Privacy Policy

Last updated: 6 May 2025

This Privacy Policy explains how we collect, use, store and protect your personal data when you use our image-generation and enhancement platform (the "Services"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Types of Data We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Username and password
• Payment information (processed through our payment providers)
• Account preferences and settings

1.2 Service Usage Data

When you use our Services, we collect:

• Images you generate, edit, or upload
• Prompts and parameters used for image generation
• Credit usage statistics
• Subscription and billing information

1.3 Technical Data

We automatically collect:

• IP address
• Browser type and version
• Device information
• Operating system
• Date and time of access
• Log data and error reports

1.4 Communication Data

If you contact us, we collect:

• Email content and metadata
• Support ticket information
• Chat transcripts (if applicable)

2. Legal Basis for Processing

2.1 Contract Performance

We process your personal data to fulfill our contractual obligations to you as outlined in our Terms of Service (Art. 6(1)(b) GDPR). This includes account creation, providing access to our Services, processing payments, and managing subscriptions.

2.2 Legitimate Interests

We process certain data based on our legitimate interests (Art. 6(1)(f) GDPR), including:

• Improving and optimizing our Services
• Ensuring the security and proper functioning of our platform
• Analyzing usage patterns to enhance user experience
• Preventing fraud and unauthorized access
• Our and BFL’s legitimate interest in improving AI models.

2.3 Legal Obligations

We process data to comply with legal obligations (Art. 6(1)(c) GDPR), such as tax and accounting requirements, responding to legal requests, and fulfilling regulatory obligations.

2.4 Consent

Where required by law, we process data based on your explicit consent (Art. 6(1)(a) GDPR). You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

3. How We Use Your Data

3.1 Providing and Improving the Services

We use your data to:

• Create and manage your account
• Process image generation and enhancement requests
• Track credit usage and subscription status
• Improve our AI models and algorithms
• Fix bugs and optimize performance

3.2 Communication

We use your contact information to:

• Send service-related notifications and updates
• Respond to your inquiries and support requests
• Send administrative messages about your account
• Provide information about new features (with consent where required)

3.3 Security and Compliance

We use your data to:

• Verify your identity and protect against unauthorized access
• Monitor for potential violations of our Terms of Service
• Detect and prevent fraud, spam, abuse, and security incidents
• Comply with legal obligations and enforce our agreements

3.4 Analytics and Research

We anonymize and aggregate data to:

• Analyze usage patterns and user behavior
• Generate statistical insights to improve our Services
• Understand how users interact with our platform
• Evaluate and enhance the effectiveness of our features

4. Data Sharing and Recipients

4.1 Service Providers

We share data with third-party service providers who help us deliver our Services:

• Cloud infrastructure providers (AWS, Google Cloud)
• Payment processors
• AI model providers (e.g., Replicate, Black Forest Labs Inc.)
• Customer support tools
• Analytics services

FLUX Kontext disclosure: Certain image‑generation requests are transmitted to Black Forest Labs Inc. (USA) so that its FLUX Kontext models can process your prompts and images. BFL may use these Inputs and Outputs to operate, train and improve its models in accordance with the BFL Terms.

All service providers are contractually obligated to process your data only for the purposes specified by us and in accordance with this Privacy Policy, our instructions, and applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.3 Business Transfers

If Tuari AI UG (haftungsbeschränkt) is involved in a merger, acquisition, or sale of all or a portion of its assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. International Data Transfers

5.1 Data Transfer Mechanisms

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). We ensure that these transfers comply with data protection laws through mechanisms such as:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

5.2 Service Provider Locations

Our main service providers are located in the following regions:

• Cloud services: EU, United States
• Payment processing: EU, United States
• AI model providers: United States
• Analytics: EU, United States

6. Data Retention

6.1 Account Information

We retain your account information for as long as your account is active. After account closure, we retain limited information for up to 30 days to allow for reactivation if requested.

6.2 Generated Images

As stated in our Terms of Service (Section 9.1), generated images are stored temporarily and may be deleted at any time. We recommend downloading any images you wish to keep. utputs and prompts already transferred to Black Forest Labs may persist in their training sets indefinitely.

6.3 Usage Data

Usage data is retained for up to 24 months for analytics purposes, after which it is anonymized or deleted.

6.4 Financial Records

Payment and billing information is retained in accordance with tax and accounting requirements, typically for 10 years in Germany.

7. Your Privacy Rights

7.1 Right to Access

You have the right to request copies of your personal data that we hold.

7.2 Right to Rectification

You have the right to request correction of any inaccurate data or completion of any incomplete data that we hold about you.

7.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

7.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

7.5 Right to Data Portability

You have the right to request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at dpo@aipixls.com. We will respond to your request within one month. This period may be extended by two further months if necessary, taking into account the complexity and number of requests.

8. Data Security

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

• Encryption of sensitive data
• Secure authentication mechanisms
• Regular security assessments
• Access controls and authorization
• Staff training on data protection
• Secure network infrastructure

8.2 Third-Party Security

We regularly review the security practices of our third-party service providers and ensure they provide an adequate level of data protection.

8.3 Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when required, inform affected individuals in accordance with applicable law.

9. Cookies and Similar Technologies

9.1 Types of Cookies We Use

We use the following types of cookies:

• Essential cookies: Necessary for the basic functionality of our website
• Preference cookies: Allow us to remember your preferences and settings
• Analytics cookies: Help us understand how visitors interact with our site
• Authentication cookies: Recognize you when you log in to your account

9.2 Cookie Management

We display a GDPR-compliant consent banner on your first visit to our website. Through this banner, you can:

• Accept all cookies
• Reject all non-essential cookies
• Customize your cookie preferences by category
• Access cookie settings at any time via the "Cookie Settings" link in our footer

Additionally, most web browsers allow you to manage cookies through browser settings:

• Delete cookies from your device
• Block cookies by activating the setting on your browser that allows you to refuse all or some cookies
• Set your browser to notify you when you receive a cookie

Please note that if you choose to block or delete cookies, you may not be able to access certain areas or features of our Services, and some functionality may be impaired. Essential cookies cannot be disabled as they are necessary for the basic functioning of our website.

9.3 Third-Party Cookies

Some third-party services we use, such as analytics providers, may place their own cookies on your device. We do not have control over these cookies. Please refer to the third party's privacy policy for more information.

10. AI and Image Processing Specifics

10.1 AI Model Training

We do not use your generated images or prompts to train our proprietary AI models unless you explicitly opt in through your account settings. Exception – FLUX features: Inputs and Outputs processed by Black Forest Labs (BFL) may be retained and used by BFL to train and improve its models under the BFL Terms.

10.2 Content Moderation

To enforce our content policies outlined in our Terms of Service (Section 7.2), we employ automated systems to screen prompts and generated content. This processing is necessary to prevent the creation of prohibited content.

10.3 Third-Party AI Models

Our Services utilize third-party AI models as described in our Terms of Service (Section 14). When you use our Services, your prompts and parameters may be processed by these third-party providers in accordance with their privacy policies and our agreements with them.

11. Children's Privacy

Our Services are not directed at individuals under the age of 13 (or the applicable minimum age in your country). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information from our servers. If you believe we may have collected information from a child, please contact us at contact@aipixls.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the "Last updated" date displayed at the top of this Privacy Policy.

13. Data Protection Authority

If you are located in the European Economic Area and believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

For Tuari AI UG (haftungsbeschränkt), the lead supervisory authority is:

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

15. Language of the Policy

This Privacy Policy is available in both English and German. In case of any discrepancy between the language versions, the German version shall prevail.