Privacy Policy

1. Introduction

TechRadar LTD (Company Number: 16446173) ("we", "our", "us") operates PhotoLabs. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

• Email address (for account creation and communication)
• Name (optional, for personalization)
• Payment information (processed securely by Stripe)
• IP address and device information

2.2 Usage Data

• Images you upload for processing
• Service usage statistics (credits used, features accessed)
• Browser type, operating system, and access times
• Pages visited and actions taken within the Service

2.3 Cookies and Tracking

We use essential cookies for authentication and service functionality. See our Cookie Policy for details.

3. How We Use Your Information

• To provide and maintain the Service
• To process your images using AI models
• To manage your account and subscription
• To process payments and prevent fraud
• To send service-related communications
• To improve and optimize the Service
• To comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract Performance: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service and prevent fraud
• Legal Obligation: To comply with tax and financial regulations
• Consent: For non-essential cookies and marketing communications (where applicable)

5. Data Retention

• Uploaded Images: Stored for 7-30 days (depending on plan), then permanently deleted
• Account Data: Retained while your account is active
• Billing Records: Retained for 7 years for tax compliance
• Usage Logs: Retained for 90 days for security and debugging

6. Data Sharing and Third Parties

We share data only with:

• Stripe: For payment processing (PCI-DSS compliant)
• Supabase: For database and authentication (EU/UK servers)
• Replicate/AI Providers: For image processing (data deleted after processing)
• Legal Authorities: When required by law

We do not sell your personal data to third parties.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us through the Settings page or our support form.

8. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication via Supabase
• Regular security audits and updates
• Access controls and monitoring
• Automatic data deletion after retention periods

9. International Data Transfers

Your data is primarily stored on servers in the EU/UK. When data is transferred outside the EEA, we ensure adequate safeguards are in place through Standard Contractual Clauses or equivalent mechanisms.

10. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

12. Contact Us & Data Protection Officer

For privacy-related questions or to exercise your rights, contact us through our support form.