1. Introduction
This Privacy Policy explains how AI Image Toolkit ("we", "us", or "the Service") collects, uses, stores, and protects personal data when you use our website and image-processing tools.
We process personal data in accordance with applicable data protection laws, including the Swiss Federal Act on Data Protection and, where applicable, the General Data Protection Regulation.
2. Data controller
The person responsible for processing personal data through the Service is:
3. Information we collect
Depending on how you use the Service, we may collect the following categories of information:
- Account information: email address, account identifier, authentication data, and account creation date.
- Uploaded content: images and files that you upload, process, convert, save, or export through the Service.
- Project information: project names, image references, selected transformations, and related settings.
- Transaction information: payment status, purchased credit package, transaction identifier, and billing metadata. Full card details are handled by the payment provider and are not stored by us.
- Technical information: IP address, browser type, device information, server logs, error information, and basic security data.
- Communications: information you provide when contacting us for support or feedback.
4. How we use your information
We may use personal data to:
- Create and manage user accounts.
- Authenticate users and maintain secure sessions.
- Upload, store, process, transform, and deliver images.
- Save and display user projects.
- Manage credits, purchases, and payment confirmations.
- Send account verification and service-related emails.
- Prevent fraud, abuse, and unauthorized access.
- Diagnose technical problems and improve the Service.
- Comply with applicable legal obligations.
5. Legal grounds for processing
Where the GDPR applies, we process personal data based on one or more of the following legal grounds:
- Performance of a contract when processing is necessary to provide the Service.
- Legitimate interests, such as securing, maintaining, and improving the Service.
- Compliance with legal obligations, including accounting or fraud-prevention requirements.
- Consent, where we specifically ask you to provide it.
6. Service providers
We use third-party providers to operate the Service. These providers may process limited personal data on our behalf:
- Vercel – website hosting and application infrastructure.
- Neon – database hosting.
- ImageKit – image storage, delivery, and image transformations.
- Polar – checkout, payment processing, and transaction management.
- Resend – delivery of account verification and service emails.
These providers process data according to their own privacy policies and contractual obligations. Some providers may process data outside Switzerland or the European Economic Area.
7. Image processing
Images uploaded to the Service may be transferred to and processed by our image infrastructure provider. Depending on the selected tool, processing may include resizing, format conversion, background removal, upscaling, cropping, AI-assisted editing, or PDF generation.
You should only upload files that you are legally permitted to use and process. Do not upload highly sensitive, confidential, or unlawful material.
8. Cookies and local storage
The Service may use essential cookies or similar browser storage technologies to keep users signed in, maintain sessions, remember required settings, and protect the Service against abuse.
We do not currently use advertising cookies. If non-essential analytics or marketing technologies are introduced, this Privacy Policy and any required consent mechanism will be updated.
9. Data retention
We retain personal data only for as long as reasonably necessary to provide the Service, maintain security, comply with legal obligations, resolve disputes, and enforce our agreements.
Account and project data may remain stored until the account or relevant project is deleted. Certain transaction and technical records may be retained for longer where required by law or necessary for security and fraud prevention.
10. Data security
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
However, no online service or method of electronic storage can be guaranteed to be completely secure.
11. Your rights
Depending on the law applicable to you, you may have the right to:
- Request access to your personal data.
- Request correction of inaccurate data.
- Request deletion of personal data.
- Object to or restrict certain processing.
- Request a portable copy of certain data.
- Withdraw consent where processing is based on consent.
- Submit a complaint to a competent data protection authority.
To exercise your rights, contact us using the email address provided in this Privacy Policy. We may need to verify your identity before completing a request.
12. Children
The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 without appropriate authorization.
13. Changes to this Privacy Policy
We may update this Privacy Policy when the Service, our providers, or applicable laws change. The updated version will be published on this page with a revised "Last updated" date.
14. Contact
Questions or requests concerning privacy may be sent to: