ShotAI LogoShotAI

Privacy Policy

ShotAI respects and protects the privacy of all users. This page outlines how we collect, use, and store data. When deploying to production, adapt the copy to match your local legal requirements (GDPR, CCPA, etc.).

1. Information we collect

  • Account details: registered email and Supabase user ID.
  • Generation logs: prompts, selected models, Cloudflare R2 object keys, and failure reasons.
  • Billing records: subscription and top-up orders, credit changes, and Creem.io transaction IDs.
  • Log data: optional server-side telemetry such as request timestamps or IP addresses for debugging (disabled by default).

2. How we use the data

  • Authenticate users and bill credits accurately, including refunds.
  • Surface generation history and shareable links for users to revisit work.
  • Monitor abuse and protect the platform (rate limiting, anomaly detection).
  • Send billing receipts or service announcements if email notifications are enabled.

3. Where data is stored

Account and billing data lives in Supabase Postgres. Image assets are stored in Cloudflare R2 (you can mount a custom domain). Configure Supabase projects and Cloudflare accounts in the regions that align with your local regulations.

4. Sharing with third parties

We only share prompts and optional reference images with third-party model APIs to complete a generation. We never pass user emails or billing details to those providers. Personal information is not sold or disclosed except when required by law.

5. Retention and deletion

Users can request account and generation history deletion via support (for example, [email protected]). After deletion the remaining credit balance is wiped and cannot be restored.

6. Contact

Questions about this policy? Email [email protected].