Legal
Privacy Policy
Last updated: July 3, 2026
1. Introduction
Jewelix ("we," "us," or "our") operates the Jewelix platform (jewelix.app) and provides AI-powered jewelry photography services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website, applications, and services (collectively, the "Service").
We are committed to protecting your privacy in compliance with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable international data protection laws.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Data Controller
The data controller responsible for your personal data is:
Jewelix
Location: United States
Email: support@jewelix.app
3. Data We Collect
3.1 Information You Provide
- Account Information: Name, email address, and authentication credentials when you register or sign in via third-party providers (e.g., Google OAuth).
- Uploaded Content: Product images, logos, and other files you upload for processing.
- Prompt Data: Text prompts and scene descriptions you provide for AI generation.
- Payment Information: Billing details processed through our payment processor (Stripe). We do not store full credit card numbers on our servers.
- Communications: Messages you send to our support team.
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, generation history, timestamps, and interaction patterns.
- Device Information: Browser type, operating system, device identifiers, and screen resolution.
- Log Data: IP addresses, access times, referring URLs, and error logs.
- Cookies & Similar Technologies: Essential cookies for authentication and session management, and optional analytics cookies with your consent.
4. Legal Basis for Processing (GDPR Article 6)
- Contract Performance: Processing necessary to provide the Service you requested (account management, image generation, exports).
- Legitimate Interest: Service improvement, fraud prevention, security monitoring, and analytics (balanced against your rights).
- Consent: Optional analytics cookies, marketing communications, and newsletter subscriptions (withdrawable at any time).
- Legal Obligation: Compliance with tax, accounting, and regulatory requirements.
5. How We Use Your Data
- Provide, maintain, and improve the Service
- Process your uploaded images and generate AI-enhanced content
- Manage your account and authenticate your identity
- Process payments and manage subscriptions
- Send transactional notifications (account changes, generation completions)
- Respond to your support inquiries
- Detect, prevent, and address fraud, abuse, and security issues
- Analyze usage patterns to improve our AI models and user experience
- Comply with legal obligations
6. Your Uploaded Content & Generated Images
Ownership: You retain full ownership of all images you upload and all images generated by the Service using your content. We do not claim any intellectual property rights over your content.
Usage by Us: We may use anonymized, aggregated data derived from usage patterns to improve our AI models and Service quality. We will never use your specific product images for marketing, training, or any purpose other than providing the Service to you, without your explicit written consent.
Retention: Your uploaded images and generated content are stored in your account for as long as your account is active. You may delete individual images or your entire account at any time. Upon account deletion, all associated content will be permanently removed within 30 days.
7. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We may share data with the following categories of recipients:
- AI Service Providers: Your uploaded images and prompts are sent to third-party AI providers (e.g., Google Cloud AI) for processing. These providers are bound by data processing agreements and do not retain your data beyond the processing session.
- Payment Processor: Stripe processes your payment data under their own privacy policy and PCI DSS compliance.
- Cloud Infrastructure: Our service runs on cloud providers (e.g., Vercel, Supabase) who act as data processors under our instructions.
- Legal Requirements: We may disclose data when required by law, court order, or to protect our legal rights.
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
8. International Data Transfers
Your data may be transferred to and processed in countries outside of the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Data Processing Agreements with all sub-processors
- Compliance with applicable US state privacy law requirements
9. Data Security
We implement industry-standard technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Row-Level Security (RLS) on database tables ensuring users can only access their own data
- Regular security audits and vulnerability assessments
- Access controls and principle of least privilege for internal systems
- Secure authentication via OAuth 2.0 providers
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
10. Data Retention
- Account Data: Retained for the lifetime of your account plus 30 days after deletion request.
- Generated Content: Stored until you delete it or close your account.
- Payment Records: Retained for 7 years as required by applicable tax and accounting regulations.
- Log Data: Retained for up to 12 months for security and debugging purposes.
- Analytics Data: Aggregated and anonymized data may be retained indefinitely.
11. Your Rights
Under GDPR (Articles 15-22), CCPA, and other applicable laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or direct marketing.
- Withdraw Consent: Withdraw previously given consent at any time without affecting lawfulness of prior processing.
- Automated Decisions: Not be subject to decisions based solely on automated processing that produce legal effects.
To exercise any of these rights, contact us at support@jewelix.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the EU: your national supervisory authority; in the US: your state attorney general).
12. Cookies & Tracking Technologies
We use the following categories of cookies:
| Category | Purpose | Required |
|---|---|---|
| Essential | Authentication, session management, security | Yes |
| Functional | User preferences, language settings | Yes |
| Analytics | Usage statistics, service improvement | Consent-based |
| Marketing | Currently not used | N/A |
13. Children's Privacy
The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at support@jewelix.app.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
15. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Jewelix - Data Protection
Email: support@jewelix.app
Location: United States
Response time: Within 30 days of receipt