Privacy Policy

We collect information you provide directly to us, including: **Account Information** - Email address (required for account creation) - Display name (optional) - Profile picture (optional) **Facial Image Data** - Selfie photos you upload for Travel, Duo Travel, GlowUp, TimeTravel, and Portrait HD features - These images are used solely for AI content generation and are automatically deleted within 24 hours **Usage Information** - Text prompts you submit for image and video generation - Generated images, videos, and their metadata - Style preferences and settings - Favorites and collections you create **Technical Information** - IP address and device information - Browser type and version - Operating system - Referring URLs and pages visited - Time and date of visits

We use the information we collect to: - Provide, maintain, and improve our Service - Process your AI generations (images, videos, travel photos) - Process your transactions and send related information - Send technical notices, updates, and security alerts - Respond to your comments, questions, and support requests - Monitor and analyze usage patterns and trends - Detect, investigate, and prevent fraudulent or unauthorized activity - Personalize and improve your experience **Facial Image Processing** When you upload a selfie, your facial image is transmitted to third-party AI providers (Replicate and, for Duo Travel, Google Gemini via Replicate) via temporary, time-limited URLs. These providers process your image to generate the requested output. Your original selfie is automatically deleted from our servers within 24 hours. We do NOT: - Sell your personal information to third parties - Use your prompts, generated images, or selfies to train AI models without consent - Share your data with advertisers - Use facial images for recognition, identification, or surveillance purposes

Your data is stored securely using industry-standard practices: **Storage** - Account data is stored in encrypted databases (Supabase, EU region) - Generated images and videos are stored in secure cloud storage (Cloudflare R2) - Selfie images are stored in a private Cloudflare R2 bucket and automatically deleted within 24 hours - Payment information is processed by Stripe (we never store card details) **Retention** - Selfie images: Automatically deleted within 24 hours of upload (both file and database record) - Generated images and videos: Retained while your account is active - Account data: Retained until you delete your account **Security Measures** - All data transmission is encrypted using TLS/SSL - Passwords are hashed using industry-standard algorithms - Selfie access uses temporary presigned URLs (time-limited, not publicly accessible) - Regular security audits and vulnerability assessments - Access controls and authentication for internal systems

We may share your information in the following circumstances: **Service Providers** We share data with third-party services that help us operate: - Supabase (authentication and database) - Cloudflare (image and video storage, CDN) - Stripe (payment processing) - Replicate (AI image, video, and face generation — receives your prompts and, for travel features, temporary access to your selfie images) - Google Gemini (receives temporary access to selfie images) - Resend (transactional email delivery) - Vercel (frontend hosting) - Railway (backend hosting) - Google Analytics (usage analytics, consent-gated, IP anonymized) **Legal Requirements** We may disclose information if required by law or in response to valid legal requests. **Business Transfers** In the event of a merger, acquisition, or sale of assets, your information may be transferred. **With Your Consent** We may share information with your explicit consent or at your direction.

You have the following rights regarding your personal data: **Access and Portability** - Request a copy of your personal data - Export your generated images and account data **Correction** - Update or correct inaccurate personal information **Deletion** - Delete your account and associated data - Request immediate deletion of selfie images (before the 24-hour auto-deletion) - Request removal of specific generated images **Opt-Out** - Unsubscribe from marketing emails - Disable non-essential cookies To exercise these rights, contact us at support@lensgo.ai or use the settings in your account dashboard.

We use cookies and similar technologies for: **Essential Cookies** - Authentication and session management - Security and fraud prevention - User preferences **Analytics Cookies** (loaded only after your consent) - Google Analytics for usage statistics (IP anonymized) - Performance monitoring You can control cookies through your browser settings or our cookie consent banner. Disabling essential cookies may affect Service functionality.

Your information may be transferred to and processed in countries other than your own. Our primary database is hosted in the EU (eu-central-1). We ensure appropriate safeguards are in place: - Standard contractual clauses for EU data transfers - Compliance with applicable data protection laws - Data processing agreements with all service providers By using the Service, you consent to these transfers.

Lensgo.ai is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us at support@lensgo.ai and we will promptly delete it.

If you are located in the European Economic Area (EEA), you have additional rights under GDPR: - Right to access your personal data - Right to rectification of inaccurate data - Right to erasure ("right to be forgotten") - Right to restrict processing - Right to data portability - Right to object to processing - Right to withdraw consent **Selfie Data and GDPR** We have implemented automatic deletion of selfie images within 24 hours as a privacy-by-design measure. Both the file in cloud storage and the database record are permanently removed. You may also request immediate deletion at any time. To exercise these rights, contact us at support@lensgo.ai. For EU users, you also have the right to lodge a complaint with your local data protection authority.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the new Privacy Policy on this page - Updating the "Last updated" date - Sending an email notification for significant changes We encourage you to review this Privacy Policy periodically.

If you have questions about this Privacy Policy or our data practices: **General inquiries:** hello@lensgo.ai **Support & data requests:** support@lensgo.ai