Privacy Policy

Welcome to AIFoto, an AI-powered image and video generation platform ("AIFoto," "we," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our AI image and video generation service (the "Service"), and your choices about the collection and use of your information.

Last Updated: September 29, 2025

If you do not want your information processed in accordance with this Privacy Policy, you should not use our Service. This policy applies to all users of the Service worldwide.

1. Information We Collect

1.1. Information You Provide Directly

Account Information: When you register for an account, we collect:

• Email address (for login and notifications)
• Display name or username
• Password (encrypted and stored securely)

Content Data: We collect content you create and upload:

• Original images you upload (automatically deleted after 7 days)
• AI-generated images and videos (automatically deleted after 30 days)
• Project parameters and generation settings
• Text prompts and descriptions for AI generation

Communication: We collect messages you send us through support channels or contact forms.

1.2. Information from Third-Party Services

Social Login: If you sign in through Google or other OAuth providers, we receive:

• User ID from the third-party service
• Email address and basic profile information
• Any information you've permitted the third party to share

Payment Information: Payment data is processed by Stripe (our payment processor):

• Billing address and payment method details
• Transaction history and subscription status
• We do not store your credit card information directly; all payment data is securely handled by Stripe in compliance with PCI DSS standards.

1.3. Information Collected Automatically

Usage Data: We automatically collect:

• IP address (for rate limiting and security)
• Browser type and device information
• Pages visited and features used
• Generation history and preferences
• Performance metrics and error logs

Cookies and Tracking: We use cookies for:

• Essential functions (authentication, preferences)
• Analytics (with your consent via cookie banner)
• Performance optimization

2. How We Use Your Information

We use your information to:

Provide the Service:

• Generate AI images and videos based on your prompts
• Manage your account and authenticate access
• Process payments and manage subscriptions
• Store and organize your generated content

Improve the Service:

• Analyze usage patterns (anonymized data only)
• Optimize AI model performance and generation quality
• Fix bugs and enhance user experience
• Develop new features and capabilities

Communication:

• Send important service notifications
• Respond to your support requests
• Share product updates (with consent)

Legal and Security:

• Prevent fraud and abuse
• Comply with legal obligations
• Protect our intellectual property
• Ensure platform safety and security
• Comply with international data protection regulations (including GDPR)

3. Information Sharing and Disclosure

We do not sell or rent your personal information. We may share information in these limited circumstances:

3.1. Third-Party Service Providers

AI Generation Services: We use third-party AI service providers to deliver our image and video generation features. These providers implement automated safety systems to filter out harmful or illegal content (such as sexually explicit, violent, or otherwise prohibited material). These providers process your prompts and uploaded images solely to deliver the requested outputs, and do not use your content to train their models.

Infrastructure Services:

• Secure cloud database and authentication services
• Reliable file storage and content delivery networks
• Stripe (for secure payment processing)

Analytics (with consent only):

• Google Analytics: Website usage analysis
• Microsoft Clarity: User behavior insights

3.2. Legal Requirements

We may disclose information when required by law, regulation, or legal process, or to protect our rights and the safety of our users.

3.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction.

4. Data Storage and International Transfers

Storage Locations:

• User account data is stored with secure database and authentication providers
• Generated files are stored temporarily with file storage and content delivery providers
• Payment data is handled securely by Stripe (global infrastructure)

Cross-Border Transfers: Your information may be transferred to and processed in countries outside of your country of residence, including the United States and other jurisdictions where our service providers operate. We rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions, to ensure your data remains protected during international transfers in accordance with applicable data protection laws.

5. Data Retention

User-Generated Content:

• Uploaded images: Automatically deleted after 7 days
• Generated images/videos: Automatically deleted after 30 days
• Project metadata: Retained until account deletion or user-initiated deletion

Account Data:

• User profile: Retained until account deletion
• Usage analytics: Anonymized data retained for 12 months
• Legal/audit records: Retained as required by law

6. Data Security

We implement industry-standard security measures:

• Encryption: All data transmitted via HTTPS/TLS
• Access Controls: Role-based access with minimal permissions
• Authentication: Secure password hashing and session management
• Monitoring: Regular security audits and breach detection
• Third-Party Security: All service providers meet enterprise security standards

7. Your Rights and Choices

7.1. Account Management

Access and Update: You can view and modify your account information through your dashboard.

Delete Account: You can permanently delete your account and all associated data directly through the account dashboard. This action:

• Removes all personal information from our databases
• Deletes all generated content and files
• Cancels any active subscriptions
• Cannot be undone

7.2. Data Rights (GDPR, CCPA, and Similar Laws)

You have the right to:

• Access: Request a copy of your personal information
• Correct: Update inaccurate or incomplete data
• Delete: Request deletion of your personal information
• Port: Export your data in a structured format
• Object: Opt out of certain data processing activities
• Restrict: Limit how we process your information

To exercise these rights, contact us at support@aifoto.app.
We will respond to verified requests within 30 days.

7.3. Cookie and Tracking Preferences

You can manage cookie preferences through:

• Our cookie consent banner (displayed on first visit)
• Browser settings to block or delete cookies
• Opt-out links in our privacy settings

You can withdraw or change your consent at any time through our cookie banner.

Note: Disabling essential cookies may impact core functionality.

8. Content Safety and AI Ethics

Content Moderation: Our AI service providers implement automated safety measures to prevent the generation of harmful or prohibited content. While these systems apply automated checks, we do not manually review user content. Users are responsible for ensuring that their uploads and generations comply with applicable laws and our Terms of Service.
Users are solely responsible for the legality of their prompts and generated content.

No Training Use: We do not use your uploaded images or generated content to train AI models or for any other commercial purposes beyond providing the service to you.

9. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, you may only use our Service with the involvement of a parent or legal guardian. For users in the United States, our Service is not intended for children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we discover we have collected such information without consent, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on our website
• Update the "Last Updated" date
• Notify users of material changes via email or prominent website notice
• Provide 30 days' notice for significant changes

11. Contact Information

Data Controller: AIFoto

Privacy Inquiries:

• Email: support@aifoto.app
• Legal Jurisdiction: Warsaw, Poland

Data Protection Officer: For EU residents with privacy concerns, you may contact your local data protection authority.

---

Effective Date: This Privacy Policy is effective as of September 29, 2025.

By using AIFoto, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.