Privacy Policy

Last Updated: October 1, 2025

Photo Collection ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when using our services:

Account Information: Username, email address, password (encrypted)
Profile Information: Optional profile details you choose to share
Content: Photos, images, AI-generated content, and related metadata
Payment Information: Processed securely through Stripe (we do not store card details)
Communications: Messages, feedback, and support requests

1.2 Automatically Collected Information

When you use our service, we automatically collect:

Usage Data: Pages visited, features used, time spent, interactions
Location Data: IP address, general geographic location (country/region)
Cookies and Similar Technologies: See Section 8 for details
Log Data: Access times, error logs, referral URLs

1.3 Information from Third Parties

OAuth Providers: When you sign in with Google, we receive basic profile information (name, email, profile picture)
Payment Processors: Transaction confirmations from Stripe

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Provision

Create and manage your account
Provide access to photos, albums, and AI generation features
Process your membership and credit purchases
Store and display your content
Enable social features (favorites, sharing)

2.2 AI and Machine Learning

Important: We use AI to improve our services and detect prohibited content.

Content Moderation: Automated detection of prohibited content (NSFW, illegal material)
AI Model Training: Improving AI generation quality (only with anonymized, aggregated data)
Service Enhancement: Optimizing features and recommendations

Your Rights: You can opt out of AI training by contacting us. Content moderation for safety cannot be opted out.

2.3 Communications

Send service notifications (account updates, AI generation completion)
Respond to your inquiries and support requests
Send marketing communications (with your consent; you can opt out)

2.4 Safety and Security

Detect and prevent fraud, abuse, and illegal activity
Enforce our Terms of Service
Protect our rights and property
Comply with legal obligations

2.5 Analytics and Improvement

Analyze usage patterns and trends
Improve our services and develop new features
Conduct research and development

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

Consent: When you agree to specific data uses (e.g., marketing emails, AI training)
Contract: To provide services you've requested (account, membership)
Legal Obligation: To comply with laws (e.g., age verification, reporting illegal content)
Legitimate Interests: For security, fraud prevention, and service improvement (balanced against your rights)

4. How We Share Your Information

We do NOT sell your personal information. We share data only in these limited circumstances:

4.1 Service Providers

We share data with trusted third parties who help us operate:

Payment Processing: Stripe (for transactions)
Content Delivery: BunnyCDN (for image/video hosting)
Authentication: Google (for OAuth login)

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Public Content

Content you mark as public or share may be visible to other users
AI-generated content marked as "recommended" (by admins) may be shown to other users

4.3 Legal Requirements

We may disclose information when required by law or to:

Comply with legal processes (subpoenas, court orders)
Enforce our Terms of Service
Protect rights, property, or safety
Respond to emergency situations
Report child sexual abuse material (CSAM) to authorities

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale, your information may be transferred. You will be notified of any such change.

5. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

Account Data: Until you delete your account, then 30 days for backups
Content: Until you delete it or your account is closed
Transaction Records: 7 years (for tax/legal compliance)
Logs and Analytics: 90 days to 2 years (aggregated data may be retained indefinitely)
Legal Holds: Longer if required by law or ongoing investigations

6. Your Privacy Rights

6.1 GDPR Rights (EEA Users)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure ("Right to be Forgotten"): Delete your data (subject to legal obligations)
Restriction: Limit how we use your data
Data Portability: Receive your data in a machine-readable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Revoke consent at any time (doesn't affect prior processing)
Lodge a Complaint: File a complaint with your local data protection authority

6.2 CCPA Rights (California Users)

California residents have the right to:

Know: What personal information we collect, use, and share
Delete: Request deletion of your personal information
Opt-Out: Opt out of "sales" (we don't sell data, but you can opt out of certain sharing)
Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

Email: muckleoken@gmail.com
Account Settings: Manage preferences in your account dashboard
Data Export: Request via email (we'll respond within 30 days)

We will verify your identity before processing requests.

7. Data Security

We implement robust security measures to protect your information:

Encryption: Data in transit (TLS/SSL) and at rest
Access Controls: Limited employee access on a need-to-know basis
Authentication: Secure password hashing (bcrypt), OAuth support
Infrastructure: Secure servers, regular security audits
Monitoring: Intrusion detection and logging
Incident Response: Plan for data breach notification (within 72 hours for GDPR)

However, no system is 100% secure. Please use a strong password and enable two-factor authentication when available.

8. Cookies and Tracking Technologies

8.1 What We Use

Essential Cookies: Required for login, session management, security (cannot be disabled)
Functional Cookies: Remember your preferences (language, theme)

8.2 Cookie Management

You can control cookies through:

Browser settings (most browsers allow cookie blocking)
Our cookie consent banner (for EU users)
Third-party opt-out tools

9. International Data Transfers

We operate globally. Your data may be transferred to and processed in countries outside your residence, including the United States.

For EEA Users:

We use Standard Contractual Clauses (SCCs) approved by the EU Commission
We ensure adequate safeguards are in place
You have the right to obtain information about these transfers

10. Children's Privacy

Age Requirement: Our service is not intended for users under 18 (or 16 in the EEA).

We do not knowingly collect data from children
If we discover we have collected data from a child, we will delete it immediately
Parents/guardians: contact us if you believe your child has provided information

11. Third-Party Links and Services

Our service may contain links to third-party websites, plugins, or services. We are not responsible for their privacy practices. Please review their privacy policies.

12. AI-Specific Privacy Considerations

12.1 AI Generation Data

Your prompts and generated content are stored to provide the service
We may use aggregated, anonymized data to improve AI models
We do NOT share your individual prompts or content with third parties for their purposes

12.2 Content Moderation AI

We use automated tools to scan uploads for prohibited content
This scanning is necessary for safety and legal compliance
Detected violations may be reviewed by human moderators

12.3 Portrait Rights and AI

Best Practice: To protect privacy, we encourage using AI to generate synthetic, non-identifiable characters rather than real people's likenesses.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy with a new "Last Updated" date
Sending an email notification (for significant changes)
Displaying a notice on our website

Continued use after changes indicates acceptance of the updated policy.

14. Contact Us

For privacy-related questions, requests, or complaints:

Privacy Email: muckleoken@gmail.com

15. Supervisory Authorities

If you are in the EEA and have concerns about our data practices, you have the right to lodge a complaint with:

Your local data protection authority
The lead supervisory authority in Ireland (if we have an EU establishment there)

Privacy Summary

✅ We protect your data with industry-standard security
✅ We don't sell your personal information
✅ You have control over your data (access, delete, export)
✅ We comply with GDPR, CCPA, and other privacy laws
✅ We use AI responsibly for safety and service improvement
📧 Questions? Contact: muckleoken@gmail.com

Return to Home Terms of Service