Privacy Policy

1. Introduction

Produfoto ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our image processing service at produfoto.com (the "Service"). We are based in the European Union and comply with the General Data Protection Regulation (GDPR).

2. Data Controller

3. Information We Collect

3.1 Information You Provide

• Account Information: Username, email address, and password when you create an account
• Payment Information: Billing details processed through our payment provider (Stripe)
• Uploaded Content: Product images and any associated metadata you upload for processing
• Communications: Messages you send us via email or support channels
• Business and Prospect Information: Company name, role, business email address, public website information, outreach status, and sales conversation notes when we contact or speak with potential business customers

3.2 Automatically Collected Information

• Usage Data: Job processing history, credit usage, and service interaction logs
• Technical Data: IP address, browser type, device information, and access times
• Essential Cookies: Authentication tokens and session management (no tracking or analytics cookies)
• Local Storage: Theme preferences stored locally on your device
• Cookieless Analytics: Page visits, referrer, UTM parameters, and scroll depth collected server-side; IP addresses are hashed before storage
• Email Engagement: For business outreach and service emails, we may record delivery/open engagement using a tracking pixel, including timestamp, user agent, and a hashed IP address

4. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To process your images and provide the AI-powered services you request
• Account Management: To create and maintain your account, manage credits, and process payments
• Customer Support: To respond to your inquiries and provide technical assistance
• Service Improvement: To analyze usage patterns and improve our service quality
• Business Outreach: To contact relevant business prospects, track whether outreach is useful, and avoid repeated unwanted contact
• Legal Compliance: To comply with applicable laws and regulations
• Security: To detect, prevent, and address technical issues and fraudulent activity

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: Processing necessary to provide the services you've requested
• Legitimate Interest: Improving our services, preventing fraud, and ensuring security
• Legal Obligation: Complying with tax, accounting, and other legal requirements
• Consent: Where you have explicitly agreed (e.g., marketing communications)

6. Data Storage and Security

7. Data Sharing and Third Parties

We do not sell your personal data. We only share data with:

• Payment Processors: Stripe (for payment processing) - subject to their privacy policy
• Email Providers: Email infrastructure providers for account, transactional, support, and business outreach messages
• Cloud Infrastructure: Hosting and object-storage providers used to run the Service and process uploaded files
• AI and Search Processing Providers: Providers such as OpenAI, Google, and product-search services where needed for image analysis, product identification, data extraction, and enrichment. Uploaded content may include personal data if you include people or identifying information in the images.
• Legal Requirements: When required by law or to protect our legal rights

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at rezfan@produfoto.com. We will respond within 30 days.

9. Cookies and Tracking

We use only essential cookies necessary for the Service to function:

• Authentication Cookies: To keep you logged in (session management)
• Security Cookies: CSRF tokens to protect against attacks
• Local Storage: Theme preference (stored locally, not transmitted)

We do not use advertising cookies. We collect limited cookieless usage data (page visits, referrer, UTM parameters, and scroll depth) using server-side analytics to understand how visitors interact with our site. IP addresses are hashed before storage and are never stored in raw form for these analytics records.

For business outreach and some service emails, we may use read receipts or open pixels to understand whether a message reached the intended recipient. You can object to further outreach or ask us to remove your prospect record via our unsubscribe page or by emailing rezfan@produfoto.com.

10. International Data Transfers

Your data is primarily stored and processed within the EU. When we use third-party AI processing services, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our Service. The "Last updated" date at the top indicates when changes were made.

13. Contact Us