Privacy Policy

1. Introduction

Imaginex AI ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI Creative Studio platform ("Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and password when you create an account
• Profile Information: Avatar image, display name, and other optional profile details
• Payment Information: Billing address and payment method details (processed securely by Razorpay — we do not store complete card numbers)
• Content Inputs: Text prompts, style selections, and configuration options you submit for image and ad copy generation
• Brand Kit Data: Brand colors, logos, font preferences, and tone of voice settings
• Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, generation history, click patterns, and session duration
• Device Information: Browser type, operating system, device type, screen resolution, and language preferences
• Network Information: IP address, approximate geographic location (city/country level), and internet service provider
• Cookies and Local Storage: Session identifiers, authentication tokens, and user preferences stored locally on your device
• Performance Data: Page load times, errors encountered, and feature interaction metrics

2.3 Information from Third Parties

• Payment Processor: Transaction confirmation, payment status, and billing details from Razorpay
• AI Service Provider: Generation metadata and error information from Google Gemini AI

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve the Service
• Process and fulfill image generation and ad copy requests
• Manage your account, subscription, and credits
• Process payments and send transaction confirmations
• Provide customer support and respond to inquiries

3.2 Service Improvement

• Analyze usage patterns to improve user experience and feature design
• Monitor and optimize Service performance and reliability
• Develop new features and services based on aggregated usage trends
• Conduct A/B testing to improve the Service

3.3 Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with applicable laws, regulations, and legal processes
• Implement rate limiting and access controls

3.4 Communication

• Send essential Service notifications (account changes, billing, security alerts)
• Provide product updates, tips, and feature announcements (with opt-out option)
• Respond to your support requests and feedback

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

4.1 Service Providers

• Google (Gemini AI): Text prompts are sent to Google's Gemini API for image and text generation. Google processes this data under its own privacy policy and data processing terms.
• Razorpay: Payment information is processed by Razorpay for subscription billing and credit top-ups.
• Cloud Infrastructure: We use cloud hosting providers to store and serve the Service. All data is encrypted in transit and at rest.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government investigation, or regulatory requirement).

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256 encryption.
• Authentication: JWT-based authentication with secure token handling. Passwords are hashed using bcrypt with salt.
• Access Control: Role-based access controls limit employee access to personal data on a need-to-know basis.
• Rate Limiting: API rate limiting protects against brute-force attacks and abuse.
• Monitoring: Continuous security monitoring and logging for unauthorized access attempts.
• Infrastructure: Regular security updates and vulnerability assessments of our systems.

While we implement these safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your information as follows:

• Account Data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
• Generated Content: Retained according to your plan tier (7 days to 1 year). Content is permanently deleted after the retention period.
• Prompt History: Retained for the duration of your account to enable prompt reuse and history features. Deleted upon account deletion.
• Payment Records: Retained for 7 years as required by tax and financial regulations.
• Usage Logs: Retained for 90 days for security and debugging purposes, then aggregated and anonymized.
• Prompt Cache: Cached prompts expire automatically after 7 days for performance optimization.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you and to receive it in a structured, commonly used, and machine-readable format.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information. You can delete your account through the settings page, which will initiate the deletion of your personal data within 30 days, subject to legal retention requirements.

7.4 Restriction and Objection

You have the right to restrict or object to certain processing of your personal information, including direct marketing communications.

7.5 Withdrawal of Consent

Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.6 Communication Preferences

You can opt out of non-essential communications at any time through your account settings or by using the unsubscribe link in our emails. Essential Service communications (security alerts, billing notifications) cannot be opted out of while your account is active.

8. Cookies and Tracking Technologies

8.1 What We Use

• Essential Cookies: Authentication tokens and session identifiers stored in sessionStorage and localStorage. Required for the Service to function.
• Preference Storage: User interface preferences, theme settings, and state management data stored locally via Zustand persistence.

8.2 What We Don't Use

• We do not use third-party advertising cookies or trackers
• We do not participate in cross-site tracking or retargeting networks
• We do not use browser fingerprinting techniques

8.3 Managing Cookies

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

9. AI and Generated Content

9.1 Prompt Processing

Text prompts you submit are processed by Google's Gemini AI to generate images and text content. We send prompts to Google's API in real-time and do not permanently store prompts on Google's systems beyond what is necessary for generation.

9.2 No Training on Your Data

We do not use your prompts, generated images, or personal content to train, fine-tune, or improve AI models. Your creative inputs and outputs remain your own.

9.3 Content Safety

Generated content passes through safety filters built into the AI models. We may review flagged content to enforce our Acceptable Use Policy and comply with legal obligations.

9.4 Prompt Caching

We may cache prompt-result mappings (using SHA-256 hashed prompts) for up to 7 days to improve performance and reduce costs. Cached data is automatically expired and cannot be used to reconstruct the original prompt text.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 18, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. Specifically:

• AI processing may occur on Google's global infrastructure
• Cloud hosting may involve data centers in multiple jurisdictions

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and data processing agreements with our service providers.

12. Indian Data Protection Compliance

For users in India, we comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and related regulations:

• We process personal data only for lawful purposes with your consent or legitimate business needs
• We provide clear notice about data collection and processing activities
• We implement reasonable security safeguards to protect personal data
• We honor data principal rights including access, correction, and deletion
• We maintain records of data processing activities as required
• We appoint a Data Protection Officer (contact: support@imaginexai.in)

13. GDPR Compliance (for EU/EEA Users)

For users in the European Economic Area, we comply with the General Data Protection Regulation (GDPR):

• Legal Basis: We process data based on consent, contract performance, legitimate interests, or legal obligations
• Data Protection Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing
• Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority
• Data Transfers: Transfers outside the EEA are protected by appropriate safeguards

14. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the personal information we collect, use, and share
• Right to Delete: You may request deletion of your personal information
• Right to Opt-Out: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or in-app notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@imaginexai.in
• Data Protection Officer: support@imaginexai.in
• Website: imaginexai.in/contact

We will respond to your inquiry within 30 days of receipt.