Privacy Policy

1. Who we are & scope

Intacta (operated by [registered company name, address, and registration number]) provides AI-generated product photography for consumer brands. This Policy applies to visitors to our website, people who contact us or request a demo, and authorized users of the Service. Where we handle personal data that appears inside content a business customer uploads, our Data Processing Agreement governs that processing. You can reach us about privacy at privacy@intacta.io.

2. Information we collect

• Account information — your name, business email, and company name. Login credentials we provision; passwords are stored in hashed form by our authentication provider.
• Content you upload (Inputs) — product photographs, brand assets, and related materials you submit, and the Generated Images we produce for you.
• Billing information — your plan, billing-cycle dates, and a customer identifier from our payment processor. We do not store full payment-card numbers; these are handled by Stripe.
• Usage data — your generation history, number of images created, quota usage, and activity within the Service.
• Demo & contact data — the name, business email, company, and role you submit through our “Book a demo” form or other messages.
• Technical & log data — IP address, browser/device information, timestamps, and security and audit logs.
• Analytics data — see “Cookies & analytics” below.

3. How we use your data

We use personal data to:

• provide, operate, and maintain the Service, and generate images from your Inputs;
• create and manage your account and authenticate users;
• process billing and manage your subscription;
• provide support and respond to your requests;
• secure the Service, prevent abuse, and enforce our Terms;
• understand usage and improve our Service (without training AI models on your content — see Section 5);
• communicate with you about your account, important changes, and, where permitted, relevant updates; and
• comply with our legal obligations.

4. Legal bases (GDPR)

If you are in the EEA or UK, we process your personal data on these legal bases:

• Performance of a contract — to provide the Service, manage your account, and handle billing.
• Legitimate interests — to secure and improve the Service, understand usage, and conduct business communications, balanced against your rights.
• Consent — for analytics cookies and any marketing messages; you can withdraw consent at any time.
• Legal obligation — to comply with applicable law.

5. Your content & AI processing

To generate images, we send your Inputs and instructions to the AI providers that power the Service so they can produce your Generated Images. Your content is stored in access-controlled cloud storage and delivered through short-lived, signed links.

6. Sharing & sub-processors

We do not sell your personal data. We share it only with:

• Service providers (sub-processors) that host and power the Service — including cloud hosting and database, AI image generation, payment processing, email delivery, and analytics. These are listed on our Sub-processors page.
• Professional advisers and authorities, where required to comply with law or protect our rights.
• A successor entity, in connection with a merger, acquisition, or sale of assets, with notice to you.

7. International transfers

Our Service and data are currently hosted in the United States (Google Cloud). If you are in the EEA or UK, your personal data may be transferred to and processed in the United States and other countries whose laws may differ from yours. Where we transfer personal data internationally, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

8. Data retention

We keep account and usage data for as long as your account is active and as needed to provide the Service, then for a limited period required for legal, accounting, or security purposes. After your subscription ends, we make your Generated Images available for export for a period (see our Terms of Service) and then delete or anonymize content according to our standard schedules. Logs are retained for a limited time.

9. How we protect your data

We use administrative and technical measures to protect personal data, including encryption in transit, access controls, per-customer data isolation, short-lived signed links for images, and locked database rules. No method of storage or transmission is completely secure, but we work to protect your data and will notify you of a personal-data breach where required by law.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to our processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact privacy@intacta.io. You may also lodge a complaint with your local data-protection authority (in Greece, the Hellenic Data Protection Authority). Where we process personal data on behalf of a business customer, please direct your request to that customer, and we will assist them as their processor.

11. Cookies & analytics

Our website uses cookies and similar technologies, including Google Analytics, to understand how the site is used and to improve it. You can control cookies through your browser settings and, where required, our consent tools. For details, see our Cookie Policy.

12. Children

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable notice (for example, by email or on our website) and update the “last updated” date above.

14. Contact us

For any privacy questions or requests, contact us at privacy@intacta.io, or write to Intacta, [registered company name and address].