Privacy Policy

Last updated: 2025-09-24

Contents

1. Who We Are

Food2Photo (the “Service”) enhances your real food photos using generative AI. We are the controller for your personal data when you use the Service. Contact: support@food2photo.com.

2. Definitions

• Controller: the entity that determines the purposes and means of processing personal data (Food2Photo for this Service).
• Processor: a service provider processing personal data on our behalf under our instructions.
• Personal data: any information relating to an identified or identifiable natural person.
• EEA: the European Economic Area (EU member states, Iceland, Liechtenstein, Norway).

3. Categories of Personal Data

• Account and Authentication: email address and authentication/session data.
• Content: images you upload and Outputs we generate for you.
• Billing: purchase metadata (handled by payments providers), subscription/credit info.
• Technical and Usage: IP address, device/browser info, logs, and events for reliability, security, and rate limiting.
• Communications: your messages to support or feedback you provide.

4. Purposes and Legal Bases (GDPR/UK GDPR)

• Provide and operate the Service: perform our contract with you (Art. 6(1)(b)).
• Security, fraud/abuse prevention, and service reliability: our legitimate interests in safe and reliable operations (Art. 6(1)(f)).
• Payments and accounting: compliance with legal obligations (Art. 6(1)(c)).
• Product improvement and support communications: legitimate interests (Art. 6(1)(f)).
• Optional communications (e.g., marketing): your consent where required (Art. 6(1)(a)), which you may withdraw at any time.

5. Where We Process and Store Data

Hosting is primarily located in Germany (EU). Some processing may occur in other regions depending on provider configuration and availability. Where data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions, as applicable.

6. Processors and Recipients

• Authentication and data services providers.
• Payments processing providers.
• Hosting, edge/network, and content delivery providers.
• AI model and gateway providers for image generation.
• Analytics, logging, email, and customer support providers.

7. Retention

• Account data: retained while your account is active. If you delete your account, we will delete or anonymize personal data unless retention is required by law.
• Uploads and Outputs: retained temporarily for operational reliability, abuse prevention, and debugging; we do not sell your images.
• Billing records: retained for the legally required period for accounting/tax purposes.
• Logs: retained for a reasonable period for security and troubleshooting.

8. Your Rights

• Request access to your personal data and receive a copy.
• Request rectification or erasure of your data.
• Request restriction of processing or object to processing.
• Request data portability.
• Withdraw consent at any time, where applicable, without affecting prior processing.
• Lodge a complaint with a supervisory authority in the EEA/UK.

9. Children

The Service is not intended for children under 16. Do not create an account or upload personal data of children.

10. Security

We implement appropriate technical and organizational measures designed to protect personal data. No system is perfectly secure.

11. Data Processing Addendum (DPA)

If you require a Data Processing Addendum (DPA) as a business customer, contact us at support@food2photo.com. We can provide a DPA incorporating the EU Standard Contractual Clauses and, where needed, the UK Addendum.

12. Changes

We may update this policy to reflect changes to our practices or for legal reasons. We will indicate the latest update date above. If changes are material, we will provide additional notice (e.g., in‑app or email).

13. Contact

Contact support@food2photo.com for privacy questions or to exercise your rights.