1. Introduction

VEDON ("we", "our", or "us") operates the AI photo generation service at vedon.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your information. By using our Service, you agree to the practices described below.

2. Information We Collect

2.1 Account Information

When you create an account via Google OAuth, we receive your email address, display name, and profile picture from Google. We do not receive or store your Google password.

2.2 Uploaded Photos (Biometric Data)

When you upload photos for AI generation, we process facial data to create AI-generated images. Under certain laws (e.g., GDPR, Illinois BIPA), this may constitute biometric data.

We only process photos you explicitly upload
Photos are used solely for generating AI images you request
We do NOT use your photos to identify or authenticate you
We do NOT use your photos to train our AI models
Uploaded photos are automatically deleted after 7 days

2.3 Generated Images

Images generated by our AI service are stored in your account gallery and associated with your user account.

2.4 Payment Information

Payments are processed by our third-party provider Creem.io. We send your email address and an internal user ID to Creem to process transactions. We do not store credit card numbers or full payment details on our servers.

2.5 Automatically Collected Data

We automatically collect certain information when you use our Service:

IP address: used solely for rate limiting and abuse prevention, stored temporarily (up to 24 hours) and then discarded
Browser type and device information: collected via standard HTTP headers
Pages visited and actions taken: basic server logs for debugging and security

3. Cookies and Local Storage

We use minimal cookies and browser storage:

Authentication cookie: A session token set by Supabase to keep you logged in. This is essential for the Service to function.
Consent record: We store a flag in your browser's localStorage to remember that you have agreed to our photo upload terms. This contains no personal data.
We do NOT use advertising cookies, tracking pixels, or third-party analytics tools.

4. How We Use Your Information

We use collected information for the following purposes:

Provide the Service: Generate AI photos based on your uploads and preferences
Process payments: Complete transactions and manage your credit balance
Prevent abuse: Rate-limit requests and detect fraudulent activity
Improve the Service: Debug issues and maintain system reliability
Communicate with you: Respond to support requests sent to our contact email

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data based on:

Consent (Article 9.2.a): You provide explicit consent before uploading photos containing facial data.
Contract Performance (Article 6.1.b): Processing is necessary to deliver the AI photo generation service you requested.
Legitimate Interest (Article 6.1.f): For security, fraud prevention, and service reliability.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 Rights Under GDPR (EEA Residents)

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Delete your account and all associated data
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to processing based on legitimate interest
Right to Withdraw Consent: Revoke consent at any time without affecting prior processing
Right to Data Portability: Export your data in a machine-readable format
Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 Rights Under CCPA (California Residents)

Right to Know: What personal information we collect and how it is used
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do not sell personal information, so no opt-out is needed
Right to Non-Discrimination: We will not treat you differently for exercising your rights

To exercise any of these rights, contact us at privacy@vedon.ai. We will respond within 30 days.

7. Data Retention

Uploaded photos: Automatically deleted after 7 days
Generated images: Retained until you delete them or close your account
Account data: Retained until you request account deletion
IP addresses (rate limiting): Automatically purged after 24 hours
Payment records: Retained as required by applicable tax and financial regulations

8. Data Security

We protect your data with the following measures:

All data transmitted between your browser and our servers is encrypted via TLS/SSL
Uploaded photos and generated images are stored in encrypted cloud storage
Database access is restricted by row-level security policies
API endpoints are protected by rate limiting and authentication checks

9. Third-Party Services

We share data with the following third-party providers, each with their own privacy policies:

Supabase (supabase.com): Database, authentication, and file storage
Vercel (vercel.com): Application hosting
Cloudflare (cloudflare.com): Content delivery and image storage (R2)
EvoLink (evolink.ai): AI image generation — receives your photos and prompt text
Google Gemini (ai.google): Prompt text processing — receives text only, never photos
Creem.io (creem.io): Payment processing — receives your email and transaction details
Google OAuth (google.com): Authentication — provides your email and profile info
Upstash (upstash.com): Rate limiting — receives hashed IP addresses, auto-deleted after 24 hours

Some of these providers may process data outside your country of residence, including in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international data transfers.

10. Children's Privacy

Our Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@vedon.ai and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: privacy@vedon.ai