Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, username, password, and profile information when you create an account
• Payment Information: Billing address, credit card details, and transaction history (processed securely through third-party payment processors)
• Communications: Messages, feedback, support requests, and any other information you send to us
• Referral Information: Email addresses or contact information of people you refer to our platform

1.2 Images and User Content

When you use our AI transformation services, we collect:

• Uploaded Images: Original images you upload for processing
• Transformed Images: AI-generated results and transformations
• Transformation Parameters: Settings, prompts, and preferences you specify for image processing
• Image Metadata: File information, dimensions, format, and technical specifications

1.3 Automatically Collected Information

We automatically collect certain information when you access or use our Platform:

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Usage Data: Pages visited, features used, time spent on platform, click patterns, and navigation paths
• Location Data: Approximate geographic location based on IP address
• Performance Data: Error logs, crash reports, and diagnostic information
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies

1.4 Third-Party Sources

We may receive information about you from third parties such as social media platforms (if you choose to connect your account), payment processors, analytics providers, and referral partners.

2. Legal Basis and Purpose of Data Processing

2.1 Legal Basis (LGPD/GDPR Compliance)

We process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to specific data processing activities
• Contractual Necessity: To fulfill our Terms of Use and provide services you requested
• Legal Obligation: To comply with applicable laws, regulations, and legal processes
• Legitimate Interest: For business operations, fraud prevention, security, and service improvement
• Protection of Rights: To protect our legal rights and those of our users

2.2 How We Use Your Information

We use your personal information for the following purposes:

Service Delivery and Account Management:

• Create and manage your account
• Process and deliver AI image transformations
• Track credit balance and usage
• Manage referral programs and bonuses
• Provide customer support and respond to inquiries

Payment Processing:

• Process payments and transactions
• Prevent fraud and unauthorized charges
• Issue invoices and receipts
• Manage billing and subscriptions (when available)

Platform Improvement and AI Training:

• Improve AI models and algorithms
• Analyze usage patterns and user preferences
• Develop new features and services
• Optimize platform performance and user experience
• Conduct research and development

Communication:

• Send transactional emails (receipts, confirmations, account updates)
• Provide customer support and technical assistance
• Send promotional emails and marketing communications (with consent)
• Notify you of policy changes or important updates

Security and Legal Compliance:

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Use and Content Policy
• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

• Payment Processors: Stripe, PayPal, or other payment gateways to process transactions
• Cloud Hosting: AWS, Google Cloud, or similar providers for data storage and computing
• AI Services: Third-party AI/ML platforms that power our transformation tools
• Email Services: Email delivery platforms for transactional and marketing communications
• Analytics Tools: Google Analytics, Mixpanel, or similar services for usage analysis
• Customer Support: Help desk and support ticketing systems

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

3.2 Business Transfers

If Spellpix is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your data.

3.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to lawful requests from government authorities
• Enforce our Terms of Use and protect our rights
• Investigate fraud, security issues, or illegal activities
• Protect the safety and rights of our users and the public

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot be used to identify you for research, marketing, analytics, or other business purposes.

4. Image Storage and AI Training

4.1 Image Storage

Uploaded and transformed images are stored securely on our servers for the following purposes:

• To provide access to your transformation history
• To enable re-downloading of processed images
• To troubleshoot technical issues
• To comply with legal retention requirements

Images are typically retained for 90 days after processing, unless you delete them sooner or we determine a longer retention period is necessary for legal or operational reasons.

4.2 AI Model Training

Your uploaded images may be used to improve our AI models and algorithms. This helps us enhance transformation quality, accuracy, and capabilities. However:

• We implement privacy-preserving techniques when training AI models
• Images used for training are processed in a way that minimizes privacy risks
• You can opt out of AI training by contacting our Data Protection Officer
• We never use images containing personally identifiable information or sensitive content for training without additional safeguards

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience.

5.2 Types of Cookies We Use

Essential Cookies (Required):

Necessary for the platform to function. These enable core features like account login, credit tracking, and security. You cannot opt out of these cookies.

Functional Cookies (Optional):

Remember your preferences, settings, and choices to provide a personalized experience.

Analytics Cookies (Optional):

Help us understand how users interact with our platform, which features are popular, and how to improve our services.

Marketing Cookies (Optional):

Used to deliver relevant advertisements and track campaign effectiveness.

5.3 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Our cookie consent banner (where you can accept or reject optional cookies)
• Third-party opt-out tools for advertising cookies

Note that disabling essential cookies may affect platform functionality.

5.4 IP-Based Daily Credits

We use your IP address to track daily free credit allocation (2 credits per IP per day). This is necessary to prevent abuse and ensure fair distribution of free resources.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

• Account Information: Retained while your account is active and for up to 2 years after deletion
• Transaction Records: Retained for 5 years for tax and accounting purposes (legal requirement in Brazil)
• Images: Typically deleted 90 days after processing, unless longer retention is needed
• Support Communications: Retained for 3 years for customer service quality and dispute resolution
• Usage Logs: Retained for 12 months for security and analytics purposes
• Marketing Data: Retained until you unsubscribe or withdraw consent

6.2 Deletion

After the retention period expires, we securely delete or anonymize your personal data in accordance with our data retention policy and applicable laws.

7. Your Privacy Rights

Under LGPD (Brazil) and GDPR (EU), you have the following rights regarding your personal data:

7.1 Right to Access

You can request confirmation of what personal data we hold about you and obtain a copy of your data.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

7.3 Right to Deletion (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent.

7.4 Right to Restriction

You can request that we limit how we use your data in certain situations, such as while we verify data accuracy.

7.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format that can be transferred to another service provider.

7.6 Right to Object

You can object to certain data processing activities, particularly those based on legitimate interest or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

• Brazil: ANPD (Autoridade Nacional de Proteção de Dados)
• EU/EEA: Your local data protection authority

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: contact@spellpix.com or dpo@spellpix.com
• Subject line: "Privacy Rights Request - [Your Request Type]"

We will respond to your request within 15 days (LGPD requirement) or 30 days (GDPR requirement), unless an extension is necessary.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest using AES-256 or equivalent
• Access Controls: Strict authentication and authorization controls limit access to personal data
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff are trained on data protection and security best practices
• Secure Infrastructure: Hosting on reputable cloud providers with robust security certifications
• Backup and Recovery: Regular backups to prevent data loss

8.2 Your Responsibilities

While we implement strong security measures, you also play a role in protecting your data:

• Use a strong, unique password for your account
• Enable two-factor authentication if available
• Never share your account credentials
• Log out after using shared or public devices
• Report any suspicious activity immediately

8.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law (within 72 hours under LGPD/GDPR).

8.4 Limitation

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

Spellpix is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. Users between 13-17 years old must have parental or guardian consent to use our services.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us immediately at contact@spellpix.com.

10. International Data Transfers

Spellpix is based in Brazil, but our services are accessible globally. Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.

10.1 Safeguards for International Transfers

When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with third-party service providers
• Adequacy decisions by relevant authorities where applicable
• Certification schemes such as Privacy Shield successor frameworks (where applicable)

10.2 International Users

If you are accessing our services from the European Union, European Economic Area, United Kingdom, or other regions with data protection laws, you have specific rights as outlined in Section 7. We are committed to complying with applicable international data protection regulations.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party sites. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Marketing Communications

12.1 Promotional Emails

With your consent, we may send you promotional emails about new features, special offers, updates, and other information we think may interest you.

12.2 Opting Out

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any promotional email
• Updating your email preferences in your account settings
• Contacting us directly at contact@spellpix.com

Note that even if you opt out of marketing emails, we will still send you transactional and account-related communications (receipts, password resets, service updates, etc.).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email (if you have an account)
• Display a prominent notice on our Platform
• In some cases, seek your renewed consent

Your continued use of Spellpix after the effective date of any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Data Protection Officer (DPO)

In accordance with LGPD requirements, we have designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices, handling data subject requests, and serving as the point of contact with supervisory authorities.

You can contact our Data Protection Officer at:

• Email: dpo@spellpix.com
• Subject line: "Data Protection Request" or "DPO Inquiry"

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the personal data we collect, use, and disclose
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of the sale of personal data (Note: We do not sell personal data)
• Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

To exercise these rights, contact us at contact@spellpix.com with "CCPA Request" in the subject line.

16. Automated Decision-Making and Profiling

We may use automated decision-making and profiling in limited circumstances:

• Fraud Detection: Automated systems monitor for suspicious activity and potential fraud
• Credit Allocation: IP-based systems automatically allocate daily free credits
• Content Moderation: AI systems flag potentially prohibited content for review
• Personalization: Algorithms suggest features or improvements based on usage patterns

You have the right to request human review of automated decisions that significantly affect you and to contest such decisions. Contact our DPO to exercise this right.

17. Business Contact Information

Spellpix is committed to protecting your privacy and complying with all applicable data protection laws.

18. How to Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any privacy concerns promptly and will respond to your inquiry within the timeframes required by applicable law (typically 15-30 days).

19. Supervisory Authority Contact Information

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority: