Privacy Policy
Last Updated: January 3, 2026
1. Data Controller
For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller is:
If you have any questions about this Privacy Policy or our data practices, please contact us at the address above.
2. Information We Collect
2.1 Information You Provide
| Data Type | Description | Purpose |
|---|---|---|
| Account Information | Email address, password (hashed) | Account creation and authentication |
| Payment Information | Billing details processed by Stripe (we do not store full card numbers) | Processing purchases |
| Generated Content | Images you generate, prompts you submit, reference images you upload | Providing the image generation service |
| Communications | Emails and messages you send to us | Customer support |
2.2 Information Collected Automatically
| Data Type | Description | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, generation history, credits consumed | Service improvement and billing |
| Device Information | Browser type, operating system, device type | Service optimization |
| Log Data | IP address, access times, error logs | Security and troubleshooting |
3. How We Use Your Information
We use your information for the following purposes:
- Providing the Service: Processing your image generation requests, managing your account, and delivering the features you use;
- Processing Payments: Handling credit purchases and subscriptions through our payment processor;
- Customer Support: Responding to your inquiries and resolving issues;
- Service Improvement: Analyzing usage patterns to improve our Service and develop new features;
- Security: Detecting and preventing fraud, abuse, and security threats;
- Communications: Sending transactional emails (purchase confirmations, password resets) and, with your consent, promotional communications;
- Legal Compliance: Complying with applicable laws and regulations.
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance Art. 6(1)(b) GDPR |
Account management, service delivery, payment processing, customer support |
| Legitimate Interests Art. 6(1)(f) GDPR |
Service improvement, security measures, fraud prevention, analytics |
| Consent Art. 6(1)(a) GDPR |
Marketing communications, optional cookies |
| Legal Obligation Art. 6(1)(c) GDPR |
Tax records, legal requests, regulatory compliance |
6. International Data Transfers
deDesigned is based in Estonia (EU). However, some of our service providers are located in the United States. When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses with our service providers;
- Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission;
- EU-U.S. Data Privacy Framework: For US providers certified under the framework.
You can request a copy of the safeguards we use by contacting us at hello@dedesigned.com.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Account Information | Until you delete your account |
| Generated Images | Stored indefinitely until you delete them or your account |
| Payment Records | 7 years (legal/tax requirements) |
| Usage Logs | 12 months |
| Support Communications | 3 years after resolution |
After the retention period, data is securely deleted or anonymized.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest;
- Access Controls: Strict access controls limit who can access your data;
- Password Security: Passwords are hashed using industry-standard algorithms;
- Regular Audits: We regularly review and update our security practices;
- Secure Payments: Payment processing is handled by PCI-DSS compliant providers.
While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to hello@dedesigned.com.
9. Your Rights
Under the GDPR and other applicable laws, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data we hold |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request limitation of processing in certain circumstances |
| Data Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Withdraw consent at any time where processing is based on consent |
Exercising Your Rights
To exercise any of these rights, contact us at hello@dedesigned.com. We will respond within 30 days. We may need to verify your identity before processing your request.
Complaints
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
11. Marketing Communications
We may send you promotional emails about new features, products, or offers. You can opt out at any time by:
- Clicking the "unsubscribe" link in any marketing email;
- Contacting us at hello@dedesigned.com;
- Updating your preferences in your account settings.
Please note that even if you opt out of marketing emails, you will still receive transactional emails (such as purchase confirmations and account notifications).
12. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@dedesigned.com, and we will promptly delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this page;
- For material changes, we will notify you via email or through the Service;
- We encourage you to review this Privacy Policy periodically.
Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
14. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Additional Information for US Residents
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the personal data we collect, use, and disclose;
- Right to Delete: You can request deletion of your personal data;
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at hello@dedesigned.com. We do not sell personal information as defined by the CCPA.