Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to our AI Tools service (the "Service"). We take your privacy seriously, and this Privacy Policy explains how we collect, use, store, and protect your personal information. By using our Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Account Information

  • Authentication Information: When you use Google OAuth login, we collect your Google account basic information (name, email address, avatar)
  • Account Data: Your subscription status, credit balance, usage history

2.2 Usage Information

  • Tool Usage Records: Types of AI tools you use, usage time, task status
  • Generated Content: Images you upload, generated images, editing requests
  • Device Information: Browser type, operating system, IP address (for security and service optimization)

2.3 Payment Information

  • Payment Processing: We use Stripe to process payments. Your payment information is processed directly by Stripe, and we do not store your complete credit card information
  • Subscription Information: Subscription plans, payment history, invoice records

2.4 Technical Information

  • Log Data: API requests, error logs, performance data (for service improvement and troubleshooting)
  • Cookies and Similar Technologies: Used to maintain login status and remember preferences

3. How We Use Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Process your AI tool usage requests
  • Manage your account and subscription
  • Store and manage your generated images
  • Provide customer support

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Monitor service performance and stability
  • Develop and test new features

3.3 Communication

  • Send service-related notifications (such as task completion, subscription updates)
  • Respond to your inquiries and requests
  • Send important service updates and security notifications

3.4 Security and Compliance

  • Prevent fraud and abuse
  • Protect service security
  • Comply with legal obligations

4. Information Storage

4.1 Data Storage Locations

  • User Data: Stored in Supabase (PostgreSQL database), servers located in secure data centers
  • Image Files: Stored in Cloudflare R2, accessed via CDN acceleration
  • Payment Data: Securely processed by Stripe, compliant with PCI DSS standards

4.2 Data Retention

  • Account Data: Retained while your account exists, deleted within 30 days after account deletion
  • Generated Images: Retained while your account exists, deleted within 30 days after account deletion
  • Log Data: Retained for 90 days for troubleshooting and security analysis
  • Payment Records: Retained as required by law (typically 7 years)

5. Information Sharing

We do not sell your personal information. We only share information in the following circumstances:

5.1 Service Providers

  • Supabase: Database and authentication services
  • Cloudflare: Storage and CDN services
  • Stripe: Payment processing services
  • Google: OAuth authentication services

5.2 Legal Requirements

  • Comply with laws, regulations, or government requirements
  • Protect our rights and property
  • Prevent fraud or security threats

5.3 Business Transfers

If a merger, acquisition, or asset sale occurs, your information may be transferred

6. Your Rights

6.1 Access and Correction

  • You can access and update your personal information through account settings
  • You can view your usage records and subscription information through the Dashboard

6.2 Data Deletion

  • You can delete your account at any time
  • After account deletion, your personal information and generated content will be deleted within 30 days

6.3 Data Export

  • You can request to export your account data
  • You can download your generated images through the Library feature

6.4 Cookie Control

  • You can control cookies through browser settings
  • Disabling cookies may affect the use of certain features

7. Data Security

We take the following security measures to protect your information:

  • Encrypted Transmission: All data transmission is encrypted using HTTPS/TLS
  • Encrypted Storage: Sensitive data is encrypted in the database
  • Access Control: Strictly limit employee access to user data
  • Security Audits: Regular security audits and vulnerability scans
  • Anti-Fraud System: Implement anti-fraud detection and protection mechanisms

8. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it immediately.

9. International Data Transfers

Your information may be transferred to and processed in locations outside your country/region. We ensure appropriate security measures are taken to protect your information.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We recommend that you review the privacy policies of these websites.

11. Privacy Policy Updates

We may update this Privacy Policy from time to time. Significant changes will be notified to you via email or in-service notifications. Continued use of the Service indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

  • Email: support@nanoflux.ai