1. Data Controller

IA-IMAGE.ONLINE is operated by Brandonn – Sole Proprietor, 8 Ruelle Boulot, 97400 Saint-Denis, France. Contact email: contact@ia-image.online

2. Categories of Personal Data We Collect

• Account data, such as email address, internal account identifiers, and authentication-related data.
• Billing and transaction data, such as purchase history, invoices, subscription status, and payment-related metadata.
• Technical data, such as IP address, device/browser information, logs, time zone data, and security events.
• Content data, such as prompts, uploaded images, generated images, image metadata, project data, and generation history.
• Support and communication data, such as messages sent to customer support or legal contact channels.
• Preference and usage data, such as settings, content safety filter choices, feature usage, and traffic measurement data where applicable.

3. Purposes of Processing

We process personal data for the following purposes:

• creating and managing user accounts;
• providing AI image generation, editing, sharing, and related services;
• processing payments, subscriptions, invoicing, and billing management;
• fraud prevention, abuse prevention, moderation, and platform security;
• customer support, troubleshooting, and service reliability;
• compliance with legal, tax, accounting, and regulatory obligations;
• traffic measurement, analytics, and service improvement, subject to applicable legal requirements.

4. Legal Bases (GDPR)

Depending on the purpose of processing, the legal bases relied upon may include:

• Performance of a contract, where processing is necessary to provide the Service, manage the account, process purchases, or deliver requested features.
• Legal obligations, where processing is required for accounting, tax, fraud reporting, or other legal compliance purposes.
• Legitimate interests, including service security, abuse prevention, moderation, dispute handling, and improvement of service reliability.
• Consent, where required by law, including for certain analytics or non-essential cookies and similar technologies.

5. Payments

Payments are processed by third-party providers such as Stripe. We do not store full payment card data. Payment data is processed in accordance with the payment provider’s own privacy policy and contractual framework.

6. AI Inputs and Outputs

Prompts, uploads, generated images, editing requests, and related metadata may be processed by AI providers and technical service providers strictly to operate the Service, deliver requested outputs, moderate misuse, and ensure service reliability.

Users are responsible for ensuring that the content they submit is lawful and that they have the necessary rights and permissions to submit it.

7. Recipients or Categories of Recipients

Personal data may be disclosed, on a need-to-know basis, to:

• payment providers and billing-related service providers;
• AI inference providers and infrastructure providers;
• hosting, storage, email delivery, analytics, moderation, and security providers;
• professional advisers, authorities, courts, or competent bodies where legally required or reasonably necessary to protect rights and safety.

8. International Data Transfers

Some service providers may be located outside the European Economic Area, or may process data from outside the European Economic Area. Where applicable, such transfers are carried out using appropriate safeguards required by law, which may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

9. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, subject to legal, accounting, tax, evidentiary, security, and dispute-handling requirements.

• Account data: generally retained for as long as the account remains active and for a limited period thereafter where necessary for legal or security reasons.
• Billing and invoice data: retained for the period required by applicable accounting and tax law.
• Technical logs and security records: retained for a limited duration appropriate to security, anti-fraud, abuse prevention, and evidentiary needs.
• Prompts, uploads, generated images, and project data: retained until deletion by the user, account deletion, or internal removal in accordance with the Service rules, unless longer retention is necessary for legal compliance, dispute handling, abuse prevention, or evidence preservation.

10. Your Rights

Subject to the conditions and limits provided by applicable law, you may have the following rights:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to data portability;
• right to object, in certain cases, to processing based on legitimate interests;
• right to withdraw consent at any time where processing is based on consent.

To exercise your rights, you may contact: contact@ia-image.online

11. Right to Lodge a Complaint

If you believe that your personal data has been processed in breach of applicable data protection law, you may lodge a complaint with the competent supervisory authority. In France, this authority is the CNIL.

12. Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, unlawful disclosure, and misuse. However, no system or transmission method can be guaranteed to be completely secure.

13. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies for authentication, security, fraud prevention, service preferences, traffic measurement, and analytics. Where required by law, non-essential cookies or trackers are used only on the basis of valid consent.

14. Public Sharing Features

Where the Service allows users to create public share links, the content intentionally made public by the user may become accessible to third parties through the corresponding link. Users remain responsible for the content they choose to make publicly accessible.

15. Changes to this Policy

We may update this Privacy Policy at any time. The version published on this page is the version currently applicable.