AI CMO

Privacy Policy

Last updated: 2026-05-24

This Privacy Policy describes how AI CMO ("we", "us") handles information when you use the Service. By using the Service you consent to the practices described below.

1. Information we collect

  • Account data: your name, email address, and profile image as supplied by Google when you sign in via Google OAuth, plus an internal user ID.
  • Content you submit: character briefs, text prompts, reference images, and any other data you upload to the Service.
  • Outputs: images and videos generated on your behalf by third-party models, stored in object storage associated with your account.
  • Billing metadata: Stripe customer and payment identifiers, credit purchase amount and timestamp, and a ledger of credit debits/credits. We do not see or store your full card number; Stripe handles that directly.
  • Technical logs: IP address, user agent, request timestamps, error logs, and provider request IDs, retained for security, debugging, and fraud prevention.

2. How we use information

  • To operate and provide the Service (authenticating you, routing your prompts to model providers, storing outputs, metering credits);
  • To process payments and prevent fraud;
  • To debug, monitor, and secure the Service;
  • To communicate with you about your account or material changes to the Service;
  • To comply with legal obligations and respond to lawful requests.

3. Third-party sub-processors

Running the Service requires sending data to third parties. Your inputs and/or outputs may pass through any of the following providers, which act as independent controllers or sub-processors under their own terms and privacy policies:

  • Google (OAuth sign-in, Gemini image model)
  • fal.ai (image generation models)
  • GMI Cloud (image and video generation models, including Wan, Seedance, Seedream)
  • An OpenAI-compatible LLM provider configured per deployment (e.g., CoreWeave / GLM) for prompt expansion
  • Cloudflare R2 (object storage for references and outputs)
  • A MySQL database host of the operator's choosing
  • Stripe (payments)

We do not control how these providers train their models, log requests, or apply watermarks, provenance metadata, or content filters. Review their policies before submitting sensitive data.

4. Storage and retention

Generated assets and reference images are stored in object storage indefinitely while your account exists, so you can retrieve them. Account records and the credit ledger are retained for as long as your account exists and for a reasonable period afterward for tax, accounting, fraud-prevention, and legal-compliance reasons. You may request deletion of your account from the account settings page; after deletion, residual backups and legally-required records may persist for a limited period.

5. Security

We use industry-standard technical measures including TLS in transit, credential hashing, row-level transactional integrity on the credit ledger, and scoped API credentials for providers. No system is perfectly secure; we do not guarantee security and you use the Service at your own risk.

6. Your rights

Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, port, or object to processing of your personal data, and to withdraw consent. To exercise these rights, contact us via the address associated with your account. We do not sell personal information and we do not use your data for cross-context behavioral advertising.

7. Children

The Service is not directed to, and not available to, individuals under 18. We do not knowingly collect information from minors. If you believe a minor has provided us information, contact us for deletion.

8. International transfers

The Service and its providers are operated in various countries. By using the Service you consent to the transfer of your information to, and processing in, jurisdictions that may have different data-protection laws than your own.

9. Changes

We may update this Policy at any time. Material changes take effect upon posting. Your continued use of the Service after a change constitutes acceptance.

10. Contact

Privacy questions or rights requests should be directed to the contact address listed on our site or associated with your account.