গোপনীয়তা নীতি

1. Introduction

Yiluna AI Studio ("Yiluna", "we", "us") operates an AI-assisted creative platform for image generation, editing, video drafting, and related tools (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, create an account, purchase a subscription, or use the Service.

By using the Service, you acknowledge this Privacy Policy. If you do not agree, please do not use the Service.

2. Information we collect

We may collect the following categories of information:

• Account data: name, email address, authentication provider identifiers, profile image, and account preferences.
• Billing data: subscription plan, payment status, Creem customer identifiers, and transaction references processed by our payment partner. We do not store full payment card numbers on our servers.
• Usage data: prompts, generation settings, credits consumed, job history, favorites, device/browser type, IP address, timestamps, and diagnostic logs needed to operate and secure the Service.
• Uploaded content: reference images, source photos, and other files you submit for generation or editing, processed to deliver the requested output.
• Communications: messages you send to support and records of password-reset or account-security requests.

3. How we use information

We use personal information to:

• Provide, maintain, and improve the Service, including queueing jobs, displaying history, and managing credits.
• Authenticate users, prevent fraud and abuse, and enforce our Terms of Service.
• Process subscriptions and payments through Creem and related payment infrastructure.
• Send transactional messages such as receipts, security alerts, and password-reset links.
• Comply with law, respond to lawful requests, and protect the rights and safety of users and the public.
• Analyze aggregated, de-identified usage to improve product quality and reliability.

4. AI processing and third parties

To generate or transform content, we may transmit prompts, settings, and uploaded media to infrastructure providers, content-safety services, and model vendors acting as processors on our behalf. These providers are permitted to use your content only to perform the requested operation, screen for prohibited content, secure the Service, and comply with their terms and our contractual safeguards where available.

We use third-party services for authentication (including Google sign-in where enabled), email delivery, hosting, analytics, content moderation, and payments (Creem). Each provider receives only the data necessary for its function.

5. Guest sessions and local storage

If you use the Service without signing in, certain results and preferences may be stored locally in your browser or in temporary session storage. Guest history is not synced across devices and may be deleted when you clear browser data or after a reasonable retention period on our systems.

Signing in associates eligible history, credits, and billing state with your account.

6. Retention

We retain account and billing records for as long as your account is active and as required for tax, accounting, dispute resolution, and legal compliance. Generation history may be retained according to your plan and product settings; you may delete individual items where the feature is available.

We may retain limited logs and security records for a longer period when necessary to investigate abuse or satisfy legal obligations.

7. Your rights and choices

Depending on your location, you may have rights to:

• Access, correct, or delete personal information associated with your account.
• Export certain account or history data where export features are provided.
• Object to or restrict certain processing, or withdraw consent where processing is consent-based.
• Lodge a complaint with a supervisory authority.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure; you use the Service at your own risk and should protect your credentials.

9. Children

The Service is not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

10. International users

If you access the Service from outside the country where our infrastructure is hosted, your information may be transferred to and processed in other countries with different data-protection laws. Where required, we rely on appropriate safeguards for such transfers.

11. Changes

We may update this Privacy Policy from time to time. We will post the revised version with an updated date. Material changes may be communicated by email or in-product notice where appropriate. Continued use after the effective date constitutes acceptance of the revised policy.

12. Contact

Privacy and legal inquiries: [email protected]