Privacy Policy

Last updated: May 7, 2025

1. Introduction

Imagn AI (“we,” “us,” “our”) provides a web-app AI image editor (the “Service”). This Privacy Policy describes the types of information we collect, how we use and share it, your choices, and our data protection practices. By accessing or using the Service, you acknowledge that you accept the practices described in this policy.

2. Scope

This policy applies to all users of the Service, including visitors to our website and registered account holders. It covers data collected via our website, API endpoints, and any related interactions.

3. Information We Collect

3.1 Account Data (via Clerk)

• Email address
• Hashed authentication credentials
• Metadata associated with login events (timestamps, IP addresses)

3.2 API Call Logs

• Endpoint paths and parameters
• Request and response timestamps
• HTTP status codes and error messages
• Rate-limit and usage metrics

3.3 User-Provided Content

• Images you upload for editing
• Text prompts, descriptions, or parameters you submit
• Any other files or data you choose to provide

3.4 Technical & Usage Data

• Browser type and version
• Operating system and device information
• Pages visited and actions taken within the Service
• Referring and exit URLs

4. Purpose of Processing

• Authentication & Account Management: Validate your identity and secure your account via Clerk.
• Service Operations: Execute image-editing tasks, generate outputs, and deliver results.
• Performance Monitoring: Track API usage patterns, diagnose errors, and optimize performance.
• Security & Fraud Prevention: Detect and mitigate unauthorized access, abuse, or attacks.
• Communications: Send you administrative messages, updates, and notifications about your account or the Service.

5. Legal Basis

Although we are not incorporated, we rely on the following lawful bases for processing (as applicable to your jurisdiction):

• Contractual Necessity: Processing required to provide the Service you request.
• Legitimate Interests: Ensuring security, preventing fraud, and improving our platform.
• Consent: Where we request and you provide explicit consent (e.g. optional surveys).

6. Data Sharing and Disclosure

We do not sell or rent your personal data. We share information only in the following circumstances:

• Service Providers:
  • Clerk for authentication and user management.
  • Cloudflare for CDN delivery, DDoS protection, and DNS services.
  • Railway for application hosting, storage, and infrastructure management.
• Legal Requirements: When required by law, regulation, or to respond to lawful requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction, subject to this policy.

7. Cookies and Similar Technologies

7.1 Session Cookies

Essential for maintaining your authenticated session.

7.2 Security Cookies

Protect against CSRF, XSS, and other attacks.

7.3 Managing Cookies

You may disable or delete cookies via your browser settings; however, disabling essential cookies will impair core functionality.

8. Data Retention

• Account Data: Retained until you delete your account or request erasure.
• API Logs: Retained for a rolling period of 90 days for operational diagnostics, unless a longer retention period is required to investigate abuse.
• User Content: Stored until you delete it or upon account termination, after which we may retain backups for an additional 30 days.

9. Data Security Measures

• Encryption of data in transit (TLS 1.2+).
• Hashed storage of authentication credentials.
• Regular vulnerability scanning and penetration testing.
• Access controls and audit logs for internal systems.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”).
• Restrict or object to certain processing activities.
• Portability: Receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at [email protected]. We will respond within applicable legal timeframes.

11. Children's Privacy

Our Service is not intended for children. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, please contact us for removal.

12. International Data Transfers

Your data may be stored and processed in any country where our service providers operate. By using the Service, you consent to transfers to jurisdictions that may have different data protection laws than your country.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Significant changes will be communicated via email or prominent notice on our website. Continued use of the Service after changes constitutes acceptance.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, please contact:
Benjamin Desprets
Email: [email protected]