Privacy Policy
Effective date: August 14, 2025
Last updated: August 14, 2025
Who we are. Imagepilot is operated by Daniel Berger (private person), Austria.
Contact: daniel@imagepilot.ai
Website: @danielxberger
This Privacy Policy explains how we collect, use, and share information when you use the Imagepilot web application (the "Service"). It applies to imagepilot.ai and related pages, including imagepilot.ai/privacy.
1) Controller
For the purposes of the EU General Data Protection Regulation ("GDPR"), the controller of your personal data is Daniel Berger, at the address above.
2) What we collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name and email address from Google Sign-In; Google account profile photo (if you allow it); account ID; sign-in timestamps. | Directly from you via Google Sign-In (OAuth). |
| Content & Generation Data | Prompts, images you upload (including references for generation), parameters, and resulting outputs; content flags (moderation decisions). | Provided by you when using the Service. |
| Transaction Data | Credit purchases, amounts, timestamps, invoice identifiers, limited billing details you provide at checkout. Payment card details are processed by Stripe and are not stored by Imagepilot. | You, and our payment processor (Stripe). |
| Usage & Technical Data | Device/browser information, language, IP address, time zone, pages/actions, crash logs, and diagnostic events; anti-abuse and rate-limit signals. | Automatically collected through your use of the Service. |
| Support Communications | Messages you send to support, including attachments and metadata. | You. |
3) Why we process data & legal bases
- Provide and operate the Service (e.g., sign-in, generating/editing images, account management, credit usage) — Contract (Art. 6(1)(b) GDPR).
- Payments and invoicing — Contract and Legal obligation (tax/accounting) (Art. 6(1)(b),(c)).
- Security, fraud prevention, and abuse/misuse detection (including rate limiting and content moderation) — Legitimate interests (Art. 6(1)(f)).
- Diagnostics and service improvement (e.g., performance, reliability, UX fixes) — Legitimate interests (Art. 6(1)(f)).
- Legal compliance and responding to lawful requests — Legal obligation (Art. 6(1)(c)).
- Consent-based processing (if we ever introduce optional features like marketing emails or non-essential cookies) — Consent (Art. 6(1)(a)).
4) AI generation & your content
- No Imagepilot training. Imagepilot does not use your prompts, uploads, or outputs to train or fine-tune our own models.
- Providers. To generate outputs, we send necessary content to model/infra providers including FAL, Google, and OpenAI (collectively, "Providers"). Providers process your content to deliver inference and safety features subject to their terms and applicable law. Where controls exist, we configure Providers not to train on your content.
- Safety & moderation. Automated and human moderation may review content strictly to detect violations (e.g., illegal content or policy abuse).
5) Payments
We use Stripe to process payments. Stripe acts as an independent controller for payment data. Your payment information is handled by Stripe according to its terms and privacy notices. We receive limited information (e.g., transaction identifiers, status, and amounts) to manage credits and receipts.
6) Cookies & similar technologies
We use only what's necessary for the Service to work:
- Essential cookies for authentication (Google Sign-In), session continuity, CSRF protection, and basic security.
- Payment cookies used by Stripe at checkout.
We do not use analytics or advertising cookies unless we later ask for (and you give) consent. You can manage cookies through your browser settings; disabling essential cookies may break the Service.
7) Sharing your information
We share personal data only as needed to operate the Service, or as required by law:
- Service providers/sub-processors (hosting/infrastructure, authentication, payments, AI model inference, email/support). Key providers include FAL, Google (Sign-In and infrastructure as applicable), OpenAI, and Stripe.
- Compliance and safety (e.g., responding to lawful requests, enforcing terms, preventing fraud/abuse).
- Business transfers (e.g., reorganization or transfer of the Service). We will continue to protect your data and notify you where required.
We do not sell your personal data.
8) International transfers
We are based in Austria but may process data outside your country. Where personal data is transferred from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, plus technical and organizational measures.
9) Retention
- Prompts, uploads, outputs, and related logs: retained up to 24 months for service operation, troubleshooting, abuse prevention, and legal compliance, then deleted or anonymized unless you ask us to delete sooner (subject to legal requirements).
- Account & transaction records: retained as needed for contracts, fraud prevention, and to meet tax/accounting and consumer law requirements.
- Support communications: retained as needed to resolve your request and for audit/compliance.
10) Security
We implement technical and organizational measures appropriate to the risk (e.g., encryption in transit, access controls, separation of environments, backups). No system is perfectly secure; you are responsible for keeping your account secure and notifying us of any suspected compromise.
11) Your rights (EU/EEA & where applicable)
You have the right to request access, rectification, erasure, restriction, and portability of your personal data, and to object to processing based on our legitimate interests. Where processing relies on consent, you can withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. In Austria, that is the Austrian Data Protection Authority (Datenschutzbehörde).
To exercise your rights or delete your account/data, email daniel@imagepilot.ai. Account deletion requests are typically processed within 30 days. Backups/logs may persist for a limited period for security/compliance.
12) Children
The Service is not intended for children under 13. If you are in the EEA/UK, you must be at least the digital age of consent in your country (13–16) or have verifiable parental/guardian consent where required. If we learn we have collected personal data from a child contrary to this section, we will delete it.
13) Automated decision-making
We use automated systems (e.g., safety filters) to detect policy violations and abuse. These systems do not produce legal or similarly significant effects about you without human review.
14) Changes to this policy
We may update this policy as our Service evolves. We will notify you in-app for material changes and indicate the "Last updated" date above. If required by law, we will seek your consent to changes.
15) Contact
Questions or requests? Email daniel@imagepilot.ai or write to: Daniel Berger, Truckenstetten 14, 3325 Ferschnitz, Austria.
Controller: Daniel Berger • Truckenstetten 14, 3325 Ferschnitz, Austria • daniel@imagepilot.ai • @danielxberger