Privacy Policy — MyPhotoAI

Effective date: September 24, 2025

MyPhotoAI ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our website (https://myphotoai.io) or mobile apps (iOS and Android), why we collect it, how we store and protect it, and your rights under applicable laws such as the EU General Data Protection Regulation (GDPR).

Information We Collect

  • Account information: When you create an account we collect your name and email address to set up and manage your account and to communicate with you.
  • Uploaded photos: Any photos or images you upload for processing (for example, to generate or enhance images using our AI features). These files are stored so we can provide the service you requested.
  • Payment data: Payments are processed by Stripe. We do not collect or store your full credit card numbers. Stripe receives the payment information required to complete transactions.
  • Optional technical data: Basic technical information such as IP address, device type, and usage metrics to help secure and improve the service, and any messages or support requests you send us.

How We Use Your Information

We use the information we collect to operate and improve MyPhotoAI and to communicate with you. Specifically:

  • To create and maintain your account, and to authenticate you.
  • To process and store photos you upload so our AI features can run.
  • To process payments through Stripe when you purchase a paid feature.
  • To respond to your support requests and to send you important account-related notices.

We do not sell or rent your personal information, and we do not share your photos with advertisers.

Storage & Security

Your data is stored on secure servers managed by Supabase. Supabase encrypts data in transit and at rest and provides access controls. We also apply internal controls to limit access to personal data to authorized personnel only. While we take industry-standard measures to protect data, no system is 100% secure—if a data incident occurs we will investigate and notify users and regulators as required by law.

We retain personal data only as long as necessary to provide the service or to comply with legal obligations. You can request deletion of your account and personal data—see the How to Contact Us section below.

Third-Party Services

MyPhotoAI uses trusted third-party providers to operate the service. The primary providers are:

  • Stripe — payment processing. Stripe handles payment details and stores payment card information securely according to industry standards. We never store your full card numbers. (See Stripe's privacy policy onstripe.com/privacy.)
  • Supabase — authentication, database, and file storage. Supabase processes data on our behalf and is used to store account information and uploaded photos. (See Supabase's privacy policy onsupabase.com/policies/privacy.)

We do not share your personal information with other third parties for marketing or advertising.

GDPR & Your Rights

If you are located in the European Union (EU) or European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). These rights include:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate personal data.
  • Right to erasure: Request deletion of your personal data when no longer needed.
  • Right to data portability: Request your personal data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: Request that we limit how we process your data in certain circumstances.
  • Right to object: Object to certain types of processing, such as direct marketing (we do not engage in this without consent).

To exercise any of these rights, contact us as described below. We will respond in accordance with applicable law.

How to Delete or Export Your Data

You may request deletion of your account and the personal data associated with it (including uploaded photos). You may also request an export of your personal data in a common machine-readable format (for example, JSON). To request deletion or export, please contact us at support@myphotoai.io. We will authenticate requests to protect account security before fulfilling them.

Legal Requests and Disclosures

We may disclose personal data if required to do so by law (for example, to comply with a subpoena or other legal process), to protect our rights, to prevent fraud, or to protect the safety of our users or the public. We will disclose only the minimum information necessary to satisfy the request.

Contact Us

For privacy-related questions or to exercise your rights, please contact our Privacy Officer:

Last updated: September 24, 2025. We may update this Privacy Policy occasionally to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes we will notify you via email or via the app/website.