Photostudio

    Privacy Policy

    Last updated: March 2025

    1. Data Controller

    The data controller responsible for your personal data is:

    11380 BV

    Neerhof 16, 2200 Herentals, Belgium

    VAT: BE1027387079

    Contact: peter@photostudio.io

    For data protection matters, you may also contact the above address. A Data Protection Officer (DPO) is not legally required; general inquiries go to peter@photostudio.io.

    2. Categories of Data We Process

    • Account data: Email, name, password hash
    • Billing data: Payment details (processed by Stripe), billing history
    • Usage data: Analytics (if you consent), session data
    • AI uploads: Garment images you upload for processing
    • Logs and technical data: IP address, device info, request logs
    • Session cookies: Authentication and essential functionality

    3. Legal Bases for Processing

    We process your data on the following legal grounds:

    • Contract performance: Account, payment, and service delivery
    • Legitimate interest: Fraud prevention, security, service improvement
    • Consent: Analytics, marketing cookies (see our Cookie Policy)

    4. Retention Periods

    • Account data: Until you delete your account or request deletion
    • Billing records: 7 years (legal/tax obligations)
    • Logs: Up to 90 days
    • AI uploads: Processed for generation; not stored permanently beyond what is necessary for the service

    5. Data Processors and Sub-processors

    We use the following processors to provide the service:

    • Supabase: Hosting, database, auth (EU)
    • Stripe: Payments (SCC / DPF)
    • Google: Analytics, reCAPTCHA, GTM (SCC where applicable)
    • Meta: Meta Pixel (with consent, SCC)
    • Plerdy: Analytics (with consent)
    • AI providers: Google (Gemini), ApiYi, Kie, LaoZhang and similar for image generation

    Transfers outside the EEA are governed by Standard Contractual Clauses (SCC) or Data Privacy Framework (DPF) where applicable.

    6. Your Rights

    Under GDPR, you have the right to:

    • Access: Request a copy of your personal data
    • Rectification: Correct inaccurate data
    • Erasure: Request deletion of your data
    • Restriction: Limit how we process your data
    • Data portability: Receive your data in a structured format
    • Object: Object to processing based on legitimate interest
    • Withdraw consent: Where processing is based on consent
    • Complain: Lodge a complaint with your local data protection authority (in Belgium: the Gegevensbeschermingsautoriteit / GBA)

    To exercise these rights, contact us at peter@photostudio.io.

    7. Transfers Outside the EU

    Some processors are located outside the EU. We ensure appropriate safeguards (Standard Contractual Clauses, adequacy decisions, or Data Privacy Framework) for such transfers.

    8. Cookies

    We use cookies for essential functionality, analytics, and marketing. See our Cookie Policy for details and how to manage your preferences.

    9. Contact

    Questions about this privacy policy? Email us at peter@photostudio.io.

    For B2B customers, we offer a Data Processing Agreement (DPA).