Privacy Policy

2.1 Account Information: When you create an account, we collect your name, email address, and profile image as provided by your authentication provider (Microsoft).

2.2 User Content: Images you upload, text prompts you provide, and AI-generated outputs created through the Service.

2.3 Usage Data: Information about how you use the Service, including features accessed, generation history, credit usage, and interaction patterns.

2.4 Technical Data: IP address, browser type, device information, and cookies necessary for the Service to function.

2.5 Payment Data: If you purchase credits, payment information is processed by our third-party payment processor. We do not store full payment card details.

We process your personal data based on the following legal bases:

• Contract: Processing necessary to provide the Service you have requested (account management, AI generation, storage)
• Legitimate Interest: Service improvement, security, fraud prevention, and analytics (where these interests do not override your rights)
• Legal Obligation: Compliance with UK law, regulatory requirements, and lawful requests from authorities
• Consent: Where required, such as for marketing communications (you may withdraw consent at any time)

We use your personal data to:

• Provide, operate, and maintain the Service
• Process your AI generation requests and store outputs
• Manage your account and authenticate your identity
• Process payments and manage your credit balance
• Communicate with you about the Service, updates, and support
• Improve and develop new features
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

5.1 How AI Processing Works: When you use our AI generation features, your prompts and uploaded images are sent to third-party AI service providers for processing. These providers generate outputs based on your inputs and return the results to us.

5.2 Data Shared with AI Providers: We share only the minimum data necessary: your prompts, uploaded images (if applicable), and technical parameters. We do not share your name, email, or other account information with AI providers.

5.3 AI Training: We do not use your User Content or personal data to train AI models without your explicit consent. Our AI providers are contractually prohibited from using your data to train their models.

5.4 Automated Decision-Making: The AI generation process involves automated processing of your inputs to create outputs. This does not constitute automated decision-making that produces legal or similarly significant effects on you.

6.1 Categories of Recipients: We share your data with the following categories of third-party service providers who act as data processors under our instruction:

• Cloud Infrastructure Providers: For hosting, storage, database, and content delivery services
• Authentication Providers: Microsoft, for secure sign-in (subject to Microsoft's Privacy Statement)
• AI Service Providers: For image generation and processing capabilities
• Payment Processors: For secure payment processing
• Analytics Providers: For understanding Service usage and performance

6.2 Contractual Safeguards: All third-party processors are bound by data processing agreements that require them to protect your data and process it only according to our instructions.

6.3 Legal Disclosure: We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.4 No Sale of Data: We do not sell your personal data to third parties.

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States and European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Transfers to countries with UK adequacy decisions (such as the EEA)
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner
• Data processing agreements with appropriate security and privacy commitments

We retain your data for the following periods:

• Account Data: For as long as your account is active. Upon deletion, your account data is permanently removed immediately.
• User Content (Images): Until you delete them or your account is terminated. All images are permanently deleted from our servers upon account deletion.
• Usage Data: Aggregated usage data may be retained for longer periods for analytics and service improvement purposes.
• Payment Data: We retain payment-related records as required by law and accounting standards.

Under the UK GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw at any time
• Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO)

We use cookies and similar technologies to provide and improve the Service. Essential cookies are required for authentication and core functionality. Analytics cookies help us understand usage patterns. You can manage cookie preferences through your browser settings.

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and security monitoring. However, no system is completely secure, and we cannot guarantee absolute security.

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last Updated" date at the bottom indicates when changes were made.

For questions about this Privacy Policy, to exercise your rights, or for any privacy-related concerns, please contact us:

Email: privacy@konsept.studio

Company: Konsept Design Limited

ICO Registration: ZB741734