Privacy Policy

1.1 Information You Provide Directly. When you create an account or use the Service, we may collect the following personal information:

• Account Information: Your name and email address when you register for an account.
• Authentication Data: Login credentials (hashed password) or magic link authentication tokens. We never store plaintext passwords.
• Payment Information: When you purchase credits or subscriptions, payment details (credit card number, billing address) are collected and processed directly by Stripe, our third-party payment processor. We do not store your full credit card number on our servers. We receive only a partial card number, card type, and billing information from Stripe for transaction records.
• Communication Data: Information you provide when contacting our support team, including email correspondence and feedback.
• User Preferences: Your selected settings, presets, and processing preferences within the Service.

1.2 Information Collected Automatically. When you access the Service, we automatically collect certain information:

• Device Information: Browser type, operating system, device type, and screen resolution.
• Usage Data: Pages visited, features used, time spent on pages, click patterns, and interaction data.
• Log Data: IP address, access times, referring URL, and error logs.
• Performance Data: Page load times and processing operation metrics (without image content).

1.3 Image Data. This is an important distinction in our Service:

We use the information we collect for the following purposes:

• Providing the Service: To process your images, manage your account, and deliver the features you request.
• Payment Processing: To process transactions, manage credits, and handle billing for subscriptions and credit packages.
• Authentication: To verify your identity and secure your account access.
• Communication: To send you transactional emails (account confirmations, purchase receipts, password resets), respond to support requests, and, with your consent, send product updates.
• Service Improvement: To analyze usage patterns, identify bugs, and improve the performance, features, and user experience of the Service.
• Security: To detect and prevent fraud, abuse, and unauthorized access to accounts.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We use the following third-party service providers to operate the Service. Each provider has access to certain data as described below:

We require all third-party providers to process your data in accordance with applicable data protection laws and to implement appropriate security measures. However, we are not responsible for the privacy practices of these third parties, and we encourage you to review their respective privacy policies.

We use the following cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled as they are necessary for the Service to function.
• Preference Cookies: Store your settings and preferences (such as theme selection and processing defaults) to improve your experience.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve performance and features. These are anonymized where possible.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We honor Global Privacy Control (GPC) signals and Do Not Track (DNT) browser settings where technically feasible.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and related legislation:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate personal data we hold about you.
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions (such as compliance with legal obligations).
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

Legal Bases for Processing: We process your personal data on the following legal bases: (a) performance of a contract (providing the Service), (b) legitimate interests (improving our Service, preventing fraud), (c) consent (marketing communications), and (d) legal obligations (tax and financial record-keeping).

To exercise any of these rights, please contact our Data Protection Officer at privacy@autocrop.ai. We will respond to your request within thirty (30) days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell, and for what purposes.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected: Identifiers (name, email), commercial information (purchase history, credit balance), internet activity (usage data, browsing history within our Service), and inferences drawn from the above.

We do not sell personal information. We do not use or disclose sensitive personal information for purposes other than those authorized under the CCPA/CPRA.

To exercise your California privacy rights, contact us at privacy@autocrop.ai or use our contact form. We will verify your identity before processing your request.

We retain your data according to the following schedule:

• Account Data: Retained for the duration of your account and for up to thirty (30) days after account deletion to allow for account recovery.
• Payment Records: Retained for seven (7) years as required by tax and financial regulations.
• Image Data: Not retained. Images are processed in real-time and discarded immediately after processing is complete. No images are stored on our servers.
• Usage Logs: Retained for up to twelve (12) months for security, analytics, and troubleshooting purposes, then automatically deleted or anonymized.
• Support Communications: Retained for up to three (3) years after the last communication to provide continued support and for quality assurance.

We implement industry-standard technical and organizational measures to protect your personal data, including:

• All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Passwords are hashed using industry-standard cryptographic algorithms and are never stored in plaintext.
• Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified.
• Database access is restricted and protected by authentication and network-level security controls.
• Regular security assessments and monitoring for unauthorized access attempts.
• Employee access to personal data is limited to those with a legitimate business need.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

The Service is not intended for individuals under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us at privacy@autocrop.ai. If we discover that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

Users between the ages of 13 and 18 may use the Service only with the consent and supervision of a parent or legal guardian who agrees to be bound by these Terms.

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have data protection laws that are different from the laws of your country.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. By using the Service, you consent to the transfer of your information as described in this policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date and, where required by law or where we deem it appropriate, by sending an email notification. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related requests, our Data Protection Officer can be reached at privacy@autocrop.ai. We aim to respond to all data protection inquiries within thirty (30) days.