Privacy policy

This placeholder outlines the sections a GDPR-compliant privacy notice should contain. Replace with a policy reviewed by qualified counsel before launch.

Data we process

  • Account data (email, hashed password, sign-in metadata).
  • Workspace content (uploaded references, generated images, prompts).
  • Billing data via Stripe (name, address, VAT ID, invoice history).
  • Product analytics (aggregated usage events for reliability).

Legal basis

Contract performance (Art. 6 (1) (b) GDPR) and legitimate interests (Art. 6 (1) (f) GDPR).

Processors

  • Supabase (hosting, auth, storage).
  • Cloudflare (edge delivery).
  • Stripe (payments).
  • Lovable AI Gateway (image generation).

Retention

Account data for the lifetime of the account; billing records per statutory retention periods.

Your rights

Access, rectification, erasure, portability, restriction, objection, and complaint to a supervisory authority.

Contact

[privacy@yourproductshot.com]