Skip to content

Privacy Policy

Last updated: February 2026

1. Introduction

VEDON ("we", "our", or "us") operates an AI imaging service for profile photo previews, final photo generation, image upscaling, and account management. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.

2. Information We Collect

2.1 Account Information

When you create an account or sign in, we receive account details such as your email address, display name, and profile image from the sign-in method you choose. We do not receive or store your sign-in provider password.

2.2 Uploaded Photos (Biometric Data)

When you upload images for previews or upscaling, we process the image content needed to deliver those results. Under certain laws, photos containing a face may be treated as biometric or sensitive data.

  • We only process images you explicitly upload
  • Images are used only to deliver previews, final photos, upscales, and downloads you request
  • We do NOT use your uploads to identify you beyond the account features you use
  • We do NOT use your uploads to train public AI models
  • Retention depends on the product feature and operational need, and you can request deletion of your account data

2.3 Generated Images

Preview images, final images, enhanced outputs, and related metadata may be stored in your account so you can access, re-open, or download them later.

2.4 Payment Information

Payments are processed by our third-party provider Creem.io. We send your email address and an internal user ID to Creem to process transactions. We do not store credit card numbers or full payment details on our servers.

2.5 Automatically Collected Data

We automatically collect certain information when you use our Service:

  • IP address: used solely for rate limiting and abuse prevention, stored temporarily (up to 24 hours) and then discarded
  • Browser type and device information: collected via standard HTTP headers
  • Pages visited and actions taken: basic server logs for debugging and security

3. Cookies and Local Storage

We use minimal cookies and browser storage:

  • Authentication and security cookies: used to keep you signed in and protect the Service.
  • Browser storage: used to remember consent choices and checkout state. This is limited to product functionality.
  • We do NOT use advertising cookies or third-party behavioral tracking pixels.

4. How We Use Your Information

We use collected information for the following purposes:

  • Provide the Service: Generate previews, final photos, and upscaled exports based on your uploads and preferences
  • Process payments: Complete transactions and manage your credit balance
  • Prevent abuse: Rate-limit requests and detect fraudulent activity
  • Improve the Service: Debug issues and maintain system reliability
  • Communicate with you: Respond to support requests sent to our contact email

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data based on:

  • Consent (Article 9.2.a): You provide explicit consent before uploading photos containing facial data.
  • Contract Performance (Article 6.1.b): Processing is necessary to deliver the preview, generation, or upscaling feature you requested.
  • Legitimate Interest (Article 6.1.f): For security, fraud prevention, and service reliability.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 Rights Under GDPR (EEA Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your account and all associated data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Revoke consent at any time without affecting prior processing
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 Rights Under CCPA (California Residents)

  • Right to Know: What personal information we collect and how it is used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so no opt-out is needed
  • Right to Non-Discrimination: We will not treat you differently for exercising your rights

To exercise any of these rights, contact us at privacy@vedon.ai. We will respond within 30 days.

7. Data Retention

  • Uploaded images and generated outputs: Retained only as long as needed to provide the product feature, support downloads, and maintain account history
  • Account data: Retained until you request account deletion
  • IP addresses and abuse-prevention signals: Retained for a limited period needed for security and rate limiting
  • Payment records: Retained as required by applicable tax and financial regulations

8. Data Security

We protect your data with the following measures:

  • All data transmitted between your browser and our servers is encrypted via TLS/SSL
  • Uploaded images and generated outputs are stored in protected cloud storage
  • Access to stored data is restricted to authorized systems and personnel
  • API endpoints are protected by rate limiting and authentication checks

9. Third-Party Services

We share data with the following third-party providers, each with their own privacy policies:

  • Google OAuth: Authentication when you choose Google sign-in
  • Google AI services: Used for homepage preview generation and prompt processing
  • Replicate: Used for image upscaling requests
  • Creem.io: Payment processing — receives your email and transaction details
  • S3-compatible object storage provider: Stores uploaded images and generated outputs
  • Cloud hosting, delivery, and monitoring providers: Support application hosting, security, and reliability

Some of these providers may process data outside your country of residence, including in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international data transfers.

10. Children's Privacy

Our Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@vedon.ai and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: privacy@vedon.ai