PRIVACY POLICY

How we handle
your data.

This policy explains what we collect, why, who we share it with, and the choices you have. We aim to collect only what the Service needs to run well.

Last updatedJune 17, 2026
Versionv3.0
Applies toAll Affogato accounts

This Privacy Policy describes how Affogato collects, uses, shares, and protects personal data when you use our Service. “Personal data” means information that identifies, or can be linked to, an individual. By using the Service you agree to the practices described here.

01Overview

Affogato provides a generative studio for images and video. To deliver it, we process account details, the content you create, payment information, and technical signals about how the Service is used. This policy describes those practices and your rights over your data.

02Information we collect

You provide

  • Account data — name, email, and authentication identifiers when you sign up.
  • Billing data — handled by our payment processor; we receive limited details such as plan, transaction status, and the last four digits of your card.
  • Content — prompts, reference uploads, and the renders you generate.
  • Support messages — anything you send when you contact us.

Collected automatically

  • Usage data — features used, render counts, and Credit activity.
  • Device & log data — browser, device, IP address, and timestamps.
  • Cookies & similar technologies — to keep you signed in, remember preferences, and measure usage.

03How we use information & legal bases

We use the data we collect to operate, secure, and improve the Service. Where data-protection law (such as the GDPR) applies, we rely on the legal bases noted below:

  • To provide the Service — rendering, storage, and account features (performance of a contract).
  • To process payments — manage your plan, Credits, and invoices (performance of a contract).
  • To keep the platform safe — detect abuse, prevent fraud, enforce our terms (legitimate interests).
  • To improve quality & reliability — understand usage and fix issues (legitimate interests).
  • To communicate — service notices, and marketing where you have opted in (consent, where required).

04Sharing & sub-processors

We do not sell your personal data. We share it only with service providers (“sub-processors”) who help us run the platform, under contracts that limit their use to our instructions, or when required by law or to protect rights and safety. Our key sub-processors include:

  • Google Cloud Platform — hosting, databases, and storage.
  • Firebase — authentication.
  • Stripe — payment processing.
  • AI model providers (including Fal.ai and Anthropic) — to run generation and related features.
  • PostHog & Amplitude — product analytics.
  • Sentry — error monitoring.
  • HubSpot — support and customer communications.

05Your content & model training

We do not use the private content you generate to train foundational models without your explicit opt-in. Content you choose to publish to a public gallery may be used to showcase the Service. Limited processing of content for safety, abuse-prevention, and to operate the Service is described above. You can manage these choices in your dashboard.

06Cookies & tracking

We use strictly-necessary cookies to keep you signed in and secure, and analytics cookies to understand usage. You can control cookies through your browser settings; disabling some may affect functionality. Where required, we ask for consent before setting non-essential cookies.

07International transfers

We and our sub-processors may process personal data in countries other than yours, including the United States. Where we transfer data internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms required by applicable law.

08Data retention

We keep personal data for as long as your account is active or as needed to provide the Service. When you delete content or close your account, we remove or anonymise associated data within a reasonable period, except where retention is required for legal, security, or legitimate-business reasons.

09Your rights & choices

Depending on where you live (for example under the GDPR or US state laws such as the CCPA/CPRA), you may have rights to access, correct, export, delete, or restrict processing of your personal data, to object to certain processing, and to withdraw consent. We do not sell or “share” personal data for cross-context behavioural advertising. You can exercise most rights from your dashboard or by contacting us; we will not discriminate against you for exercising them.

  • Access & portability — request a copy of your data.
  • Correction — update inaccurate account information.
  • Deletion — remove content or close your account.
  • Objection / restriction — limit certain processing, or appeal a decision.

10Children’s privacy

The Service is intended for adults and is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11Security

We use encryption in transit and at rest, access controls, and regular reviews to protect your data. No system is perfectly secure, but we work to reduce risk and will notify affected users and regulators of a breach where required by law.

12Changes to this policy

We may update this policy as the Service evolves or the law changes. When changes are material, we will update the effective date above and, where appropriate, notify you. Continued use after an update means you accept the revised policy.

13Contact us

If you have questions about this policy or want to exercise your rights, contact our privacy team and we will respond within the timelines required by applicable law.

DATA REQUESTS

Contact us at privacy@affogato.ai or write to Affogato, Inc., [registered address].