Privacy Policy

1. Controller and Contact

ProductShotAI ("we", "us", "our") is the data controller. For privacy matters, data subject requests, and any questions about this policy, contact us exclusively at: reservationwebbitz@gmail.com.

2. Information We Collect

We collect:

• Account data: email, password (hashed), and account metadata
• Images you upload: the files themselves and associated URLs
• Generation data: prompts, preferences, input/output image URLs, resolution, aspect ratio
• Payment data: processed by third‑party payment providers; we do not store full card numbers
• Usage and technical data: device ID, IP address (including for free‑tier limits), and analytics (see Analytics)

3. How We Process Your Images — Storage, CloudFront, and WaveSpeed

Important: Your uploaded and generated images are processed as follows:

• Database: We store references to your images (e.g. URLs, file identifiers) and generation metadata in our database.
• Cloud storage and CDN: Image files are stored in cloud storage and served via a content delivery network (e.g. Amazon CloudFront or equivalent) so they can be accessed by our systems and by the AI processing service.
• WaveSpeed (AI processing): To generate product photos, we send your image URLs to WaveSpeed. WaveSpeed receives and processes your images according to their own terms and privacy policy.

Do not upload private, confidential, or sensitive images if you are not willing to accept the risks of this processing. Images are stored, delivered via CDN, and transmitted to third‑party AI services. Although we use reasonable technical and organizational measures, we cannot eliminate all risks of unauthorized access, disclosure, or use. By uploading images, you acknowledge this and assume responsibility for the content you provide.

4. How We Use Your Information

We use the information to:

• Provide, maintain, and improve the service (including image storage, CDN delivery, and AI processing)
• Process generations and manage credits
• Enforce free‑tier limits (device ID, IP)
• Send service‑related and, where permitted, marketing communications
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and defend our rights

5. Legal Basis (Where Applicable)

Where the GDPR or similar laws apply: we process your data (i) to perform our contract with you (account, generations, payments), (ii) for our legitimate interests (security, analytics, improving the service), and (iii) where required, with your consent. You may withdraw consent where it is the sole basis, without affecting the lawfulness of prior processing.

6. Third‑Party Services and International Transfers

We use:

• WaveSpeed: AI image processing; their privacy policy and terms govern their use of your images and data.
• Cloud / CDN (e.g. AWS S3, CloudFront): Storage and delivery of images and static assets.
• Payment processors: To handle payments; we do not store full payment card data.
• Hosting and infrastructure: Our app and database are hosted on third‑party providers with industry‑standard security.
• Vercel Analytics: To analyze usage (see Analytics).

Some of these providers may process or store data outside your country. We rely on appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) where required by law.

7. Cookies, Local Storage, and Analytics

We use localStorage (and similar technologies) for authentication tokens and device ID (for free‑tier limits). We may use essential cookies for the operation of the service.

Analytics: We use Vercel Analytics to understand how the site is used (e.g. page views, interactions). This helps us improve the service. Vercel’s practices are described in their privacy documentation. By using the site, you acknowledge this analytics processing.

8. Your Rights (Including GDPR and CCPA)

Depending on your location, you may have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your account and associated data (subject to legal retention)
• Restrict or object to certain processing
• Data portability
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority (e.g. in the EU/EEA)
• In certain jurisdictions (e.g. California): know, delete, correct, limit the sale/sharing of personal information, and non‑discrimination. We do not sell your personal information as traditionally understood.

To exercise these rights, contact us at reservationwebbitz@gmail.com. We will respond within the timeframes required by applicable law.

9. Data Retention

We retain account and generation data (including image URLs and metadata) while your account is active and as needed for the service. After account deletion, we delete or anonymize data within a reasonable period, except where we must retain it for legal, tax, or legitimate business purposes (e.g. fraud prevention, dispute resolution). Deletion requests can be sent to reservationwebbitz@gmail.com.

10. Data Security

We use appropriate technical and organizational measures (e.g. encryption in transit, access controls, secure storage) to protect your data. No transmission or storage over the internet is completely secure; we cannot guarantee absolute security. You are responsible for keeping your credentials safe and for not uploading content you are not willing to have processed as described in this policy.

11. Children's Privacy

The service is not directed to individuals under the age of 16 (or higher if required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact reservationwebbitz@gmail.com and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or a prominent notice on the service where required by law. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact

For any questions about this Privacy Policy or our data practices: reservationwebbitz@gmail.com.