Privacy Policy

At ImageGen By ArtisticMonk (“we”, “us”, or “our”), we value your privacy. This Privacy Policy explains what personal data we collect, how we use it, how we share it, and the choices you have. By using our Services (web, mobile, API), you agree to the terms in this policy.

Scope & Definitions

Services — The ImageGen platform, APIs, web and mobile interfaces, and any associated tools. Input — text prompts, uploaded images, or other data you submit to create AI Outputs. Output — images and other artifacts generated by the Services. Account Data — registration and profile details.

1. Information We Collect

• Account information: name (optional), email, password (hashed), profile settings and billing information if you subscribe to paid features.
• Inputs & Outputs: prompts, uploaded images, seed/settings and generated Outputs. These are necessary to provide generation features and may be stored as described below.
• Usage data: IP address, device/browser metadata, timestamps, activity logs (what features you used), and performance/telemetry data.
• Cookies & tracking: cookies, local storage, and analytics identifiers used for login, preferences, and analytics.
• Third-party data: information from services you connect (for example social login) when you choose to integrate them.

2. How We Use Your Information

• To operate the Service and provide Outputs based on your Inputs.
• To authenticate accounts, manage billing, and communicate updates, receipts, and support messages.
• To detect and prevent fraud, abuse, and security incidents.
• For analytics and product improvement to make the Services faster, safer, and more useful.
• For research and model improvement — see the Model Training & Opt-Out section below.

3. Model Training & Opt-Out

We may use anonymized and aggregated Inputs and Outputs to improve our machine learning models and services. We make reasonable efforts to remove personal identifiers before using data for model training.

Opt-out: If you prefer that your Inputs/Outputs not be used for model improvement, you can opt out in one of two ways:

1. Go to Account → Privacy and toggle “Opt out of model improvement” (if available), or
2. Email [email protected] with subject line Model Training Opt-Out and include your account email.

Note: opting out does not affect our ability to use anonymized operational logs for debugging and security; it only prevents your Inputs/Outputs from being used for model training and research where feasible.

4. Sharing & Disclosure

We do not sell personal information. We may share information in limited circumstances:

• With service providers (hosting, payment processors, analytics) who process data on our behalf under contract.
• With law enforcement, regulators, or other third parties when required by law or to protect rights, safety, or property.
• With your consent, or when you choose to share Outputs publicly (for example via “share” or publish features).
• In connection with a corporate transaction (merger, acquisition, asset sale) — we will require the buyer to honor this Privacy Policy or notify you of changes.

5. Cookies, Analytics, and Tracking

We use cookies and similar technologies for authentication, preferences, security, and analytics. You can control cookie settings in your browser. See our Cookie Policy for details and opt-out instructions for analytics providers.

6. Data Retention

We keep your account and related data for as long as your account exists and as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Specific examples:

• Account information and billing records: retained for the period required for accounting and tax purposes.
• Inputs/Outputs: retained for operational needs (e.g., to re-generate, reproduce, or troubleshoot) — ranges vary by storage tier; users may request deletion (see below).
• Anonymized/aggregated data used for research and analytics may be kept indefinitely.

When you request deletion we will delete or anonymize personal data in active systems where feasible, but residual copies may remain in backups for a limited period as per our backup policy.

7. Your Rights & How to Exercise Them

Depending on your jurisdiction, you may have rights including access, correction, deletion, portability, and to object to or restrict processing. To exercise these rights:

1. Visit Account → Data (if available) to download or delete your data.
2. Or send an email to [email protected] with the subject line Privacy Request, describing your request and the account email. Include enough information to verify your identity.

We will respond to verifiable requests in accordance with applicable law. In many jurisdictions we aim to respond within 30 days; complex requests may require more time and we will notify you if additional time is needed.

8. Data Portability & Deletion

You can request an export of your account data, prompts, and Outputs where technically feasible. After deletion, you will not be able to recover that data. Some aggregated or anonymized data used for metrics and research will not be reversible.

9. Security

We use reasonable administrative, technical, and organizational measures to protect personal data. Examples include encrypted storage for sensitive data, TLS for data in transit, and routine access controls. No system is perfect — if we become aware of a data breach that creates a real risk of harm, we will notify affected users and regulators as required by law.

10. Third-Party Services & Links

The Services may integrate with or link to third-party services (payment processors, social login, analytics). Those services have their own privacy policies — we encourage you to read them. We are not responsible for third-party practices.

11. Children & Minors (India — 18 years)

Our Services are not intended for persons under 18 years of age. Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we are required to obtain verifiable parental/guardian consent before processing the personal data of children (persons under 18). We do not knowingly collect personal data from minors. If you believe we have collected data from a person under 18, contact us immediately at [email protected] and we will delete it promptly. We do not process children's data for targeted advertising or tracking.

11A. Digital Personal Data Protection Act, 2023 (DPDP Act)

ImageGen By ArtisticMonk operates as a Data Fiduciary under the DPDP Act, 2023. As a Data Principal (user), you have the following rights:

• Right to Access: Obtain a summary of personal data we process and the purposes thereof.
• Right to Correction & Erasure: Request correction of inaccurate personal data or erasure of data no longer necessary for the stated purpose.
• Right to Grievance Redressal: File a complaint with our Grievance Officer (see below). If unresolved, you may escalate to the Data Protection Board of India.
• Right to Nominate: Nominate another individual to exercise your data rights in the event of death or incapacity.
• Right to Withdraw Consent: Withdraw consent for processing at any time; withdrawal does not affect lawfulness of prior processing.

To exercise any of these rights, contact our Grievance Officer at [email protected]. We will respond within 30 days as required under the Act.

Consent Records: We record when and how consent was obtained. You may review or withdraw your consent at any time via Account → Privacy Settings or by contacting us.

11B. IT (SPDI) Rules 2011 & IT Act 2000

In accordance with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we treat the following as Sensitive Personal Data or Information (SPDI): passwords, financial information, and any biometric data you may provide. We maintain IS/ISO/IEC 27001-aligned security practices and will notify affected users and authorities in the event of a data breach that creates risk of harm, as required by applicable law.

12. Data Localisation & International Transfers

Primary processing occurs on servers located in India. Certain service providers (e.g., Stripe for payments, Groq for AI prompt enhancement) may process data outside India. We rely on appropriate contractual and legal safeguards for such transfers in compliance with DPDP Act provisions on cross-border data transfer.

13. Changes to this Policy

We may update this policy from time to time. If we make material changes we will notify you by email or in-app notice at least 7 days before the change takes effect. Continued use after notice constitutes acceptance of the updated policy.

14. Grievance Officer & Contact

As required under Rule 5(9) of the IT (Intermediary Guidelines) Rules, 2021 and the DPDP Act, 2023, we have designated a Grievance Officer:

• Name: Rajan (ArtisticMonk)
• Designation: Grievance Officer / Data Protection Contact
• Email: [email protected]
• Address: ArtisticMonk, Mumbai, Maharashtra, India
• Response time: Acknowledgement within 24 hours · Resolution within 30 days (15 days for CSAM/minors-related complaints)

For general privacy questions: [email protected]

15. Plain-Language FAQ

Q: Do I own the images I generate?

A: Yes — you generally keep the rights to the Inputs you submit and the Outputs you generate, subject to applicable law and any third-party model license. For clarity on copyright or registration in your country, consult legal counsel.

Q: Will my prompts or images be used to train your AI?

A: By default, anonymized Inputs and Outputs may be used to improve models. You may opt out via Account → Privacy or by emailing [email protected].

Q: How can I delete my data?

A: Request deletion via Account → Data or email [email protected] with the subject Privacy Request. We will verify your identity and proceed as required by law.

Last updated: January 31, 2026