Data Processing Overview
1. Data Flow
- The user (or Customer's user) submits an image via the web interface or API.
- The image is forwarded to our analysis service for AI processing.
- Analysis results are returned to the generation pipeline.
- The original image is deleted from the processing pipeline immediately.
- A styled PDF report is generated and stored in object storage.
- The PDF is delivered to the user (and, for API integrations, optionally to a webhook endpoint configured by the Customer).
- After the applicable retention period, the PDF is deleted from storage and the analysis-metadata row is removed.
2. Storage Posture
- Original images: not stored at rest. Held in memory and on temporary processing buffers only for the duration of the analysis.
- Preview thumbnails: a small thumbnail of the analyzed image is generated for display in the user's dashboard. Stored on application disk and deleted together with the analysis row.
- PDF reports: stored in cloud object storage (Cloudflare R2, EU jurisdictional restriction). Deleted automatically at end of retention or on user request.
- Analysis metadata: stored in our application database. Lifetime tied to PDF retention.
- Account, billing, and audit data: stored in our application database with retention as described in the Privacy Policy.
3. Categories of Data
| Category | Examples | Source |
|---|---|---|
| Identification | Email, password hash, optional display name | Provided at registration |
| Submitted content | Images uploaded for analysis | Uploaded by the user / Customer |
| Generated content | PDF reports | Generated by the Service from submitted content |
| Operational metadata | Task identifiers, timestamps, status, error codes, image-processing timing | Generated by the Service |
| Billing data | Credit purchases, balance ledger, invoice references, payment-method references (no card numbers) | Generated as a result of customer transactions |
| Audit data | Master Terms of Service acceptance records (timestamp, version, IP), significant account events | Generated by the Service |
| Connectivity data | IP address, user-agent for security and rate-limiting | HTTP request |
4. Data Subjects
- Account holders — individuals or business representatives with an account on the Service.
- End users of business customers — for Agency Tool and API customers, individuals on whose behalf the Customer uses the Service.
- Persons depicted in submitted images, where these are different from the uploader. The uploader is responsible for obtaining and documenting consent from depicted persons.
5. We Do Not Identify Depicted Persons
Our analysis describes the visible content of submitted images. It does not perform facial recognition, biometric matching, or any other technique designed to identify the persons depicted. We do not link analyzed content to any external database of identifiable persons. Generated PDF reports do not contain biometric features or persistent identifiers of subjects, and are not designed to enable re-identification.
Note that account holders themselves are identifiable to us (we know their email and login activity) — but the depicted subjects are not.
6. We Do Not Use Content for Training, Profiling, or Advertising
These commitments are central to how we operate, not optional opt-outs:
- Submitted content is not added to any AI training dataset.
- Usage activity is not analyzed to build behavioral or interest profiles.
- Personal data is not sold or shared for cross-context behavioral advertising.
- Data is not combined across accounts for any purpose other than aggregate operational metrics that contain no personal data.
- The Service displays no advertising and integrates no ad networks.
7. Retention Summary
| Data | Retention |
|---|---|
| Original submitted images | Transient — not retained at rest |
| Preview thumbnails | Together with the analysis-metadata row |
| PDF reports — Model One-time package | 7 days |
| PDF reports — Model Starter Branding Pack | 14 days |
| PDF reports — Agency Tool | 30 days |
| PDF reports — API | Per customer agreement |
| Analysis metadata (success) | Together with the PDF |
| Analysis metadata (failed / expired) | 24 hours |
| Audit logs | Up to 12 months |
| Billing records | Up to 7 years; non-identifying after account hard-deletion |
| API call logs | Tied to entitlement (lot expiry or contract end) plus 30 days grace |
| Webhook delivery logs | 30 days |
| Inactive API keys | Auto-deleted after 90 days of inactivity |
| Operational orchestration data (full) | 7 days |
| Operational orchestration data (aggregated counts only) | Indefinitely (no personal data) |
| Internal alerts | 90 days |
8. User-Initiated Deletion
Users may delete a specific analysis at any time before its automatic expiration via the "Recent Analyses" view in their dashboard. Deletion removes the PDF from object storage, the preview thumbnail, the analysis-metadata row, and any associated webhook delivery logs. Financial records (credit reservations, purchase records) are retained as billing records and are not affected.
Account-level deletion is handled per the Privacy Policy: a 30-day grace period followed by hard-deletion of personally identifying account fields, with billing records retained on a non-identifying basis as required by law.
9. Sub-processing
We use cloud infrastructure providers and selected operational tools as subprocessors. The current list with regions and functions is published at /legal/subprocessors.
10. Jurisdiction
The Service is operated by [YOUR CYPRUS LTD LEGAL NAME], a private company limited by shares organized under the laws of the Republic of Cyprus. Processing is performed primarily within the European Union, with subprocessor regions noted at /legal/subprocessors.