Privacy Policy

We collect the following types of information:

• Account Information: When you sign in via Google OAuth, we receive your name, email address, and profile picture from your Google account.
• Uploaded Images: Reference images you upload to the Service for multi-angle generation.
• Generated Images: AI-generated multi-angle images produced by the Service based on your uploads.
• Usage Data: Information about how you interact with the Service, including pages visited, features used, generation requests, and session data.
• Payment Information: Billing details are processed and stored securely by Stripe. We do not directly store your credit card numbers.

We use the information we collect to:

• Provide, maintain, and improve the Service, including generating multi-angle images from your uploads.
• Process your transactions and manage your subscription.
• Send you service-related communications, including account confirmations, billing receipts, and important updates.
• Analyze usage patterns to improve performance, features, and user experience.
• Detect, prevent, and address technical issues, fraud, or abuse.
• Comply with legal obligations.

Your data is stored using the following services:

• Database: Account information, session data, and generation metadata are stored in Neon PostgreSQL, a serverless database platform.
• Image Storage: Uploaded and generated images are stored using Vercel Blob, a cloud storage service.
• Hosting:The Service is hosted on Vercel's cloud infrastructure.

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and secure access controls.

We share data with the following third-party services to operate the platform:

• Amplitude: Product analytics. Receives consent-gated usage events only; event properties never include your email, name, or password. The analytics SDK initializes only after you grant analytics consent.
• fal.ai: Avatar template image generation (Qwen Multi-Angle LoRA), receives reference image + prompt for the /generate/avatar flow only.
• Google Gemini API: Environment template image generation, receives reference image + prompt.
• Neon: PostgreSQL database (US region), stores account, session, and generation metadata.
• Resend: Transactional email delivery for account, billing, and product update communications.
• Sentry: Error monitoring and performance tracing; event payloads scrubbed of email/auth/cookie/prompt by the existing data-scrubber.
• Stripe:Payment processing; collects and stores billing details per Stripe's privacy policy.
• Upstash: Rate-limit and idempotency-key storage (Redis-compatible KV).
• Vercel: Hosting, edge, function execution, Web Analytics (Speed Insights only — no behavioral data).
• Vercel BotID: Bot detection for sign-up and rate-limited endpoints.

• Essential cookies (session, CSRF, impersonation flag) — set without consent (legitimate interest / contractual necessity).
• Analytics cookies — set only with consent; deny-by-default for EU/UK. We use Amplitude for product analytics, initialized only after you grant analytics consent.
• Consent state cookies (mg_consent, mg_consent_pp_v, mg_consent_locale) — first-party essential, set without consent (required to remember your consent decision).

You can change your analytics-cookies choice anytime from your account settings.

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable data protection laws:

• Access: Request a copy of the personal data we hold about you.
• Export: Request your data in a portable, machine-readable format.
• Deletion: Request deletion of your personal data and account.
• Correction: Request correction of inaccurate personal data.
• Objection: Object to certain processing of your data.

To exercise these rights, visit your account settings or contact us at privacy@multiangle.ai.