Privacy Policy

GiveMeImages (“we”, “our”, or “the Service”) respects your privacy. This Privacy Policy explains what we collect, why we collect it, and your rights — including those granted by the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

1. Information We Collect

1.1 Information you provide

• Account info — when you sign up: email, and OAuth identifier if you log in with Google or GitHub.
• Billing info — handled entirely by Stripe; we never see your full card number.
• Prompts & reference images — what you submit to generate images.

1.2 Information collected automatically

• Anonymous session ID — a random cookie value used to enforce the “1 free comparison” limit.
• IP address — stored only as a SHA-256 hash for rate-limiting and abuse prevention.
• Usage analytics — pages viewed, generation success/failure, model preference. We use Google Analytics 4 (only if you accept cookies).
• Server logs — request timestamp, user agent, error traces. Retained 30 days.

2. How We Use Your Data

• To provide the image generation service.
• To prevent abuse, bot traffic, and credential sharing.
• To process payments and manage subscriptions (via Stripe).
• To improve our models and product (aggregated, non-identifying signals only).
• To send transactional email (subscription confirmation, billing receipts).

We do not sell, rent, or trade your personal data.

3. Third-Party Services

To run the Service we share strictly necessary data with:

• grsai — your prompt is forwarded to generate images via Nano-Banana 2, Nano-Banana Pro, and GPT-Image-2.
• Stripe — payment processing (PCI-DSS Level 1 certified).
• Cloudflare — DDoS protection and Turnstile bot mitigation.
• Google Analytics 4 — anonymized usage measurement. Disabled by default until you accept cookies.
• Resend — transactional email delivery.
• Amazon Web Services — server hosting in us-west-1 (California).

4. Cookies

We use two categories of cookies:

• Strictly necessary — session ID for free-tier enforcement, login session, CSRF tokens. Cannot be disabled.
• Analytics (optional) — Google Analytics 4. Only loaded if you click “Accept” on our cookie banner.

5. Data Retention

• Generated images — retained for as long as your account is active, plus 30 days after deletion.
• Prompts — retained 90 days for abuse prevention and quality improvement, then deleted.
• Server logs — 30 days.
• Billing records — 7 years (US tax law).

6. Your Rights

You have the right to:

• Access — request a copy of all personal data we hold about you.
• Correct — update inaccurate information.
• Delete — close your account and have your data erased (subject to legal retention for billing records).
• Port — export your generation history in JSON.
• Object — opt out of analytics and marketing email.
• Withdraw consent — clear analytics cookies anytime.

To exercise any right, email [email protected]. We respond within 30 days.

California residents (CCPA)

You have the right to know what categories of personal information we collect and disclose, the right to delete, and the right to non-discrimination for exercising any CCPA right. We do not sell personal information.

EU/UK residents (GDPR)

Our legal bases for processing are (a) performance of contract, (b) legitimate interest in service security, and (c) your consent for optional analytics. You may lodge a complaint with your local Data Protection Authority.

7. Children

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has used the Service, email us and we will delete the account.

8. Data Security

All traffic is encrypted in transit (TLS 1.2+). Passwords are not stored — we use OAuth and magic links. The database is protected by network ACLs and is not exposed to the public internet.

9. International Transfers

Our servers are located in California, USA. If you access the Service from outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses for EU/UK transfers.

10. Changes to This Policy

We will email registered users about material changes 30 days before they take effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions about this policy: [email protected]
General support: [email protected]