Privacy Policy

1. Information We Collect

Account data: Email address, name (if provided via OAuth), and hashed password.

Uploaded images:Photos you upload for blending. Source images for free users are automatically deleted after 24 hours. Paid users' images are retained until account deletion.

Usage data: Blend history, credit transactions, feature usage, and interaction patterns.

Technical data: IP address, browser type, device type, and cookies for session management.

Payment data: Processed by Stripe. We do not store credit card numbers. We receive transaction confirmations and subscription status.

2. How We Use Your Data

• To provide and improve the Service (image processing, AI blending)
• To manage your account and credits
• To process payments via Stripe
• To send transactional emails (account verification, password reset)
• To analyze usage patterns and improve the product
• To prevent abuse and enforce our Terms of Service

We do not use your uploaded images to train AI models. Images are processed through third-party AI providers (fal.ai) solely to generate your requested blends.

3. Third-Party Services

We share data with the following processors, each with their own privacy policies:

• Supabase (database, authentication, file storage) — EU data processing available
• fal.ai (AI image processing) — images are processed and not retained after generation
• Stripe (payment processing) — PCI-DSS Level 1 compliant
• Vercel (hosting, analytics) — edge-deployed globally

4. Cookies

We use cookies for:

• Essential cookies: Authentication session tokens (Supabase). Required for the Service to function.
• Analytics cookies: Anonymous usage tracking (Vercel Analytics). Can be opted out via the cookie banner.

5. Your Rights (GDPR / CCPA)

You have the right to:

• Access: Request a copy of all data we hold about you
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your account and all associated data
• Portability: Export your blend history and account data
• Objection: Opt out of analytics tracking
• Restriction: Limit processing of your data

To exercise these rights, email privacy@fotoblend.com. We respond within 30 days.

6. Data Retention

• Account data: retained until account deletion
• Source images (free tier): deleted after 24 hours
• Source images (paid tier): retained until account deletion
• Blended results: retained until manually deleted or account deletion
• Payment records: retained for 7 years per financial regulations

7. Data Security

We implement industry-standard security measures including: encrypted data in transit (TLS 1.3), encrypted data at rest, Row Level Security on all database tables, signed URLs for private file access, and regular security audits. However, no system is 100% secure. We will notify affected users within 72 hours of any data breach.

8. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we discover that a child under 16 has created an account, we will delete it immediately.

9. Changes to This Policy

We may update this Privacy Policy at any time. We will notify registered users of material changes via email and update the "Last updated" date above.

10. Contact

For privacy-related questions, contact our Data Protection Officer at privacy@fotoblend.com.