Privacy Policy

Last updated: 5/30/2025

1. Introduction

Welcome to PaintifyAI. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered image transformation service. We are committed to protecting your privacy and ensuring transparency about our data practices.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@paintify.gallery.

2. Information We Collect

Information You Provide Directly

• Account Information: Email address, display name, and password when you create an account
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Images: Original photos you upload for AI transformation
• Communications: Messages you send us through support channels or feedback forms
• Newsletter Signup: Email addresses collected through our landing page signup form

Information Collected Automatically

• Usage Data: How you interact with our service, features used, subscription tier, transformation counts
• Device Information: Browser type, operating system, IP address, device identifiers
• Performance Data: Service response times, error logs, system performance metrics
• Authentication Data: Login sessions, security tokens managed by Firebase Authentication

Information from Third-Party Services

• Firebase/Google Cloud: Authentication data, cloud storage metadata, usage analytics
• Stripe: Payment processing status, subscription management data
• OpenAI: Image processing requests (your images are sent to OpenAI for AI transformation)
• Google Cloud Vision: Content moderation results for uploaded images

3. How We Use Your Information

We use your information for the following purposes:

Service Provision

• Process your images through our AI transformation models
• Store your original and transformed images securely in your personal gallery
• Manage your account, subscription, and billing
• Provide customer support and respond to inquiries
• Moderate content to ensure compliance with our policies

Service Improvement

• Analyze usage patterns to improve our AI models and user experience
• Monitor service performance and identify technical issues
• Develop new features and artistic styles
• Conduct research and analytics (using aggregated, anonymized data)

Legal and Business Operations

• Comply with legal obligations and respond to legal requests
• Enforce our Terms of Service and protect against fraud or abuse
• Send important service notifications and updates
• Process payments and manage subscriptions

4. Information Sharing and Disclosure

We do not sell or rent your personal information. We share your information only in these circumstances:

Essential Service Providers

Legal Requirements

• When required by law, regulation, or valid legal process
• To protect our rights, property, or safety, or that of our users
• To investigate fraud, security issues, or policy violations
• In connection with a business transfer, merger, or acquisition

5. Data Security and Storage

Security Measures

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Role-based access with multi-factor authentication for our systems
• Secure Storage: Images stored in Firebase Cloud Storage with access controls
• Regular Audits: Security assessments and monitoring for unauthorized access
• Data Minimization: We collect only the data necessary for service operation

Data Location and Retention

• Your data is primarily stored in Google Cloud servers in the United States
• Images and account data are retained while your account is active
• Deleted images are permanently removed from our systems within 30 days
• Account data is deleted within 90 days of account closure
• Some aggregated, anonymized analytics may be retained for service improvement

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Universal Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Data Portability: Receive your data in a machine-readable format

Additional Rights (GDPR/CCPA)

• Restriction: Limit how we process your personal information
• Objection: Object to processing based on legitimate interests
• Opt-out: Withdraw consent for data processing where consent is the legal basis
• Non-discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session and remember your preferences
• Analyze site usage and performance through Firebase Analytics
• Provide security features and prevent fraud
• Improve user experience and service functionality

You can control cookies through your browser settings, but disabling them may affect service functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses with service providers
• Adequacy decisions by relevant data protection authorities
• Certification schemes and binding corporate rules where applicable

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete such information.

Users between 13-18 must have parental consent to use our service.

10. Third-Party Services and Links

Our service integrates with third-party services that have their own privacy policies:

• OpenAI: Review their privacy policy at https://openai.com/privacy/
• Google/Firebase: Review their privacy policy at https://policies.google.com/privacy
• Stripe: Review their privacy policy at https://stripe.com/privacy

We are not responsible for the privacy practices of these third-party services.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant authorities within 72 hours (where required by law)
• Inform affected users without undue delay
• Provide clear information about the nature and scope of the breach
• Describe measures taken to address the breach and prevent future incidents

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Send email notifications to registered users
• Display prominent notices in our service
• Update the "Last updated" date at the top of this policy
• Maintain an archive of previous versions for reference

Continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data practices, contact us:

14. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal information based on:

• Contract Performance: To provide our AI transformation service and manage your account
• Legitimate Interests: For service improvement, security, and business operations
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations