Privacy Policy

Last updated: June 12, 2026

This policy explains what data Photolaria ("we", "us") collects, why, who we share it with, and the controls you have. The short version: your galleries are private on every plan, Photolaria never uses your photos to train AI models, and you can delete your data yourself at any time.

Questions or requests: [email protected].

1. What we collect

You provide:

  • Email address – used for login codes, receipts, and service messages.
  • Photos – the photos you upload and the photos you create (edited or generated).
  • Payment – handled entirely by Stripe, our payment processor. We never see or store your card number; we keep only a reference to your Stripe customer record and your subscription/credit status.

Collected automatically:

  • Session cookies – a guest session cookie before login and a user session cookie after login. These are functional cookies that keep you signed in; we do not use advertising or cross-site tracking cookies.
  • Basic usage and log data – IP address, browser type, pages requested, and timestamps, kept in standard server logs for security and debugging.

2. How we use your data

  • To provide the service: run your generation jobs, show your gallery, manage your credits and subscription.
  • To communicate with you: login codes, receipts, and important service announcements.
  • To keep the service secure: abuse prevention, rate limiting, and enforcement of our Acceptable Use Policy.

We do not sell your personal data. Photolaria never uses your photos to train AI models. Your photos are sent to our AI providers solely to generate the results you asked for; we choose providers and configurations intended to keep your content out of model training. Their handling of content is governed by their own terms – we hold them to that, but we cannot audit third-party infrastructure ourselves.

3. Privacy of your photos

  • Galleries are private by default on every plan, including free usage. Only you can browse your gallery.
  • We do not publish, showcase, or share your uploaded or generated photos.
  • During generation, working copies of your photos pass through our AI providers' infrastructure at unlisted, unguessable addresses used to move files between systems. They are never published, listed, or indexed, are not part of your gallery, and are automatically deleted from the provider's systems within a few days.

4. Who we share data with

We share data only with the processors needed to run the service, and only what each one needs:

  • Stripe – payment processing and billing. Stripe receives your email and payment details under its own privacy policy.
  • Resend – sends our transactional emails (login codes, receipts) to your email address.
  • AI inference providers – your photos and prompts are sent to specialized AI infrastructure providers that route requests to the image models powering Photolaria (currently models from Google and OpenAI), solely to process your request. Under their terms, these providers may process your content only to operate and improve their services; they may not sell or publish it. See section 2 for what this means for AI training.

Beyond that, we disclose data only if required by law, or to protect the rights, safety, or property of our users or the service.

5. Deleting your data

You are in control, self-serve, on every plan including free:

  • Delete individual photos – the trash icon on any photo moves it to the Bin; emptying the Bin (or 30 days passing) removes it for good.
  • Delete my data – the "Delete my data" link in the editor's Bin tab (or your profile, if you have an account) permanently wipes all your photos and generation history at once. This works for free sessions without an account too.
  • Delete account – available in your profile; cancels any subscription and removes your account and associated data.

Deleted content is removed from live systems immediately and purged from short-lived backups on their rotation schedule. Billing records that we are legally required to keep (invoices, tax records) are retained for the statutory period.

6. Retention

  • Members (anyone with an account, including former subscribers): your photos and account data are kept until you delete them or your account.
  • Guest sessions (free usage without an account): photos are stored for 7 days, then automatically deleted. You can delete them earlier yourself at any time.
  • Server logs are kept for a short rolling window; legally required billing records for the statutory retention period.

7. Your rights

Wherever you live, we extend you the same baseline rights – and if you are in the EEA, UK, Switzerland, or California, these are backed by GDPR/CCPA:

  • Access – ask what personal data we hold about you.
  • Correction – fix inaccurate data.
  • Erasure – use the self-serve deletion tools above, or email us.
  • Portability – receive your data in a usable format.
  • Objection / withdrawal of consent – where processing is based on consent.
  • Likeness removal – if your likeness is being used on Photolaria without your consent (whether or not you have an account), email [email protected] with enough information to identify you and, if possible, the content. We will investigate, and where the claim checks out we will remove the content and the source photos. We treat these requests with priority.
  • Complaint – you may lodge a complaint with your supervisory authority; we'd appreciate the chance to resolve it first at [email protected].

We will never discriminate against you for exercising your privacy rights. We do not "sell" personal information as defined by the CCPA.

8. Security

Traffic is encrypted with HTTPS. Payment data is handled by Stripe, a PCI DSS Level 1 certified processor. Access to production data is restricted. If a breach affects your personal data, we will notify you so you can take protective steps.

9. Children

Photolaria is for adults (18+). We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

10. Changes

We may update this policy; the "Last updated" date reflects the current version. Material changes will be announced on the site before they take effect.

11. Contact

[email protected]