Privacy Policy
Effective date: April 11, 2026 · Last updated: April 19, 2026
1. Data Controller
PlateShotAI ("we", "us", "our") is the data controller responsible for your personal data. If you have any questions about how we process your data, contact us at: privacy@plateshotai.com
2. Data We Collect
We collect the following categories of personal data:
Account data
Name, email address, and profile information provided during registration via our authentication provider (Clerk). If you sign in with a social provider (e.g., Google), we receive basic profile data from that provider.
Uploaded content
Product images you upload for enhancement. These are stored on our servers and transmitted to our AI processing provider for enhancement.
Usage data
Information about how you interact with the Service, including pages visited, features used, enhancement history, timestamps, and credit usage.
Payment data
When you make a purchase, payment is processed by Stripe, Inc. We do not store your full credit card number. We receive limited billing information (last four digits, card type, billing country) from Stripe for record-keeping.
Technical data
IP address, browser type, device type, operating system, and referral source. This data is collected automatically when you access the Service.
3. Legal Basis for Processing
Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
| Performance of contract | Account management, image processing, delivering enhanced results, credit management |
| Legitimate interest | Service improvement, security monitoring, fraud prevention, usage analytics |
| Legal obligation | Tax and financial record-keeping, responding to lawful requests from authorities |
| Consent | Marketing communications (where applicable) — you may withdraw consent at any time |
4. How We Use Your Data
We use your personal data to:
- Provide, maintain, and improve the Service
- Process your images using AI enhancement models
- Manage your account and authenticate your identity
- Process payments and manage billing
- Communicate with you about service updates or issues
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not use your uploaded images to train or fine-tune AI models. Your images are processed solely to deliver enhancement results to you.
5. Third-Party Data Processors
We share your data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk, Inc. (USA) | Authentication, account management | Name, email, profile data |
| Replicate, Inc. (USA) | AI image processing | Uploaded images (processed transiently) |
| Stripe, Inc. (USA) | Payment processing | Payment and billing data |
Each provider acts as a data processor under GDPR. We have Data Processing Agreements (DPAs) with each provider to ensure your data is handled in compliance with EU data protection law.
6. International Data Transfers
Our third-party processors are based in the United States. Transfers of personal data from the EU/EEA to the US are protected by appropriate safeguards, including:
- EU-U.S. Data Privacy Framework (where the provider is certified)
- Standard Contractual Clauses (SCCs) approved by the European Commission
You may request a copy of the relevant transfer safeguards by contacting us at the address in Section 12.
7. Data Retention
We retain your data for the following periods:
- Account data: retained while your account is active and for 30 days after deletion to allow recovery
- Uploaded and enhanced images: retained while your account is active; deleted within 30 days of account deletion
- Payment records: retained for 7 years to comply with tax and accounting obligations
- Usage and technical data: retained for up to 12 months, then anonymized or deleted
8. Your Rights Under GDPR
If you are in the EU/EEA, you have the following rights regarding your personal data:
- Right of access (Art. 15): request a copy of the personal data we hold about you
- Right to rectification (Art. 16): request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18): request that we limit the processing of your data
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interest
- Right to withdraw consent (Art. 7): where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, email us at privacy@plateshotai.com. We will respond within 30 days as required by GDPR.
You also have the right to lodge a complaint with your local data protection supervisory authority.
9. Cookies and Similar Technologies
We use only essential cookies required for the Service to function (authentication session, security tokens). These do not require consent under the ePrivacy Directive.
Analytics cookies (Google Analytics 4)
We use Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 collects anonymised usage data including pages visited, session duration, referring source, device type, and in-app events such as button clicks and feature usage. This data helps us improve the Service.
GA4 sets cookies (e.g. _ga, _ga_*) that persist for up to 2 years. Data is processed by Google Ireland Limited (EEA users) under Google's Data Processing Terms. We do not use GA4 for advertising or remarketing purposes.
You can opt out of GA4 data collection at any time by:
- Installing the Google Analytics Opt-out Browser Add-on
- Enabling "Do Not Track" in your browser settings
- Using a browser extension that blocks analytics scripts
We do not use advertising or other third-party tracking cookies beyond GA4.
10. Children’s Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and secure storage. No system is perfectly secure — we cannot guarantee absolute security, but we continuously review and improve our practices.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notice at least 30 days before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
13. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, contact us at:
PlateShotAI — Data Protection
Email: privacy@plateshotai.com