🔥 Limited Time — Save Up to 40% on all plans!

Privacy Policy

Last updated: January 18, 2026

1. Information We Collect

We collect only the data necessary to provide our AI generation services:

  • Account Data: Email address, Display Name, and authentication tokens (via Firebase Auth).
  • Input Data: Images you upload to our temporary storage (`temp/`) and text prompts you submit.
  • Generated Data: The resulting AI images and prompt optimizations, which are stored in your personal History path (`users/{uid}/generations`).
  • Usage Analytics: Screen views and interaction events to help us improve the app logic (logged internally, not sold).

2. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR/UK GDPR):

  • Performance of Contract: To provide the Services you signed up for (account management, image generation).
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud.
  • Consent: For optional cookie usage or marketing communications (if applicable).

3. How We Use Your Data

We use your information strictly for:

  • Processing your image generation requests via Google Cloud Functions.
  • Verifying your subscription status and credit balance via RevenueCat.
  • Displaying your personal Gallery and History.
  • Improving service stability and fixing bugs.

Training Data: We do NOT use your personal uploads or private generations to train our public models. Your data remains yours.

4. Third-Party Data Processors

To provide this Service, we trust the following secure infrastructure providers:

  • Google Cloud Platform & Firebase: For secure database (Firestore), file storage (Cloud Storage), and serverless computing. All data is encrypted in transit and at rest.
  • Google Vertex AI: The underlying AI engine that processes your prompts and generates images.
  • RevenueCat: Handles subscription entitlements and purchase validation.

Data Processing Agreements: We have entered into data processing agreements with all third-party processors (Google Cloud, RevenueCat) to ensure they handle your data in compliance with GDPR and other applicable privacy laws.

International Transfers: Your data may be transferred to and processed in the United States and other countries where our service providers operate. For transfers from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, along with Google Cloud's and RevenueCat's compliance certifications and additional security measures to protect your data.

5. Data Retention & Deletion Rights

Your Control: You have full control over your data.

  • Immediate Deletion: When you delete an image from your Gallery or History within the app, our system performs a "Hard Delete", immediately removing the file from Cloud Storage and the record from our database. It is not "soft deleted" or archived by us.
  • Account Deletion: You may delete your entire account via the Profile page ("Danger Zone"). This action irreversibly removes all your personal data, images, and history from our systems.
  • Temporary Files: Images uploaded for the purpose of a single generation task are stored in a temporary location and are subject to automatic cleanup lifecycles.

Retention Periods:

  • Account Data: Retained while your account is active; deleted within 30 days of account deletion request.
  • Generated Content: Retained until you delete it or close your account.
  • Temporary Files: Automatically deleted after 1 day from upload.
  • Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement.
  • Legal/Tax Records: Certain transaction records may be retained for up to 7 years as required by law.

6. User Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (available via in-app controls).
  • Right to Restriction: Request restriction of processing your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.

To exercise these rights, please contact us at support@optimaimage.com. We may require verification of your identity before processing your request.

7. Cookies & Tracking

We use essential cookies and similar technologies (e.g., Firebase Auth tokens) to keep you logged in and secure. We may use anonymous analytics tools (like Google Analytics) to understand usage patterns.

8. Security

We implement industry-standard security measures, including:

  • Strict database rules ensuring you can only access your own data.
  • Secure Blob URL implementation to prevent public link scraping.
  • HTTPS encryption for all data transmission.

9. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it immediately. If you believe we have collected data from a child, contact us at support@optimaimage.com.

Parents/Guardians: If you allow a minor between 13 and 18 to use the Service, you are responsible for monitoring their use and agree to be bound by these Terms on their behalf.

10. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer at: support@optimaimage.com