Image Layer Separator
Sign inOpen workspace

Privacy Policy

Last updated: 2026-04-26

This Privacy Policy explains how My SaaS ("we", "us", or "our") collects, uses, stores, shares, and protects information about users, visitors, customers, and account administrators who access our website, applications, APIs, and related services (collectively, the "Service").

1. Scope

This Privacy Policy applies to information processed through the Service. It does not apply to websites, services, or practices that we do not control, including third-party services you may access through integrations, payment flows, authentication providers, or underlying AI model providers.

2. Information we collect

2.1 Information you provide directly

  • Account information: email address, display name, profile image, authentication provider details, and account preferences.
  • Billing information: subscription status, plan details, transaction records, invoices, and limited payment metadata returned by our payment processors. Full card or banking details are handled by the payment processor, not stored by us.
  • Customer content: prompts, generation settings, uploads, outputs, API parameters, support tickets, and other workspace content you submit.
  • Communications: email, chat, or support correspondence and any attachments or contextual details you include.

2.2 Information collected automatically

  • Usage data: features accessed, pages visited, generation history, consumption events, error states, and interaction timestamps.
  • Technical data: IP address, approximate location derived from IP, browser type, device identifiers, operating system, language, referring URLs, and performance logs.
  • Security and abuse signals: login attempts, rate-limit events, suspicious usage patterns, and moderation or fraud prevention signals.
  • Cookies and local storage: session, theme, consent, and similar state-management technologies. See Section 8.

3. How we use information

We use collected information to:

  • provide, host, maintain, and secure the Service;
  • authenticate users and manage account sessions;
  • process orders, subscriptions, credits, refunds, and billing events;
  • run AI, storage, support, and related service workflows requested by you;
  • monitor performance, troubleshoot incidents, and improve product quality;
  • prevent fraud, abuse, policy violations, and security threats;
  • communicate about transactions, product changes, service notices, and support matters;
  • comply with legal obligations and enforce our agreements and policies.

4. Legal bases for processing

If data protection laws such as the GDPR or UK GDPR apply, we generally rely on one or more of the following legal bases:

  • Contractual necessity: to deliver the Service you requested.
  • Legitimate interests: to secure, improve, administer, and support the Service.
  • Consent: for optional analytics, marketing, or other activities where consent is required.
  • Legal obligation: to comply with tax, accounting, security, consumer protection, or law enforcement requirements.

5. Sharing and disclosure

We do not sell your personal information. We may disclose information only in the following limited situations:

  • Service providers and infrastructure vendors: such as hosting, storage, observability, authentication, customer support, and payment processors.
  • AI and model providers: prompts, uploads, or generation parameters may be transmitted to underlying model providers as needed to produce outputs or perform moderation and abuse review.
  • Legal or protective disclosures: where reasonably necessary to comply with law, enforce rights, investigate abuse, or protect users, the Service, or the public.
  • Business transfers: in connection with a merger, financing, acquisition, reorganization, or sale of all or part of our business, subject to appropriate confidentiality handling.

6. International transfers

Your information may be processed in countries other than the one where you live. Where legally required, we use appropriate safeguards for cross-border transfers, such as contractual protections, provider commitments, or another lawful transfer mechanism.

7. Data retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to operate the Service, keep billing records, resolve disputes, investigate misuse, enforce agreements, and satisfy legal obligations.

  • Account records may be retained while your account is active and for a reasonable period afterward.
  • Billing and tax records may be retained for statutory recordkeeping periods.
  • Prompts, outputs, and operational logs may be retained according to product, abuse-prevention, or provider requirements.

8. Cookies, local storage, and analytics

We use cookies and similar technologies to maintain sessions, preserve UI settings, remember consent choices, and improve reliability. We may also use optional analytics or attribution tooling if configured for the app and permitted under the applicable consent flow.

You can usually control cookies through your browser settings, but some session or security features may not function correctly if essential cookies are disabled.

9. Security

We use administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. No system is perfectly secure, and we cannot guarantee absolute security. You are also responsible for keeping your credentials, devices, and workspace access secure.

10. Your rights and choices

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or export certain personal data. You may also have the right to withdraw consent where processing is based on consent.

  • You may update some account details directly within the Service.
  • You may request account deletion or a privacy review by contacting us.
  • If you believe we handled information unlawfully, you may also have the right to complain to a competent supervisory authority.

11. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under that age. If you believe a child has provided personal information in violation of this policy, contact us so we can investigate and take appropriate action.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted unless another effective date is stated. If we make a material change, we will use reasonable efforts to provide notice through the Service, by email, or both.

13. Contact

For privacy questions, access requests, or deletion requests, contact us at support@example.com.