Privacy Policy

Last Updated: April 8, 2026

1. Information We Collect

When you use Photta, we collect the following types of information:

  • Account Information: Email address, full name, password (encrypted and hashed), profile image, and language preference.
  • Payment Information: Processed securely through our payment provider. We do not store your credit card details on our servers.
  • Content: Images, photos, and files you upload for AI processing, as well as AI-generated content created through our services.
  • Usage Data: Credits consumed, generations created, features used, subscription history, templates saved, and interaction patterns.
  • Technical Data: Browser type and version, IP address, device information, operating system, screen resolution, and referring URLs.
  • Location Data: Approximate geolocation derived from your IP address, used for currency detection and service optimization.

2. How We Use Your Information

  • Providing, maintaining, and improving our AI-powered fashion photography services
  • Processing payments, managing subscriptions, and allocating credits
  • Storing, delivering, and enabling downloads of your generated content
  • Communicating with you about your account, service updates, and promotional offers (with your consent)
  • Preventing fraud, detecting misuse, and ensuring platform security
  • Enforcing our Acceptable Use Policy and moderating content
  • Analyzing platform usage to improve performance, features, and user experience

3. Lawful Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent: For marketing communications, analytics cookies, and optional data processing. You can withdraw consent at any time.
  • Contractual Necessity: To provide our services, process payments, manage subscriptions, and deliver AI-generated content as agreed in our Terms of Service.
  • Legitimate Interests: For fraud prevention, platform security, service improvement, and enforcing our policies against misuse.
  • Legal Obligation: To comply with applicable laws, regulations, and legal processes, including tax and accounting requirements.

4. Third-Party Services

To provide our services, we share your data with the following categories of third-party providers:

  • Payment Processor: Handles subscription and credit pack payments securely. We use industry-standard payment processors that are PCI DSS compliant.
  • Cloud Storage (AWS): Amazon Web Services stores your uploaded images and generated content securely with encryption at rest and in transit.
  • AI Processing Services: Third-party AI providers process your images to generate fashion photos, videos, upscaling, background removal, and other AI enhancements.
  • Authentication Provider: Google OAuth for optional social sign-in functionality.
  • Analytics Services: Google Analytics (GA4), Vercel Analytics, and Vercel Speed Insights for understanding platform usage and performance. Meta Pixel for advertising measurement.
  • Error Monitoring: Sentry for tracking and resolving application errors to improve service reliability.

Important: When you use our AI features, your images are transmitted to third-party AI processing services to generate results. By using our services, you consent to this processing.

Your uploaded images and generated content are NOT used to train AI models. Third-party AI providers process your data solely to deliver the requested service and do not retain your content for training purposes.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can manage your preferences through our cookie consent banner.

5.1 Essential Cookies (Always Active)

  • Authentication session cookies to keep you logged in
  • Language and locale preference cookies
  • Security cookies for fraud prevention (CSRF tokens)

5.2 Analytics Cookies (Requires Consent)

  • Google Analytics (GA4): Measures site usage, page views, and user journeys. Data retained for 14 months.
  • Vercel Analytics: Collects anonymized performance and usage metrics.
  • Vercel Speed Insights: Monitors Core Web Vitals and page load performance.

5.3 Marketing Cookies (Requires Consent)

  • Meta Pixel: Measures advertising effectiveness and enables retargeting on Meta platforms (Facebook, Instagram).

You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site, where the cookie consent banner will reappear.

6. Data Retention

  • Account Data: Retained while your account is active and for 2 years after account closure or deletion.
  • Generated Content: Stored while your account is active. You can delete individual creations at any time. All content is deleted within 30 days of account closure.
  • Payment Records: Retained for 7 years to comply with accounting and tax regulations.
  • Server Logs & Analytics: Technical logs are retained for up to 90 days. Analytics data is retained for 14 months.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten"). Note: some data may be retained for legal obligations.
  • Right to Data Portability: Request your data in a structured, machine-readable format (JSON or CSV).
  • Right to Object: Object to processing of your personal data for direct marketing or based on legitimate interests.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt-out of the sale or sharing of personal information
  • Right to non-discrimination for exercising your privacy rights

Photta does not sell your personal information. We do not share personal information for cross-context behavioral advertising purposes.

9. Acceptable Use & Content Moderation

Photta is designed for professional fashion and product photography. We monitor and enforce content guidelines to maintain a safe and appropriate platform for all users.

9.1 Prohibited Content

  • Pornographic, sexually explicit, or obscene content
  • Content depicting or promoting violence, gore, or self-harm
  • Child sexual abuse material (CSAM) or any content involving minors in inappropriate contexts
  • Hate speech, discriminatory content, or content promoting terrorism
  • Content that infringes on intellectual property rights, trademarks, or copyrights of others
  • Fraudulent, deceptive, or misleading content designed to deceive consumers
  • Any content that violates applicable local, national, or international laws

9.2 Enforcement Actions

Photta reserves the right to take the following actions, with or without prior notice, if violations are detected:

  • Issuing a warning notification to the account holder
  • Reducing or revoking the user's remaining credits
  • Temporarily suspending account access
  • Permanently deleting the account and all associated data
  • Reporting illegal content to relevant law enforcement authorities

In cases of severe violations (such as CSAM, terrorism, or illegal activity), Photta may immediately and permanently terminate the account without prior warning and report the incident to appropriate authorities.

10. Automated Decision-Making

Photta may use automated systems to detect content policy violations and prevent platform misuse. These systems analyze uploaded content and generated results for compliance with our Acceptable Use Policy.

If your account is affected by an automated decision, you have the right to request a human review by contacting [email protected]. We will review your case within 5 business days.

11. Data Security

We implement industry-standard security measures to protect your personal data:

  • HTTPS/TLS encryption for all data transmitted between your device and our servers
  • Encrypted and hashed password storage using modern cryptographic algorithms
  • Secure cloud infrastructure hosted on AWS with encryption at rest
  • JWT-based authentication with automatic token rotation and multi-tab session management
  • Regular security audits and vulnerability assessments

12. International Data Transfers

Your data is stored on servers located in the United States (AWS). If you access Photta from outside the United States, your information will be transferred to and processed in the United States.

For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers.

13. Progressive Web App & Offline Data

Photta offers Progressive Web App (PWA) functionality for an enhanced mobile experience. When installed:

  • A service worker caches static assets (images, scripts, styles) on your device for faster loading and offline access.
  • Your authentication session and user preferences are stored locally on your device.
  • No personal content or generated images are cached offline. All generated content remains on our secure cloud servers.

14. Children's Privacy

Photta is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at [email protected].

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may also notify you via email or in-app notification. Your continued use of Photta after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

Privacy Questions: [email protected]

General Support: [email protected]

Website: photta.app

Photta - AI Fashion Photography & Virtual Mannequins