confirm payment status and manage your subscription, such as transaction confirmation notices and subscription validity periods.
User Content: We collect and store the "Input Content" you submit and the "Output Content" generated by the service. This is necessary to perform the core functions of our service. We process this content to respond to your requests and provide you with image generation services.
Communications Information: When you contact us for customer support, provide feedback, or for other communications via email, support forms, or other means, we collect the information you provide in your communications, including your contact details and the content of your messages, so that we can respond to your inquiries and improve our services.

2.2 Information We Collect Automatically

To enhance service quality and ensure the secure and stable operation of our services, we automatically collect certain technical information:

Usage and Log Data: When you access and use our Services, our servers automatically record certain information. This log data may include your browser type, operating system, referring/exit pages, date and time stamps, clickstream data, feature usage frequency, and task metadata (e.g., image generation resolution, model version used, but not the image content itself). This information helps us analyze service usage trends, troubleshoot issues, and optimize the user experience.
Device Information: We may collect information about the device you use to access our Services, such as the device model, operating system version, and unique device identifiers. This information helps us ensure compatibility and performance across different devices.
Cookies and Similar Technologies: We use cookies and similar tracking technologies (like web beacons) to provide and improve our Services. Cookies are small text files stored on your device. We primarily use the following types of cookies:
- Essential Cookies: Crucial for the operation of our Services, such as for user authentication and session management.
- Functionality Cookies: Used to remember your preferences (like language selection) to provide a more personalized experience.
- Analytics Cookies: Help us understand how users interact with our Services by collecting usage data, allowing us to evaluate and improve service performance.
You can manage your cookie preferences through your browser settings. Please note that if you choose to disable cookies, some features of our Services may be affected or may not function properly.

Part 3: How We Use Your Information

We strictly adhere to legal regulations and our agreements with users, using the information we collect for the following purposes:

3.1 To Provide and Maintain the Services

Account Management: To create, maintain, and secure your account, ensuring you can access and use our services smoothly.
Core Functionality: To process your "Input Content" to generate "Output Content." This is fundamental to the operation of our service and necessary to respond to your service requests.
Payment and Subscription Processing: To manage your subscription plan, process payment transactions, and send you relevant billing information.
Customer Support: To use your communication and account information to respond to your inquiries, requests, and feedback, providing you with timely technical support.

3.2 To Improve and Optimize the Services

AI Model Training: We solemnly promise that we will never use your "Input Content" or "Output Content" to train or improve our AI models. Your creative content belongs solely to you, and we respect and protect your intellectual property and privacy.
Service Analytics: We analyze anonymized, aggregated "Usage Data" to understand how users interact with our services, identify usage trends, and evaluate feature effectiveness, thereby continuously optimizing product design, enhancing user experience, and improving service performance.

3.3 For Security and Compliance

Security Assurance: To monitor service usage to detect and prevent potential fraud, abuse, security vulnerabilities, or other harmful activities, protecting you, other users, and our platform.
Legal Compliance: Where required by applicable laws and regulations, we may use or disclose your information to comply with legal obligations, respond to court orders, or lawful requests from government authorities.

3.4 For Communication and Marketing

Service Notifications: We will use your contact information to send you important service-related notifications, such as service interruptions, account security alerts, billing reminders, and significant updates to this policy. These notifications are an essential part of the service, and you generally cannot opt-out of them.
Marketing Communications: Only with your explicit prior consent will we send you marketing information about new products, feature updates, special offers, and more. For such communications, we will always provide a clear and easy-to-use "Opt-out" option, allowing you to unsubscribe at any time.

Part 4: How We Share and Disclose Information

We are obligated to keep your information confidential and will not provide your personal information to third parties, except in the following circumstances:

4.1 No Sale of Personal Information

We solemnly promise that we will never sell, rent, or otherwise trade your personal information to any third party for commercial gain.

4.2 Third-Party Service Providers

To operate and maintain our services, we may share necessary information with trusted third-party service providers. We will only share your information for lawful, legitimate, necessary, specific, and explicit purposes as described in this policy, and only share the information necessary to provide the services. These providers include:

Cloud Infrastructure Providers: We use cloud service providers such as Amazon Web Services (AWS), Google Cloud, or Cloudflare to host our applications, store data (including your User Content), and perform computational tasks.
Payment Processors: We partner with payment processing companies such as Creem, Stripe, or PayPal to securely process your subscription payments.
Data Analytics Tools: We may use analytics tools such as Google Analytics to help us understand service usage so we can improve our product.
Customer Support Platforms: We may use customer service platforms such as Zendesk or Intercom to manage and respond to your support requests.

We have signed strict data processing agreements with all third-party service providers, requiring them to adhere to confidentiality obligations, take adequate security measures to protect your information, and prohibiting them from using your information for any other purpose.

4.3 Legal Requirements and Business Transfers

Legal Compliance: We may disclose your information in response to a legally binding request, such as a subpoena, court order, or legal process. Before disclosure, we will assess the legality and necessity of the request.
Business Transfers: If we undergo a transaction such as a merger, acquisition, asset sale, or reorganization, your personal information may be transferred as part of the company's assets. In such cases, we will notify you via email or a prominent notice on our website of any change in ownership or control, as well as any choices you may have regarding your personal information.

4.4 With User Consent

Beyond the situations described above, we will seek your explicit consent before sharing your personal information with any other third party.

Part 5: Data Storage, Retention, and Security

5.1 Data Storage Location

Our services are built on leading global cloud infrastructure. Your personal information and User Content are primarily stored and processed by third-party cloud service platforms, Supabase and Cloudflare; we do not store your data on local servers. The servers of these platforms may be located outside of your jurisdiction, for example, in the United States. When we conduct such cross-border data transfers, we will ensure that your information receives the same stringent level of protection as it would in your home country and comply with relevant legal requirements, including the General Data Protection Regulation (GDPR) and the Personal Information Protection Law (PIPL).

5.2 Data Retention Period

We retain your personal information only for the period necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. The specific retention periods are as follows:

Account Information: We will retain your account information as long as your account remains active. If you choose to delete your account, we will permanently delete or anonymize your account information within a reasonably necessary period (e.g., to handle final billing or respond to legal requirements).
Input Content: We value your privacy. Your Input Content is only processed temporarily for the time required to perform the image generation task, and we do not store it permanently. After the task is completed, the relevant input content will be automatically deleted from our active systems within the same day.
Output Content: We do not save your Output Content. You can download the results immediately after generation. Once you close or refresh the page, unsaved Output Content may not be recoverable.
Usage Data: We may retain anonymized and aggregated Usage Data for long-term service performance analysis and trend research. This data can no longer be associated with you personally.

5.3 Data Security Measures

We are committed to protecting the security of your information and have implemented industry-standard technical and organizational measures to do so:

Data Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Data at rest is also protected with strong encryption measures.
Access Control: We implement strict internal access control policies to ensure that only authorized employees can access your personal information on a need-to-know basis to perform their job duties, and we continuously monitor and audit such access.
Security Audits: We regularly conduct internal security assessments and external vulnerability scans to identify and remediate potential security risks.
Incident Response Plan: We have established a data security incident response plan. In the unfortunate event of a personal information security incident, we will, as required by law, promptly inform you and activate our emergency plan to take remedial measures to minimize the impact on you.

Part 6: Your Rights and Choices

We respect your control over your personal information. Under applicable law, you have the following rights:

6.1 Your Rights

Right of Access: You have the right to access the personal information and User Content we hold about you. You can view your primary information through your account settings.
Right to Rectification: If you believe the personal information we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can usually modify your profile directly in your account settings.
Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal account and all associated data. Once deleted, all your information and content will be unrecoverable.
Right to Opt-out: You have the right to opt-out of receiving our marketing communications at any time. Every marketing email we send includes an "unsubscribe" link. As promised earlier in this policy, we do not use your User Content for AI model training, so you do not need to opt-out of this.
Right to Data Portability: You have the right to request a copy of your personal data that we hold, which we will provide in a commonly used, machine-readable format.

6.2 How to Exercise Your Rights

You can manage some of your information and preferences directly by logging into your account settings page. For requests such as correction, deletion, access, or obtaining a copy of your data, or if you encounter any difficulties in exercising your rights, please contact us at:

Email: [email protected]

To protect your account security, we may ask you to provide additional information to verify your identity before processing your request. We will respond within a reasonable timeframe after receiving your request and completing identity verification.

Part 7: Children's Privacy

Our Service is not directed to children under the age of 13 (or a higher age as required by the law in your jurisdiction, such as 16 in the European Economic Area). We do not knowingly collect any personal information from children in this age group. If we discover that we have inadvertently collected personal information from a child, we will immediately take steps to delete that information from our records. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us immediately using the contact details provided at the end of this policy so that we can take the necessary deletion action.

Part 8: International Data Transfers

To provide you with our Service, your personal information may be transferred to, stored on, or processed on servers located outside of your country or jurisdiction, where data protection laws may differ from those in your region. In particular, our Service relies on a globally distributed cloud infrastructure (such as that provided by Supabase and Cloudflare), which means your data may be transferred globally.

When we conduct such international data transfers, we are committed to taking all reasonable and necessary measures to ensure that your data receives the same level of protection as described in this Privacy Policy. We will secure your information in accordance with applicable data protection laws by implementing appropriate safeguards, such as using the Standard Contractual Clauses (SCCs) approved by the European Commission as a legal basis for data transfers, or ensuring that the recipient is located in a country deemed to provide an adequate level of data protection.

Part 9: Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our service practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated Privacy Policy, and you will be notified by revising the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

For material changes, we may notify you in a more prominent manner, such as by sending a notice to the email address you have provided or by posting a conspicuous notice on our service website.

Part 10: Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us through the following means:

Email: [email protected]

We will do our best to respond to your request in a timely manner.