Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and profile information provided through our authentication provider (Clerk). If you subscribe to a paid plan, payment information is collected and processed by Lemon Squeezy (our merchant of record); we do not store your full card details.

2.2 Uploaded Content

Product photos you upload for image generation are stored securely in Cloudflare R2 object storage. EXIF metadata is stripped from uploads before storage for your privacy. Your uploads are never used for AI model training.

2.3 Generated Images

Images generated by the Service are stored in Cloudflare R2 and associated with your account. You own your generated images and may download or delete them at any time.

2.4 Usage Data

We automatically collect technical and usage data, including IP address, browser type, operating system, pages visited, feature usage patterns, generation request metadata, and error logs. This data is used to improve the Service and diagnose issues.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

• Contract performance: Processing necessary to provide the Service you have subscribed to, including account management, image generation, and billing.
• Legitimate interest: Processing for service improvement, security monitoring, fraud prevention, and analytics.
• Consent: Where we rely on your consent (e.g., marketing communications), you may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws, such as tax and accounting regulations.

4. How We Use Your Data

• To provide, maintain, and improve the Service, including AI image generation.
• To process payments and manage your subscription.
• To communicate with you about your account, updates, and support requests.
• To monitor and prevent fraud, abuse, and security threats.
• To analyze usage patterns and improve user experience.
• To comply with legal obligations and enforce our Terms of Service.

5. Third-Party Services

We use the following third-party services to operate ProdVue. Each processes data as described:

Lemon Squeezy

Payment processing (merchant of record). Lemon Squeezy receives your payment card details, billing address, and transaction information, and handles all tax compliance on our behalf. See Lemon Squeezy's Privacy Policy.

Clerk

Authentication and user management. Clerk processes your email address, name, and authentication credentials. See Clerk's Privacy Policy.

Fal.ai

AI image generation. Your uploaded product images are sent to Fal.ai's API for processing. Images are used solely for generation and are not retained by Fal.ai for training purposes. See Fal.ai's Privacy Policy.

Cloudflare R2

Object storage for uploaded and generated images. Data is stored with encryption at rest. Access is controlled via time-limited presigned URLs. See Cloudflare's Privacy Policy.

6. Data Retention

• Account data: Retained for as long as your account is active and for a reasonable period thereafter to comply with legal obligations.
• Uploaded images: Retained until you delete them or until account deletion, whichever comes first.
• Generated images: Retained until you delete them or until account deletion.
• Usage and log data: Retained for up to 12 months for analytics and troubleshooting purposes.
• Payment records: Retained as required by tax and accounting regulations (typically 7-10 years).

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request restriction of processing under certain circumstances.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@prodvue.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies: Used to understand how users interact with the Service and to improve functionality. These are set only with your consent.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Service from functioning correctly.

9. International Data Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. Our primary storage provider (Cloudflare R2) offers EU data residency options.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at hello@prodvue.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

12. Contact

For any questions about this Privacy Policy or to exercise your data rights, contact us at: