Privacy Policy

Commitment to E-commerce Professionals: We recognize that your product imagery represents your intellectual property and competitive advantage. Our privacy framework is built on a "Privacy-by-Design" philosophy, ensuring that your commercial assets are never used for AI model training or stored longer than technically necessary for the optimization process.

1. Introduction and Scope of Governance

This Privacy Policy governs the collection, processing, and protection of data within the @Model.MainDomain ecosystem. As a provider of high-performance e-commerce visual tools (including AI Background Removal, Lossless Compression, and AI Upscaling), we operate as both a Data Controller and a Data Processor under the definitions of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By utilizing our services to optimize your Shopify, Amazon, or WooCommerce storefront assets, you acknowledge and agree to the protocols outlined herein. This policy applies to all users globally, with specific sub-clauses for residents of the European Economic Area (EEA), the United Kingdom, and various United States jurisdictions.

2. Data Categorization and Collection Protocols

2.1 Personal Information (User-Provided)

We collect minimal personal data required to maintain your account and provide subscription-based services. This includes:

Identity Data: Full name, professional email address, and linked e-commerce platform identifiers (e.g., Shopify Store URL).
Financial Data: Encrypted payment tokens (we do not store raw credit card numbers; all transactions are processed via PCI-DSS Level 1 compliant gateways).
Communication Data: Logs of support tickets, API troubleshooting requests, and feedback provided through our internal dashboard.

2.2 Visual Asset Data (The "Payload")

Unlike traditional SaaS, our core "Payload Data" consists of the product images you upload for optimization. Technical Guarantee: We do not claim ownership of any uploaded assets. Your images are processed in Volatile RAM (Random Access Memory). Once the AI processing (Upscaling, Background Removal, or Compression) is complete, the original file is purged from our transient buffers.

2.3 Automated Technical Data

To prevent API abuse and ensure system stability, we log:

IP Addresses (for rate-limiting and DDoS protection).
Browser User-Agent and Device Fingerprints.
Geographic location (at the city level) for CDN optimization.

3. Specific AI Processing and File Handling

In 2026, the intersection of AI and privacy is a critical concern. We provide the following Operational Transparency Report on how our algorithms interact with your data:

Tool Type	Processing Method	Retention Period
AI Background Removal	Neural Edge Detection (In-Memory)	Instant Purge
Lossless Compression	Bitstream Optimization (Stateless)	60 Minutes (Download Window)
AI Image Upscale	Generative Reconstruction (Private Model)	60 Minutes (Download Window)

Zero-Training Guarantee: We officially certify that no user-uploaded images are used to train, fine-tune, or improve our public or private AI models. Your product "moat" remains yours alone.

4. Legal Bases for Processing (GDPR Compliance)

Under Article 6 of the GDPR, we process your data based on the following legal pillars:

Contractual Necessity: To provide the image optimization services you have requested or subscribed to.
Legal Obligation: To comply with financial reporting, tax laws, and anti-fraud regulations.
Legitimate Interests: To improve our site security, troubleshoot technical bugs in our API, and prevent unauthorized scraping of our proprietary neural network outputs.
Consent: For marketing communications, where you have explicitly opted-in to receive Shopify growth tips or platform updates.

5. Global Data Transfers and Third-Party Disclosure

As a multinational service, we utilize a Global Content Delivery Network (CDN) and server clusters in Northern Virginia (US-East), Frankfurt (EU-Central), and Singapore (AP-Southeast).

5.1 International Transfers: For users in the EEA, data transferred to the US is protected under the Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) to ensure an equivalent level of protection to that provided within the European Union.

5.2 Service Providers: We share data only with essential sub-processors, such as:
- Cloud Infrastructure: AWS / Cloudflare (SOC2 Compliant).
- Payment Processing: Stripe / PayPal (PCI-DSS Level 1).
- Email Delivery: Postmark / SendGrid.

6. Your Rights and Data Control

Regardless of your location, we provide a unified Privacy Dashboard allowing you to exercise the following rights:

The Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your account and all associated metadata.
The Right to Portability: Export your usage history and account data in a machine-readable JSON format.
The Right to Restrict Processing: Request that we temporarily suspend the processing of your data during a legal dispute.
Opt-Out of Automated Decision-Making: We do not use automated profiling to determine your subscription pricing or service eligibility.

7. Advanced Security Architecture

In an era of increasing cybersecurity threats, we employ a Defense-in-Depth strategy:

Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Isolation: Processing environments are sandboxed; your image processing occurs in an isolated container that is destroyed post-execution.
Audits: We conduct bi-annual penetration testing and vulnerability assessments to maintain our "Secure SaaS" certification.

8. Contact and Data Protection Officer (DPO)

If you have questions regarding this policy or wish to report a data incident, please contact our Data Protection Office:

Attn: Data Protection Officer
Email: privacy@@Model.MainDomain
Address: 102 High-Tech Corridor, Suite 800, San Francisco, CA 94105, USA