Last updated: April 29, 2026

Privacy Policy

This Privacy Policy explains how [YOUR LEGAL ENTITY NAME] ("IMAGEN," "we," "us," "our") collects, uses, shares, and protects information when you use imagegen.reetche.com and related services (the "Service").

By using the Service, you agree to the practices described in this policy.

⚠️ Legal review required before publishing. Sections marked [LAWYER] involve provisions where jurisdiction-specific rules (especially GDPR, CCPA/CPRA) need expert review.

1. Information We Collect

1.1 Information you provide directly

Account information: email address, password (hashed), and any optional profile details
Payment information: processed by Stripe; we do not store your full card number. We retain Stripe customer ID, last 4 digits, expiry, billing country, and transaction history.
Uploaded content: custom-trained LoRAs, checkpoints, reference images, and any other assets you upload
Generated content: images, videos, and other outputs created through the Service
Generation parameters: prompts, model selections, workflow choices, settings, and other inputs you provide
Communications: messages you send to us via support, email, or in-app channels

1.2 Information collected automatically

Usage data: features used, generations performed, credits consumed, session timestamps
Device data: browser type, operating system, IP address, device identifiers
Log data: server logs, error reports, performance data
Cookies and similar technologies: see §6

1.3 Information from third parties

Authentication providers: if you sign in via Google, GitHub, or similar, we receive your verified email and basic profile data
Payment processor: Stripe provides us with transaction confirmations and dispute notices

We do not purchase personal data from data brokers.

2. How We Use Information

We use collected information to:

Operate, maintain, and improve the Service
Process payments and manage credit balances
Authenticate users and secure accounts
Communicate with you about service updates, billing, and support
Generate AI outputs based on your inputs
Train and improve our models and workflows using anonymized, aggregated data
Detect, prevent, and respond to abuse, fraud, and Acceptable Use violations
Comply with legal obligations and enforce our Terms

[LAWYER] EU/UK users — confirm legal bases under GDPR Art. 6 for each use case.

3. Model Improvement and Training

This is the section that most users want to understand clearly, so here it is in plain language:

What we do:

We use anonymized, aggregated data derived from generations (such as generation parameters, embeddings, output quality metrics, and performance signals) to improve our service, our workflow library, and the underlying models we operate.

What we do not do:

We do not train foundation models on your raw uploaded LoRAs, checkpoints, or reference images
We do not include identifiable user inputs or outputs in publicly released model weights or datasets
We do not sell your inputs or outputs to third parties for model training
We do not use your generated outputs in our marketing materials without separately obtained, written consent

Your control:

You can delete your account at any time, which removes your data from active model-improvement pipelines
You can request data export and deletion as described in §8

[LAWYER] This section is the highest-risk language in the document. Confirm "anonymized, aggregated" framing meets the bar under applicable privacy laws. Some lawyers recommend an explicit opt-in checkbox at signup, especially for EU users.

4. How We Share Information

We share information only as described below.

4.1 Service providers

We use third-party services to operate IMAGEN. These providers process data on our behalf under contractual obligations:

Provider	Purpose	Data shared
Stripe	Payment processing	Email, billing details, transaction data
RunPod	GPU inference	Generation parameters, model files, transient inputs/outputs
Cloudflare (R2, CDN)	Storage and content delivery	Uploaded assets, generated outputs
AWS / [hosting provider]	Application hosting	Account data, logs
Postmark / [email]	Service emails	Email address, message content
PostHog / [analytics]	Product analytics	Anonymized usage data

[LAWYER] Replace bracketed providers with actual ones and confirm each has a current Data Processing Agreement (DPA). For EU users, confirm Standard Contractual Clauses are in place.

4.2 Legal requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we reasonably believe disclosure is necessary to:

Comply with legal obligations
Investigate or prevent fraud, abuse, or security threats
Protect the rights, safety, or property of users or the public
Investigate violations of our Terms

4.3 CSAM and serious harm

We are required by U.S. federal law to report any apparent child sexual abuse material (CSAM) we detect to the National Center for Missing & Exploited Children (NCMEC). We may also disclose information to law enforcement in cases involving credible threats of violence or other serious harm.

4.4 Business transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you by email and/or prominent notice in the Service before your information is transferred and becomes subject to a different privacy policy.

5. International Data Transfers

[LAWYER] Required language varies by user base. If you serve EU/UK users, confirm SCCs and UK IDTA are in place.

The Service operates from infrastructure based primarily in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your country.

For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent safeguards under UK GDPR. You may request a copy of our SCCs by emailing [email protected].

6. Cookies and Tracking

We use cookies and similar technologies for:

Essential cookies: authentication, session management, security (cannot be disabled)
Functional cookies: remembering preferences and settings
Analytics cookies: anonymized usage analysis (you can opt out)

We do not use third-party advertising cookies or behavioral tracking for marketing purposes. You can control cookies through your browser settings. Disabling essential cookies will prevent the Service from functioning.

7. Data Retention

We retain personal information for as long as your account is active, plus an additional period as required to:

Comply with legal, tax, and accounting obligations (typically 7 years for financial records)
Resolve disputes and enforce agreements
Maintain backups and security logs

When you delete your account:

Your account profile is deleted within 30 days
Uploaded assets and generated outputs are deleted within 90 days
Backups are purged on a rolling 90-day cycle
Anonymized derivative data already incorporated into model-improvement pipelines may persist; this data cannot be linked back to your identity

[LAWYER] Confirm retention periods align with applicable record-keeping rules and state-specific consumer privacy law deletion timelines.

8. Your Rights

8.1 All users

You may:

Access the personal data we hold about you
Correct inaccurate data via your account settings or by emailing [email protected]
Delete your account and associated data
Export your data in a portable format
Object to specific processing (e.g., model improvement) by contacting us

To exercise these rights, email [email protected]. We will respond within 30 days.

8.2 EU / UK / Swiss users (GDPR / UK GDPR)

In addition to the above, you have the right to:

Restrict processing in certain circumstances
Withdraw consent where processing is based on consent
Lodge a complaint with your local data protection authority

8.3 California users (CCPA / CPRA)

You have the right to:

Know what categories of personal information we collect, use, and disclose
Request deletion of personal information we have collected
Opt out of any "sale" or "sharing" of personal information (we do not sell or share personal information as defined under CCPA)
Limit use of sensitive personal information
Non-discrimination for exercising these rights

We do not sell personal information.

[LAWYER] Confirm CCPA disclosures are complete, including "Notice at Collection" and any required do-not-sell links.

8.4 Other US states

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other states with comprehensive privacy laws have rights similar to those described in §8.2. Email [email protected] to exercise these rights.

[LAWYER] State privacy law landscape changes quickly. Confirm coverage for states relevant to your user base.

9. Security

We implement reasonable technical and organizational measures to protect your information, including:

TLS encryption for data in transit
Encryption at rest for sensitive data
Access controls and audit logging
Regular security reviews

No system is perfectly secure. If we learn of a security incident affecting your data, we will notify you and any required regulators in accordance with applicable law.

10. Children

The Service is for users 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us with information, contact [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or in-app notice. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

For privacy questions, requests, or complaints:

Email: [email protected]

Postal: [YOUR LEGAL ENTITY NAME], [YOUR ADDRESS]

[LAWYER] If you serve EU users at scale, you may need to designate an EU representative under GDPR Art. 27. Confirm whether your projected EU user base triggers this requirement.