Privacy Center

Privacy Policy

Last Updated: May 2026 • Effective: May 2026 • Your data security and privacy are my top priorities. Here is how I handle your information.

01

Introduction and Who I Am

Welcome to ProductImageUpscale AI. I operate this service as a solo developer and individual based in Nepal. Please note that at this time, I do not operate as a registered corporate entity. This Privacy Policy explains how I collect, use, and handle your information when you use my service ("Service").

02

Data Collection Details

I collect the following types of information when you use the Service:

  • Account Information: Name, email address, and authentication credentials when you sign up.
  • Usage Data: Non-personally identifiable information describing how you interact with the Service.
  • Payment Information: I use third-party payment processors (Shopify Billing for Shopify merchants, or a secure PCI-compliant payment processor for other users) to handle payments. I do not store your full credit card details on my servers.
03

Image Handling and Storage Transparency

When you upload product images to the Service, they are processed by the upscaling algorithms.

  • Image Storage: Images you upload, and their enhanced outputs, are securely stored via the underlying storage provider (Supabase Storage).
  • Privacy Constraints: I respect your intellectual property. Uploaded images belong to you, and I do not use them to train AI models, nor do I share or sell them to third parties.
  • Modification and Deletion: You retain the ability to delete your processed and original images at any time from your dashboard.
04

Third-Party Services Disclosure

To operate effectively as a solo developer, I leverage trusted third-party infrastructure:

  • Supabase: Used for database management, authentication, and secure image storage.
  • Vercel: Used for hosting the Service and providing Vercel Analytics (anonymous, aggregated usage metrics).
  • Payment Processors: Billing and subscriptions are handled securely by Shopify Billing (for Shopify merchants) or by our PCI-compliant payment processor. I do not store your payment card details.
  • AI Providers: Your image data is routed through secure APIs to upscaling and image enhancement providers.
  • Hotjar: Used for session recording and heatmaps, loaded only with your consent via the cookie banner.
  • Resend: Used for sending transactional emails (e.g., account verification, contact form responses).
05

International Data Transfers

Because I am based in Nepal and utilize cloud infrastructure providers with global data centers, your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. I take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, and I only transfer data to third-party providers that maintain appropriate security measures. By using the Service, you acknowledge this transfer.

06

Your Rights (GDPR & CCPA)

Depending on your location, you may have specific privacy rights. I strive to grant these capabilities to all users globally:

  • GDPR (European Users): You have the right to access, rectify, or erase your personal data; the right to restrict processing; the right to object to processing; and the right to data portability.
  • CCPA (California Users): You have the right to request disclosure of the categories and specific pieces of personal information I have collected about you, the right to request deletion of that data, and the right to non-discrimination for exercising your rights. (I do not sell your personal data).

To exercise these rights, please contact me using the contact information below. I will respond to verified requests within 30 days.

07

Data Retention Policy

I retain your personal information and uploaded images only for as long as is necessary to provide you with the Service or to comply with my legal obligations, resolve disputes, and enforce my agreements. If you choose to delete your account, your data and images will be permanently removed from my active databases within 30 days of your deletion request. Payment records may be retained for up to 7 years as required by tax and accounting obligations.

08

Security Practices

I implement commercially reasonable security measures to protect your personal information and imagery. My database and storage solutions enforce secure access policies and utilize encryption at rest and in transit. However, no method of transmission over the Internet or electronic storage is 100% secure, and I cannot guarantee absolute security.

09

Cookies and Tracking Technologies

The Service uses essential cookies required for authentication and core functionality (e.g., session tokens). These cookies are strictly necessary and cannot be disabled.

In addition, the Service uses the following analytics tools:

  • Vercel Analytics: Collects anonymous, aggregated usage data (e.g., page views, performance metrics) to help improve the Service. This data does not identify individual users.
  • Hotjar: Used for session recording and heatmaps to understand how users interact with the Service. Hotjar is loaded only after you explicitly accept cookies via the consent banner. If you decline, Hotjar is never activated.

I do not use third-party advertising cookies or cross-site tracking for ad targeting. I do not sell any data collected through these tools to third parties.

10

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), I process your personal data under the following legal bases:

  • Contractual Necessity: Processing your account information and images is necessary to provide you with the Service you signed up for.
  • Legitimate Interest: I process usage data to improve the Service, prevent abuse, and ensure security.
  • Consent: Where required by law, I obtain your explicit consent before processing (e.g., Hotjar analytics cookies are only activated after you accept the cookie consent banner).
  • Legal Obligation: I may process data to comply with applicable laws and regulations.
11

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, I will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR requirements. Notification will be sent to the email address associated with your account and will describe the nature of the breach, the likely consequences, and the measures taken to address it.

12

Children's Privacy

My Service does not address anyone under the age of 13, and I do not knowingly collect personal identifiable information from children under 13. If I become aware that I have collected Personal Data from a child under the age of 13 without verification of parental consent, I take steps to remove that information from my servers immediately.

13

Changes to This Privacy Policy

I may update this Privacy Policy from time to time. When I make material changes, I will notify you by posting a prominent notice on the Service or by sending you an email notification. The updated policy will indicate the new "Last Updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

14

Contact Information

If you have any questions about this Privacy Policy, your rights, or data handling practices, please contact me at:

Contact: Submit a message via the contact form

Location: Nepal

Privacy concerns?

Transparency is key.

Reach out to me directly if you have any questions about how your data is handled.

Contact Support