Privacy Policy | ChromaPeel powered by Nano Banana Pro

1. Introduction

Welcome to Chromapeel's Privacy Policy. This document explains how we collect, use, store, protect, and share your personal information when you use our AI-powered image generation services at chromapeel.com (the "Service").

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us

Account Information

When you create an account via third-party login services (e.g., Google, GitHub, or other identity providers we may offer), we may receive and store, depending on the service and your authorization:

Display name (e.g., profile name or nickname)
Email address
Profile avatar (if available)
Unique user identifier from the third-party service (used to identify your account within ChromaPeel)

We do not receive your password from these third-party services; authentication is handled independently by the provider.

Payment Information: When you subscribe to a paid plan, our payment processor (Creem) collects:

Credit card or payment method details
Billing address
Transaction history

Note: We do not directly store your complete payment card information. Payment processing is handled securely by Creem.

Communication Information: When you contact us for support, we collect:

Email content
Support ticket information
Any information you choose to provide in your communications

2.2 Information We Collect Automatically

Usage Data:

Pages visited on our website
Features used
Time spent on pages
Images generated and prompts submitted
Credits consumed
Login timestamps and frequency

Device and Technical Information:

IP address
Browser type and version
Operating system
Device identifiers
Referring website URLs
Language preferences

Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

To create and manage your account
To process your subscription and payments
To provide image generation services
To deliver customer support
To send transactional emails (account notifications, receipts, service updates)

3.2 Service Improvement

To analyze usage patterns and improve our Service
To develop new features and functionality
To troubleshoot technical issues
To monitor and ensure the security of our Service

3.3 Communication

To respond to your inquiries and support requests
To send important service announcements
To deliver our newsletter (we may add you to the mailing list at signup; you can unsubscribe at any time)
To notify you of changes to our Terms of Service or Privacy Policy

3.4 Legal and Safety

To comply with legal obligations
To enforce our Terms of Service
To protect our rights, property, and safety
To prevent fraud, abuse, and prohibited activities
To respond to law enforcement requests

4. AI-Generated Images and Prompts

4.1 Image Storage

Free Plan Users: Storage is time-limited; we may only retain these images for a short period and reserve the right to delete them at any time without notice.

Paid Plan Users: We make reasonable efforts to retain your generated images during your active subscription period, but we do not guarantee permanent storage.

Your Responsibility: You should download and back up any images you wish to keep permanently.

4.2 Prompts and Metadata

We collect and store:

Text prompts you submit
Generation parameters (model selection, resolution, etc.)
Metadata about generations (timestamp, credit usage, success/failure status)

4.3 Model Training

Current Policy: We do not currently use your prompts or generated images to train or improve our AI models.

Future Changes: If we decide to use user data for model improvement in the future, we will:

Provide advance notice to all users
Implement anonymization and de-identification measures
Offer an opt-in or opt-out mechanism
Update this Privacy Policy accordingly

4.4 Content Moderation

We may review generated images and prompts (manually or through automated systems) to:

Enforce our Terms of Service and content policies
Detect and prevent prohibited content generation
Improve content moderation systems
Comply with legal obligations

5. Third-Party Services

Our Service integrates with the following third-party services. Each service has its own privacy policy governing how they collect and process your data:

5.1 Creem (Payment Processing)

Purpose: Process subscription payments and manage billing
Data Shared: Name, email, payment information, transaction history
Privacy Policy: https://www.creem.io/privacy

5.2 Google OAuth (Authentication)

Purpose: Allow you to sign in using your Google account
Data Shared: Name, email, profile picture, unique Google ID
Privacy Policy: https://policies.google.com/privacy

5.3 Resend (Email Delivery)

Purpose: Send transactional emails and newsletters
Data Shared: Email address, name, email content
Privacy Policy: https://resend.com/legal/privacy-policy

5.4 Cloudflare R2 (Image Storage)

Purpose: Store and deliver generated images
Data Shared: Generated images, user IDs (for access control)
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Note: All stored objects and metadata are encrypted at rest

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your personal information in the following circumstances:

Service Providers: We share data with trusted third-party service providers who help us operate our Service (payment processing, email delivery, hosting, analytics). These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements: We may disclose your information if required to do so by law or in response to:

Valid legal process (subpoena, court order, etc.)
Law enforcement or government requests
Protection of our legal rights or property
Investigation of fraud, security issues, or Terms violations

Business Transfers: If Chromapeel is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With Your Consent: We may share your information for other purposes with your explicit consent.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit (HTTPS/TLS)
Encryption of sensitive data at rest
Secure authentication and session management
Regular security assessments and updates
Access controls and employee training
Secure backup and disaster recovery procedures

7.2 Limitations

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use our Service at your own risk.

If we become aware of a data breach that affects your personal information, we will:

Notify you via email within a reasonable timeframe
Describe the nature of the breach
Provide information about steps we are taking to address the issue
Offer guidance on steps you can take to protect yourself

8. Data Retention and Deletion

8.1 How Long We Keep Your Data

We retain your personal information for as long as necessary to:

Provide our Service to you
Comply with legal obligations
Resolve disputes
Enforce our agreements

Specific retention periods:

Account Data: Retained while your account is active
Generated Images: Retained according to your plan (short-term for Free, during subscription for Paid)

8.2 Account Deletion

When you delete your account (or we terminate it):

We will delete your personal information and generated images within a reasonable timeframe (typically no more than 30 days)
Some information may be retained in backups for a limited time
We may retain anonymized or aggregated data for analytics
Certain records may be retained as required by law (e.g., transaction records for tax purposes)

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 Access and Correction

You have the right to:

Access your personal information
Update or correct inaccurate information
Request a copy of your data

You can access and update most of your information through your account settings.

9.2 Deletion (Right to be Forgotten)

You have the right to request deletion of your personal information. You can:

Delete your account through your account settings
Contact us at [email protected] to request account deletion

Please note that we may retain certain information as required by law or for legitimate business purposes.

9.3 Opt-Out of Marketing

You have the right to opt-out of marketing communications. You can:

Click the "unsubscribe" link in any marketing email
Update your email preferences in your account settings
Contact us at [email protected]

Please note that you cannot opt-out of transactional emails (account notifications, receipts, security alerts).

9.4 Data Portability

You have the right to request a copy of your personal information in a portable format. Contact us at [email protected] to make such a request.

Where we process your personal information based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

9.6 Lodge a Complaint

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with a supervisory authority in your jurisdiction.

10. International Data Transfers

Our Service operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

11. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are between 13 and 18 years old (or the age of legal majority in your jurisdiction), you must have parental or guardian consent to use our Service.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

12.1 Automatic Subscription

When you create an account, you are automatically subscribed to our newsletter to receive updates, tips, and announcements about our Service.

12.2 Unsubscribe

You may unsubscribe from our newsletter at any time by:

Clicking the "unsubscribe" link in any newsletter email
Updating your email preferences in your account settings
Contacting us at [email protected]

12.3 Transactional Emails

Even if you unsubscribe from our newsletter, you will still receive important transactional emails, including:

Account verification and password reset emails
Subscription confirmations and receipts
Service announcements and security alerts
Customer support responses

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. For detailed information about:

What cookies we use
Why we use them
How to control cookie preferences

Please see our dedicated Cookie Policy.

14. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our Service does not currently respond to DNT signals, as there is no consistent industry standard for how to respond to such signals.

15. California Privacy Rights (CCPA)

If you are a California resident, you have the same rights outlined in Section 9 ("Your Privacy Rights") and may also lodge a complaint with your local regulator. To exercise your rights, contact [email protected]; we may need to verify your identity.

If you are located in the European Economic Area (EEA), you have the same rights summarized in Section 9 (access, correction, deletion, portability, objection, consent withdrawal) and may complain to your local supervisory authority. For GDPR-related inquiries, contact [email protected]. We do not currently have a dedicated DPO but remain committed to compliance.

17. Changes to This Privacy Policy

17.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our practices
Changes in applicable laws
New features or services
User feedback

17.2 Notification

When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the bottom of this page
Provide notice through email or a prominent notice on our Service when reasonably feasible

17.3 Your Acceptance

Your continued use of our Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using our Service and delete your account.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected] Website: chromapeel.com

For specific data rights requests (access, deletion, correction), please include:

Your full name
Email address associated with your account
Detailed description of your request
Any information that helps us verify your identity

We will respond to your request within a reasonable timeframe, typically within 30 days.

Last Updated: November 28, 2025

By using Chromapeel, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and sharing of your information as described herein.