Product Shot Studio

Privacy Policy

Last Updated: 2025-12-11

Applies To: productshot.studio

Data Controller: Damian Prochaska

NIP: 5482766067

Email: productshotstudio@gmail.com

§ 1. Introduction

This Privacy Policy explains how Product Shot Studio ("we", "us", "our") processes personal data in accordance with the GDPR and other applicable privacy laws.

§ 2. Data We Collect

We collect the following categories of data:

Account Data

  • Email address
  • Password (hashed) if applicable
  • OAuth identifiers (Google)

Billing Data

  • Stripe tokens
  • Tax information (based on region)

User Content

  • Uploaded product images
  • Prompts and generation settings

Generated Content

  • AI-generated product photos

Technical & Analytics Data

  • IP address
  • Device and browser metadata
  • Usage events
  • Logs
  • Cookies (functional + optional analytics)

We do not process:

  • sensitive data,
  • biometric data,
  • images containing identifiable persons

Users are prohibited from uploading such content.

§ 3. Purposes of Processing

We process data to:

  • provide access to the Application;
  • process payments via Stripe;
  • generate AI product images using third-party models;
  • ensure security and fraud prevention;
  • improve and develop the Application;
  • comply with legal obligations.

§ 4. Legal Bases

Processing is based on:

  • performance of a contract (Art. 6(1)(b) GDPR),
  • legitimate interest (Art. 6(1)(f) GDPR) — analytics, security, fraud prevention,
  • legal obligation (Art. 6(1)(c) GDPR),
  • consent for optional analytics (Art. 6(1)(a) GDPR).

§ 5. AI Processing

Product images uploaded by Users may be sent to:

  • Google AI,
  • Black Forest Labs (FLUX).

Data is used solely to generate images; it is not used for model training.

The User must ensure that uploaded content contains no personal data of identifiable individuals.

§ 6. Third-Party Recipients

We share data with:

  • Stripe (payments),
  • Supabase (database & storage),
  • Vercel (hosting),
  • Google AI,
  • Black Forest Labs (FLUX AI),
  • Analytics providers.

§ 7. International Transfers

Your data may be transferred outside the EU under appropriate safeguards such as Standard Contractual Clauses (SCCs).

§ 8. Data Retention

We retain data as follows:

  • Account data — as long as the Account is active,
  • Billing data — as required by tax law,
  • User Content — until account deletion,
  • Logs — normally up to 12 months.

After deletion, data is permanently removed except where legal retention is required.

§ 9. User Rights

Under GDPR, Users may:

  • access their data,
  • request correction,
  • request deletion,
  • request export (data portability),
  • object to processing,
  • withdraw consent (where applicable).

Requests should be sent to: productshotstudio@gmail.com

§ 10. Security Measures

We apply:

  • encryption,
  • access control,
  • secure storage via Supabase,
  • monitoring for abuse.

While we strive to ensure high security, no system can guarantee absolute protection.

§ 11. Cookies

We use:

  • essential cookies (login, session),
  • analytics cookies (optional — based on consent).

§ 12. Minors

The Service is not intended for children under 16. We do not knowingly collect data from minors.

§ 13. Changes to this Policy

We may update this Policy; Users will be notified via email or in-app notification.