Privacy Policy

Last updated: March 9, 2026

1. Information We Collect

Account data

When you create an account, we collect your email address and, if you sign in with Google, your public profile name. We do not collect or store passwords — authentication is handled via magic links or OAuth.

Usage data

We track which styles you generate, credit usage, and basic page views to improve the service. We do not sell or share this data with third parties for advertising.

Payment data

Payments are processed by Stripe. We store your Stripe customer ID and purchase history (plan, credits, amount). We never see or store your card number or payment method details.

2. How We Use Your Data

  • To provide and operate the avatar generation service.
  • To process payments and manage your credit balance.
  • To send transactional emails (purchase receipts, account security).
  • To improve service quality and fix bugs.

3. Data Storage

Account and generation data is stored in Convex (cloud database). Generated avatar images are stored in Cloudflare R2 (object storage). Both services maintain industry-standard security practices.

4. Generated Avatars

Avatars you generate are accessible via public URLs. Anyone with the URL can view the image — this is by design, as avatar URLs are meant to be shared and embedded. Avatars are not indexed by search engines unless you publish the URLs publicly.

5. Third-Party Services

  • Google OAuth: If you sign in with Google, we receive your email and public profile name. We request minimal scopes (email and profile only).
  • Stripe: Handles all payment processing. Subject to Stripe's Privacy Policy.
  • Google Gemini: Processes text prompts to generate images. Prompts do not contain personal information. Subject to Google AI Terms.
  • Cloudflare: Hosts our application and stores generated images. Subject to Cloudflare's Privacy Policy.

6. Data Retention

We retain your account data and generated avatars as long as your account is active. If you delete your account, we will remove your personal data and generated images within 30 days. Purchase records may be retained longer for legal and accounting purposes.

7. Your Rights

You have the right to:

  • Access your personal data.
  • Delete your account and associated data.
  • Export your generated avatars.
  • Opt out of non-essential communications.

To exercise these rights, contact us or use the account settings page.

8. Cookies

We use essential cookies for authentication session management. We do not use third-party tracking cookies or advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

10. Contact

Questions about this policy? Contact us at privacy@photoclaw.xyz.

← Back to home