Privacy Policy

Last updated: 2026-05-02

This Privacy Policy explains how ("we", "us") collects, uses, and shares information when you use our Service.

1. Information We Collect

Account information. When you sign up, we collect your email address and a hashed password (or OAuth identifier). We may also collect a display name.

Generated content. We store the prompts you submit, the parameters you choose, and the images produced by our AI models. This lets you revisit past generations from your account.

Usage and device data. We log approximate IP address (truncated — we do not store your exact IP), country (from Cloudflare geolocation headers), browser user agent, and pages visited.

Marketing attribution. When you arrive at the Service from a marketing link, we capture UTM parameters (utm_source, utm_medium, utm_campaign) and ad-platform click identifiers (gclid, fbclid, ttclid) along with your landing page and referring site. This is stored once per browser (first-touch) for up to 60 days.

Payment data. We do not store full payment card details. Stripe handles billing and retains minimal identifiers (customer ID, last 4 digits of card) on our behalf.

2. How We Use Information

We use information to:

• operate and improve the Service
• provide customer support
• prevent fraud and abuse
• comply with legal obligations
• communicate with you about your account, security issues, and (with consent) product updates

3. Cookies and Analytics

We use cookies and similar technologies to keep you logged in, remember your preferences, and measure Service usage. You can control cookies via the Cookie Preferences link in our footer.

We may use third-party analytics services (such as Google Analytics, Plausible, or Microsoft Clarity) to understand how the Service is used in aggregate. These services may set their own cookies.

4. Data Retention

• Account data: kept for the life of your account; deleted on request or within a reasonable period after account closure
• Generated images: kept for up to 90 days after generation in our storage, though you can download earlier copies at any time
• Server logs: retained for up to 90 days for security and debugging
• Attribution data: retained with your account record for analytics; cleared when you delete your account

5. Third-Party Services

We share limited data with service providers who help us run the Service:

• AI model providers (e.g., OpenAI, Anthropic, Google, Replicate) receive your prompt and any reference media to produce output. They are contractually obligated not to train on your content except as described in their own privacy policies.
• Payment processor (Stripe) handles billing.
• Email delivery (transactional senders) deliver verification and notification emails.
• Cloud infrastructure (Cloudflare) hosts our Service and stores generated content.

We do not sell your personal information.

6. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information. Email to exercise these rights.

Users in the European Economic Area, United Kingdom, and California have additional rights under GDPR / UK GDPR / CCPA respectively, including the right to object to or restrict certain processing.

7. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact and we will delete it.

8. International Transfers

Our infrastructure runs on global edge networks; your data may be processed in any country where our providers operate, including the United States. We rely on standard safeguards (such as Standard Contractual Clauses) where applicable.

9. Security

We use industry-standard measures (TLS in transit, encryption at rest for sensitive fields, hashed passwords) to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes take effect 30 days after notice (by email or in-product banner).

11. Contact

Privacy questions? Email .