Privacy Policy

Last Updated: January 2025

1. Introduction

AI Stilo ("we", "our", "us") respects your privacy. This policy explains how we collect, use, and protect your personal data in compliance with GDPR and applicable privacy laws.

2. Data Controller

AI Stilo
Email: privacy@aistilo.com

3. Information We Collect

3.1 Account Information

  • Name, email address (via Supabase authentication)
  • Profile picture (optional)
  • Social login data (Google, GitHub, etc.)

3.2 Usage Data

  • AI generation prompts and artwork metadata
  • Purchase history and Stilo Coin transactions
  • Marketplace activity (views, bids, sales)
  • Gamification data (XP, badges, levels)

3.3 Technical Data

  • IP address, browser type, device information
  • Cookies and analytics (via Vercel Analytics)
  • Error logs and performance metrics

3.4 Payment Information

  • Processed by Stripe (we do not store card details)
  • Billing address and transaction history

4. How We Use Your Data

  • Service Delivery: Account management, AI generation, marketplace transactions
  • Payment Processing: Subscriptions, coin purchases, creator payouts
  • Content Moderation: NSFW detection via OpenAI (images analyzed, not stored)
  • Communication: Service updates, promotional emails (opt-out available)
  • Analytics: Platform improvement and user behavior analysis
  • Legal Compliance: Fraud prevention, terms enforcement

5. Legal Basis for Processing (GDPR)

  • Contract Performance: Account and marketplace services
  • Legitimate Interest: Platform security, analytics
  • Consent: Marketing emails, optional cookies
  • Legal Obligation: Tax compliance, fraud prevention

6. Data Sharing & Third Parties

We share data with:

  • Supabase: Authentication and database services
  • Leonardo.ai: AI image generation (prompts only)
  • OpenAI: Content moderation (temporary image analysis)
  • Stripe: Payment processing
  • Vercel: Hosting and analytics

We do not sell your data to third parties.

7. Data Retention

  • Account Data: Retained while account is active + 30 days after deletion
  • Artwork: Stored indefinitely (public marketplace content)
  • Transaction History: 7 years (tax compliance)
  • Logs: 90 days

8. Your Rights (GDPR)

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate information
  • Erasure: Delete your account (artwork may remain public)
  • Portability: Export your data in JSON format
  • Objection: Opt-out of marketing emails
  • Restriction: Limit processing in certain cases

To exercise rights, email: privacy@aistilo.com

9. Cookies & Tracking

We use:

  • Essential Cookies: Supabase authentication, session management
  • Analytics Cookies: Vercel Analytics (anonymized)
  • Preference Cookies: Language, theme settings

Manage preferences via our cookie banner.

10. Data Security

We implement industry-standard security measures:

  • HTTPS encryption for all data transmission
  • Secure authentication via Supabase with Row Level Security
  • Regular security audits
  • Access controls and monitoring

11. International Transfers

Data may be processed in the US/EU via our service providers. We ensure adequate safeguards (Standard Contractual Clauses) for GDPR compliance.

12. Children's Privacy

AI Stilo is not intended for users under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this policy. Changes will be posted here with an updated date.

14. Contact & Complaints

Privacy Questions: privacy@aistilo.com

GDPR Complaints: You have the right to lodge a complaint with your local data protection authority.