Privacy

Effective: January 1, 2025

Last updated: November 18, 2024

Introduction

Welcome to PhotexAI! Your trust is important to us, and we are committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you interact with our services. By using PhotexAI, you agree to the terms outlined in this policy.

The Data We Collect

We collect different types of information from and about users to provide and enhance our services. This includes:

• Personal Data: Personal data includes identifiable information that you provide to us, such as your email address, which we collect when you register for an account, subscribe to updates, or use our services. This type of information is essential for creating your user profile, enabling account-specific services, and facilitating communication between you and PhotexAI. We may use your personal data to send important notifications about updates to our services, respond to inquiries or support requests, and maintain the security of your account. By collecting this information, we ensure that you have a personalized and secure experience when using our platform.
• Usage Data: Usage data refers to information automatically collected when you interact with our platform, encompassing service usage patterns and user activities. This data may include details about how you navigate through the site or app, which features you frequently use, and the time spent on different sections of our services. By analyzing usage data, we gain insights into user behavior, which helps us identify popular features, understand user preferences, and improve the overall functionality and user experience of our platform. This information is crucial for refining our services, optimizing performance, and tailoring future updates to better align with user needs.
• Personal Data: Personal data includes identifiable information that you provide to us, such as your email address, which we collect when you register for an account, subscribe to updates, or use our services. This type of information is essential for creating your user profile, enabling account-specific services, and facilitating communication between you and PhotexAI. We may use your personal data to send important notifications about updates to our services, respond to inquiries or support requests, and maintain the security of your account. By collecting this information, we ensure that you have a personalized and secure experience when using our platform.

How We Collect Your Data

We collect data in the following ways:

• Directly from You: We collect data directly from you when you take actions such as creating an account, subscribing to services, or engaging with us through support channels or feedback forms. This direct collection ensures that we have accurate information to create and manage your account, tailor services to your needs, and communicate effectively with you regarding updates, features, or support matters. When you actively provide data—whether inputting details during registration, sending an inquiry, or responding to surveys—it empowers us to offer a more personalized experience and address your needs more effectively. Collecting data directly from users also enhances the trustworthiness of our system by confirming that the information is provided by the account owner or user.
• Automatically: We may also collect certain types of data automatically when you interact with our services, allowing us to understand your usage patterns without requiring manual input. This automated data collection can include details such as app interactions, feature usage, or session durations, which help us analyze how our platform is used and identify areas for improvement. However, to protect your privacy and maintain transparency, we do not use cookies or third-party analytics tools that could track your activity across different sites or services. This approach prioritizes user privacy and ensures that any automatic data collection is limited to the operations within our platform, focusing solely on enhancing your experience without invasive tracking or data sharing practices.

How We Use Your Data

We use your data to:

• Provide and Maintain Services: We use your data to ensure that our services are fully operational, reliable, and function seamlessly. This means leveraging your information to support essential functions such as account verification, troubleshooting technical issues, and maintaining the performance of our platform. By analyzing data related to system usage, we can identify and address potential technical problems, optimize service uptime, and continuously improve the stability of our infrastructure. Your data helps us ensure that the platform runs smoothly and efficiently, enabling us to provide a secure and responsive experience that meets your expectations.
• Enhance User Experience: Personalizing your experience is a core part of how we use your data. By understanding your interactions with the platform—such as which features you use most or how you navigate through our services—we can tailor content and adjust the interface to better suit your preferences. This could include suggesting relevant features or streamlining access to tools that align with your usage patterns. Our goal is to make the platform more intuitive and engaging by adapting it to meet your unique needs. The insights we gather from data analysis enable us to introduce enhancements that make your interactions with PhotexAI more efficient and enjoyable.
• Communicate with You: We use your data to stay connected and keep you informed about your use of PhotexAI. This includes sending important notifications such as updates to services, policy changes, or critical information affecting your account. We may also reach out to you regarding new features, support responses, or user surveys to gather feedback. Communication ensures that you remain aware of developments within the platform, from product enhancements to potential service interruptions. Using data-driven communication allows us to maintain transparency, provide timely information, and strengthen our connection with you by delivering relevant updates directly to your inbox.

Legal Basis for Data Processing

The collection and processing of your personal data at PhotexAI are primarily based on your consent, which is a foundational aspect of our commitment to transparency and user autonomy. By choosing to use our services, you agree to the terms set forth in this Privacy Policy, which includes the collection, processing, and storage of your data for the purposes described. This consent-based approach ensures that you have control over your information and are informed about how it is being used. We obtain your explicit agreement at the point of registration or interaction with our platform, giving you the choice to participate under clear terms.

This approach aligns with global data protection standards and ensures that we act within the bounds of legal regulations. Your consent is revocable, meaning you have the right to withdraw it at any time, which will impact how we handle your data moving forward. If you choose to withdraw your consent, we will cease the collection and processing of your data for non-essential purposes and will take steps to delete or anonymize the data where feasible. This reinforces your control over your personal information and exemplifies our dedication to respecting your privacy rights.

How We Share Your Data

At PhotexAI, your privacy is paramount, and we are fully committed to protecting your personal information. One of the fundamental principles of our data management practices is that we do not share your personal data with any third parties, ensuring that your information remains confidential and secure within our ecosystem. This means that any data you provide—whether for account creation, service interactions, or communication purposes—is used exclusively to support and enhance your experience with our platform, as described in this Privacy Policy.

We take extensive measures to safeguard your data from unauthorized access, ensuring that only our trusted team members and systems with a legitimate need have access to it. This strict access control reinforces our commitment to maintaining your data’s confidentiality. By keeping data processing in-house and avoiding external data-sharing practices, we reduce the risk of data exposure and maintain tighter control over how your information is managed. This policy helps us align with privacy laws and reinforces user trust, reassuring you that your personal data is never sold, shared, or distributed to third-party entities for marketing, analytics, or any other purpose outside the scope of what is stated in our policy. Your data stays secure, protected, and used solely for your benefit.

Data Storage and Security

We take the security of your personal data seriously. Your data is stored using Cloudflare and Amazon Web Services (AWS), both of which are known for robust security measures.

• Access Controls: We employ role-based access controls (RBAC) to limit data access to only those employees or personnel whose job functions require it. This ensures that access to sensitive information is strictly managed and monitored. Our access control system enforces the principle of "least privilege," meaning that users and systems are only granted the access necessary for their specific duties. Access logs are maintained to track and audit data handling activities, helping to identify and respond to any unauthorized or unusual access attempts promptly.
• Data Anonymization and Pseudonymization: To enhance the security and privacy of user data, we apply anonymization or pseudonymization practices where feasible. Anonymization involves altering data in such a way that it can no longer be linked back to individual users without additional information that is stored separately. Pseudonymization, on the other hand, replaces personal identifiers with artificial identifiers or pseudonyms, allowing data processing while minimizing exposure of actual user identities. These techniques help to safeguard user data during processing, ensuring that even if data were to be intercepted, the risk of identifying individual users is significantly reduced.
• Infrastructure Security: The data stored on AWS and Cloudflare benefits from highly advanced security protocols designed to protect user information. These platforms employ network firewalls to control resource access and prevent unauthorized intrusions, ensuring that sensitive data is shielded from potential threats. Additionally, AWS and Cloudflare incorporate built-in threat detection and monitoring systems that enable swift identification and response to potential security incidents, enhancing overall protection. To safeguard against data loss, regular data backups are performed, providing redundancy and ensuring that services remain continuous even in the event of unexpected disruptions.
• Limitations: Despite our strong commitment to comprehensive data protection, there are some current limitations in our security measures. We do not currently use multi-factor authentication (MFA) for access to internal data management systems. MFA is known to add an extra layer of security by requiring multiple verification methods before access is granted, and while we recognize its importance, this remains an area for potential future improvement. Additionally, we do not store data in an encrypted format at rest, meaning that while data in transit is protected through encryption (e.g., TLS/SSL), stored data within our databases and storage solutions lacks this additional level of encryption. This aspect is important for users who prioritize full encryption throughout the data lifecycle.

Retention of Your Data

At PhotexAI, we are dedicated to maintaining a responsible approach to data retention, ensuring that your personal information is kept only for as long as necessary to provide our services or comply with applicable legal obligations. This practice supports a balance between offering seamless service continuity and protecting your privacy. Typically, we retain your personal data for a period of 6 months or until you choose to delete your account, whichever comes first. This timeframe allows us to fulfill our service commitments to you, such as maintaining access to your user history, ensuring smooth reactivation of accounts, and enabling accurate customer support.

Once the retention period has elapsed or your account is deleted, we take steps to securely remove or anonymize the data. Anonymized data may be retained beyond the typical period for analytical purposes, as it no longer contains personal identifiers and cannot be linked back to any individual. Retaining anonymized data allows us to perform valuable analysis, such as studying service usage trends, enhancing platform functionality, and improving user experience, all while protecting individual privacy. Our data retention policy is aligned with industry standards and regulatory requirements, ensuring that we handle your data responsibly and transparently. Should legal obligations or legitimate interests require an extended retention period, we will act in compliance with those requirements while continuing to prioritize data security and user rights.

Your Rights and Control Over Your Data

You have certain rights regarding your data:

• Access Your Data: You have the right to request a copy of the personal data we have collected about you. This means you can see what information we have on record, how it is used, and why it is retained. Accessing your data helps you stay informed about what is being stored and allows you to review it for accuracy.
• Correct Your Data: If you find that any of your personal data is incorrect or incomplete, you have the right to request that we correct or update this information. Ensuring your data is accurate allows us to provide better, more personalized services and maintain the integrity of your user profile. Our team is committed to addressing inaccuracies promptly and ensuring that your personal information reflects your current status.
• Delete Your Data: Should you wish to remove your data from our systems, you have the right to request deletion. This is particularly important if you decide to discontinue using our services or if you have concerns about how your data is being managed. Upon receiving your request, we will take the necessary steps to securely erase your personal data, except where retention is required by law or necessary for legitimate purposes.
• Processing Timeline: We recognize the importance of timely action when it comes to your data requests. We strive to process all user requests for data access, correction, or deletion within 30 business days. This efficient processing ensures that your data rights are upheld without unnecessary delays, giving you confidence that your concerns are addressed promptly.

Data Portability

At this time, we do not offer data portability in a specific format. Data portability refers to the ability for users to receive their personal data in a structured, commonly used, and machine-readable format, allowing them to easily transfer their information to another service provider if desired. While we recognize that data portability can be an important part of user control, this feature is not currently available in our services.

The absence of data portability means that if you wish to transfer your data from PhotexAI to another platform or service, you may need to manually collect and re-enter your data or contact us for assistance with an alternative solution. Although we do not yet support automatic data transfers, we are committed to continually evaluating our offerings and considering potential enhancements that align with user needs and emerging industry standards.

Our focus remains on safeguarding your data and ensuring that it is managed responsibly within our platform. Should our policy on data portability change in the future, we will provide clear communication and instructions on how to access and transfer your personal data seamlessly. We strive to be transparent and responsive to user needs, and we will continue exploring the feasibility of implementing data portability in a manner that meets our privacy and security standards.

Data Transfers

While our standard data practices do not involve intentionally transferring user data internationally, certain circumstances may arise where data is accessed or processed across borders. This can occur when using third-party services or systems that have infrastructure in multiple countries or when employees or contractors working remotely access data from different regions. Recognizing the importance of protecting your data, we are committed to ensuring that any international data transfers are conducted in a manner that upholds the highest privacy standards.

To safeguard your information during such transfers, we utilize internationally recognized legal mechanisms, such as Standard Contractual Clauses (SCCs). SCCs are legal tools approved by the European Commission and other regulatory bodies, designed to provide a consistent level of protection for personal data transferred from within the European Economic Area (EEA) to countries outside it. These clauses mandate that the data recipient must adhere to data protection requirements equivalent to those set by EU regulations, ensuring that your data receives the same level of security and privacy regardless of where it is processed.

By implementing these safeguards, we mitigate the risk associated with international data transfers and align with global data protection frameworks, such as the General Data Protection Regulation (GDPR). Our commitment to using SCCs and other protective measures ensures that, even in the case of cross-border data movement, your personal information is managed with the utmost care and in compliance with relevant legal standards. Should international data transfers become a more significant part of our operations, we will continue to evaluate and adopt additional measures to reinforce the safety and integrity of your data.

Data Breach Notification

At PhotexAI, maintaining the integrity and security of your personal data is a top priority. However, despite robust security measures, unforeseen incidents can occur. In the event of a data breach, we are committed to responding swiftly and transparently to mitigate any potential impact on our users. If a breach affecting your personal data were to happen, we will promptly notify affected users via email from [email protected]. This direct communication ensures that you are informed as soon as possible and can take any necessary precautions to protect your information.

Our data breach response protocol includes a thorough assessment to identify the scope of the breach, the data impacted, and the potential risk to affected users. We will also detail what measures we have taken to secure the data and prevent further unauthorized access. Our email notification will provide you with all relevant information, including the nature of the breach, the types of data involved, and recommended steps you can take to safeguard your personal information, such as changing passwords or monitoring for suspicious activity.

Additionally, we will work with cybersecurity experts to analyze the incident, identify vulnerabilities, and implement improvements to our security framework to prevent similar occurrences in the future. If required by law, we will also inform appropriate data protection authorities to ensure compliance with regulatory obligations. By acting quickly and transparently, we aim to protect your data and maintain your trust in PhotexAI. Our goal is to minimize disruption and potential harm while reinforcing our commitment to safeguarding your personal information.

Protection of Data for Minors

At PhotexAI, we acknowledge the importance of safeguarding the data of all our users, including those under the age of 18. We collect limited personal data from minors to provide our services effectively, but at present, we do not have additional, specialized safeguards designed explicitly for protecting the data of younger users. This means that the data collected from minors is managed under the same security measures and privacy practices as that of adult users.

To further support the protection of minors, we encourage parents and guardians to actively oversee and guide their children's interactions with our platform. This involvement can help ensure that minors use the services responsibly and that their data privacy is maintained. We recommend parents educate their children about safe online practices, including sharing personal information and recognizing potential security risks.

While our current infrastructure does not include child-specific privacy protections, we are committed to revisiting our policies regularly to align with evolving privacy standards and best practices for protecting younger users' data. Should new regulations or advancements in data protection tools necessitate changes to our approach, we will adapt our practices to better safeguard the personal information of minors. In the meantime, we rely on the cooperation of parents and guardians to supplement our efforts in maintaining a secure online environment for younger members of our community.

Parental Consent

At PhotexAI, while we are aware of the importance of parental involvement in protecting minors' online privacy, we currently do not require parental consent for users under a certain age to use our services. This means that minors can create accounts and interact with our platform independently. However, we rely on parents and guardians to take an active role in supervising their children's use of our services to ensure a safe and secure experience. We encourage parents to discuss responsible online behavior with their children, review their interactions on the platform, and guide them in making informed decisions when sharing personal information. Parental oversight is a vital supplement to our standard privacy measures, helping to create a safer digital environment for minors. Our commitment to transparency and ongoing evaluation of our policies means we remain open to enhancements that align with best practices for protecting the privacy and security of younger users.

Third-Party Services and Links

At PhotexAI, we take a focused approach to safeguarding user privacy by ensuring that our platform operates as a self-contained environment. This means that we do not incorporate or embed links to third-party websites, services, or applications. By keeping our ecosystem exclusive, we reduce the risk of exposing user data to external platforms that might have different privacy standards or practices. This design choice helps maintain tighter control over the data flow and security protocols, ensuring that any personal or usage data collected remains securely within PhotexAI's infrastructure and is managed according to our strict privacy guidelines.

This closed-loop approach also enhances user trust by eliminating the uncertainties associated with data sharing that could occur when linking to external services. Users can confidently interact with our platform without concern that their data will be redirected, shared, or processed by third-party sites with less rigorous privacy measures. The absence of third-party links means that data collection and processing are solely conducted by PhotexAI, giving us full accountability over how user data is managed. Our commitment to keeping the user experience self-contained allows us to ensure consistent application of our privacy standards and maintain a high level of transparency with our users.

Updates and Changes to the Privacy Policy

At PhotexAI, maintaining transparency with our users is a priority, and this extends to how we handle updates and changes to our Privacy Policy. We recognize that as our platform evolves or as regulations change, it may be necessary to revise this policy to reflect updates in our data practices, operational needs, or compliance with new legal standards. Whenever we make significant changes to this Privacy Policy, we will ensure that users are made aware through appropriate channels. This includes posting an updated version of the Privacy Policy page, where users can review it at any time.

To enhance transparency, we may also send notifications via email or through in-platform alerts to inform users of critical updates that impact how their data is handled. These communications will outline the nature of the changes, why they were made, and how they might affect your use of the platform or your rights as a user. By keeping you informed, we aim to foster trust and ensure that you remain fully aware of how your personal information is managed. We encourage users to review the Privacy Policy periodically to stay up-to-date with our practices. If you continue to use PhotexAI after an updated policy has been posted, this indicates your acknowledgment and agreement to the revised terms.

Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy or the way we handle your personal data, we encourage you to reach out to us via email at [email protected]. Our dedicated team is committed to addressing your inquiries and ensuring that you receive clear and timely responses to any issues related to your privacy. At this time, email support is the primary method for reaching us, but we are committed to maintaining open lines of communication to assist with your privacy needs effectively.

How We Handle Requests and Rights

PhotexAI is committed to ensuring that your rights concerning your personal data are respected and upheld. Our approach to handling user requests is designed to be both transparent and efficient, allowing you to exercise your rights with ease. Whether you need to access your data, request corrections, or delete your information, we are here to support you every step of the way.

• Timeframe: We understand that timely responses are crucial when it comes to managing your personal data. That’s why we aim to process requests for data access, correction, or deletion within 3-5 business days from the date we receive your request. This timeframe reflects our commitment to addressing your needs promptly while ensuring that we follow thorough verification procedures to protect your data security. By processing requests swiftly, we help reinforce your trust in our services and maintain your control over your personal information.
• Scope: Although we do not currently offer data portability in a standardized, machine-readable format, we prioritize enabling you to exercise your rights as seamlessly as possible. This means providing straightforward processes for requesting and reviewing your personal data, updating information when needed, and securely deleting your data upon your request. Our team is dedicated to making sure that, even without data portability options, you can confidently manage your personal data within our platform. We are committed to continuously evaluating our practices to align with user needs and evolving privacy standards, reinforcing our dedication to your data rights.

Data Processing Practices for Underage Users

At PhotexAI, our current data processing practices apply uniformly to all users, including those under 18. While we have standard data protection measures like access controls, secure storage, and anonymization, we do not yet offer specialized safeguards tailored specifically for minors. We encourage parents and guardians to actively supervise their children’s interactions with our platform to ensure a safe and responsible online experience. This oversight helps protect minors and educates them on how to navigate digital spaces securely, including the responsible handling of personal information.

We recognize that minors may have distinct privacy needs that could require greater protections. While PhotexAI does not provide child-specific content or services, we are committed to assessing and adapting our policies as privacy regulations and industry best practices evolve. Our ongoing goal is to remain aligned with future changes that promote enhanced data protection for younger users, ensuring that our platform continues to be a safe and secure space for everyone.

Commitment to Privacy

Protecting your privacy is central to PhotexAI’s mission, and we are committed to handling your data with care and transparency. To maintain this commitment, we continually review and update our data protection practices to keep up with evolving standards, regulations, and technological advancements. We prioritize clear communication so that you are always aware of how your data is collected, used, and protected, reinforcing the trust you place in us. If you have any questions or concerns about our data practices or need further clarification, our team is ready to assist—please contact us at [email protected].