Privacy Policy

1. Information We Collect

a) Information you provide: Name and email address (if you create an account); payment information (processed securely via Razorpay/Stripe — we never store card numbers); tool inputs (processed in real-time and not permanently stored); contact form submissions.

b) Information collected automatically: Device type, browser type, and operating system; IP address (anonymized after 30 days); usage data including tools used, frequency, and preferences; cookies and similar tracking technologies (see Cookie Policy); approximate geographic location derived from IP address.

2. How We Use Your Information

We use collected information to: provide, maintain, and improve our AI tools and services; process payments and manage your account; display relevant advertisements through Google AdSense; prevent abuse, fraud, and enforce rate limiting; send transactional emails (purchase confirmations, account updates); analyze usage patterns to improve the Service; comply with legal obligations.

3. Data Retention

AI tool inputs: Not permanently stored. Processed in real-time and discarded after generation. We do not retain the text, images, or other content you submit to our tools.

Account data: Retained while your account is active and for 30 days after deletion.

Payment records: Retained as required by tax and financial regulations (typically 7 years).

Usage analytics: Anonymized and aggregated data retained for service improvement.

4. Data Sharing

We do not sell your personal data. We may share data with: payment processors (Razorpay, Stripe) for transaction processing; AI service providers (fal.ai, Replicate) for content generation — only the input prompt is sent, no personal data; advertising partners (Google AdSense) for ad personalization — you can opt out; analytics services (PostHog) for anonymous usage analysis; law enforcement agencies when required by applicable law.

5. Your Rights

Under GDPR (EU users): Right to access, rectify, erase, restrict processing, data portability, and object to processing.

Under India DPDP Act 2023 and IT Act 2000: Right to access, correct, and erase personal data. Right to grievance redressal. Right to nominate a representative.

To exercise any of these rights, contact us at privacy@nexgenai.studio. We will respond within 30 days.

6. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

7. Data Security

We implement industry-standard security measures including: encryption of data in transit (TLS/SSL) and at rest; row-level security on our database ensuring data isolation; PCI-DSS Level 1 compliance for payment processing (via Razorpay/Stripe); regular security assessments and monitoring; access controls and authentication for all systems.

8. International Data Transfers

Your data may be processed in countries outside your country of residence, including India and the United States. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated revision date.

10. Data Protection Officer

For privacy-related inquiries or to exercise your data rights, contact our Data Protection Officer at privacy@nexgenai.studio.