Privacy policy
This placeholder outlines the sections a GDPR-compliant privacy notice should contain. Replace with a policy reviewed by qualified counsel before launch.
Data we process
- Account data (email, hashed password, sign-in metadata).
- Workspace content (uploaded references, generated images, prompts).
- Billing data via Stripe (name, address, VAT ID, invoice history).
- Product analytics (aggregated usage events for reliability).
Legal basis
Contract performance (Art. 6 (1) (b) GDPR) and legitimate interests (Art. 6 (1) (f) GDPR).
Processors
- Supabase (hosting, auth, storage).
- Cloudflare (edge delivery).
- Stripe (payments).
- Lovable AI Gateway (image generation).
Retention
Account data for the lifetime of the account; billing records per statutory retention periods.
Your rights
Access, rectification, erasure, portability, restriction, objection, and complaint to a supervisory authority.
Contact
[privacy@yourproductshot.com]
