Welcome to StudioLM ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at studiolm.dev, use our AI image generation service at imagen.studiolm.dev, or access our API services (collectively, the "Services").
By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.
1. Key Points at a Glance
| What We Collect | How We Use It | Who We Share With |
|---|---|---|
| Email address, username | Account creation and authentication | No third parties |
| Password (hashed, never stored in plain text) | Secure login | No third parties |
| Payment information | Process transactions | Coinbase Commerce (payment processor) |
| IP address | Security, rate limiting, fraud prevention | Cloudflare (security) |
| Generated images | Provide the generation service | No third parties |
| API usage logs | Usage tracking, billing | No third parties |
2. Information We Collect
2.1 Information You Provide
- Account Information: When you create an account, we collect your email address, username, and password. Passwords are cryptographically hashed and never stored in plain text.
- Payment Information: If you purchase credits or API access, payment is processed through Coinbase Commerce. We do not store your cryptocurrency wallet addresses or payment card details directly.
- Support Communications: When you contact us for support, we collect the information you provide in your messages.
- User Content: Prompts you submit for AI generation and the resulting generated images.
2.2 Information Collected Automatically
- Device and Usage Information: Browser type, operating system, referring URLs, pages viewed, and access times.
- IP Address: Collected for security purposes, rate limiting, and to prevent abuse.
- Cookies and Similar Technologies: We use essential cookies for session management and authentication. We do not use advertising or tracking cookies.
- API Usage Data: Endpoints accessed, tokens used, images generated, timestamps, and response times.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Services
- Process transactions and manage your account
- Send you service-related communications (account verification, security alerts, support responses)
- Protect against fraud, abuse, and unauthorized access
- Comply with legal obligations
- Enforce our Terms of Service
- Monitor and analyze usage patterns to improve performance
- We do NOT sell your personal information to third parties
- We do NOT use your prompts or generated images to train our AI models
- We do NOT share your data with advertisers
- We do NOT send marketing emails without your explicit consent
4. AI-Generated Content
- Text Generation: We use publicly available AI language models to provide text generation services.
- Image Generation: We use proprietary and private AI image generation models.
- Your Ownership: You own all content you generate using our Services, subject to our Terms of Service.
- No Training on Your Data: We do not use your prompts, inputs, or generated outputs to train, fine-tune, or improve any AI models.
- Content Moderation: Generated images may be analyzed by our automated content moderation system to detect and prevent the generation of inappropriate content. This analysis is performed in real-time and is not stored for training purposes.
5. Children's Privacy (COPPA Compliance)
Our Services are available to users aged 13 years and older. We do not knowingly collect personal information from children under 13.
- If you are under 13, you may not use our Services.
- If you are between 13 and 18, you must have parental or guardian consent to use our Services.
- If we learn we have collected information from a child under 13, we will delete that information immediately.
- Parents or guardians may contact us at [email protected] to request deletion of their child's information.
5.1 Age-Restricted Content
By default, our Services are configured to generate content safe for all ages (13+). Users who wish to access mature content (18+) must:
- Submit a manual verification request via support ticket
- Verify they are at least 18 years of age
- Receive manual approval from our team
6. Data Sharing and Disclosure
We may share your information only in the following circumstances:
- Service Providers: With third-party vendors who perform services on our behalf (payment processing, security services). These providers are bound by contractual obligations to protect your data.
- Legal Requirements: When required by law, court order, or governmental regulation.
- Protection of Rights: To protect the rights, property, or safety of StudioLM, our users, or others.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.
6.1 Third-Party Services We Use
| Service | Purpose | Data Shared |
|---|---|---|
| Coinbase Commerce | Payment processing | Transaction details, email |
| Cloudflare | Security, DDoS protection, bot detection | IP address, browser fingerprint |
| Google OAuth (optional) | Single sign-on authentication | Email address (if you choose Google login) |
7. Data Retention
- Account Data: Retained for as long as your account is active.
- Generated Images: Stored for as long as your account exists, unless you manually delete them.
- API Usage Logs: Retained for as long as your account is active for billing and analytics purposes.
- Upon Account Deletion: All your data is permanently and immediately deleted, including:
- Account information
- All generated images
- All API usage logs
- All saved preferences and settings
8. Data Security
We implement industry-standard security measures to protect your data:
- HTTPS encryption for all data in transit
- Password hashing using secure cryptographic algorithms
- Rate limiting and IP-based security measures
- Regular security audits and monitoring
- Access controls limiting who can access user data
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Your Privacy Rights
Depending on your location, you may have the following rights:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure: Request deletion of your personal data (delete your account).
- Right to Data Portability: Request your data in a machine-readable format.
- Right to Withdraw Consent: Withdraw consent for processing at any time.
- Right to Opt-Out: Opt out of any marketing communications.
To exercise any of these rights, contact us at [email protected].
9.1 For California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA), California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed and to whom
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising CCPA rights
9.2 For European Residents (GDPR)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right to lodge a complaint with a supervisory authority
- Right to object to processing based on legitimate interests
- Right to restriction of processing
Our legal basis for processing personal data includes: performance of a contract (providing Services), legitimate interests (security, fraud prevention), and consent (where applicable).
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure that any international transfers comply with applicable data protection laws and that appropriate safeguards are in place.
11. Cookies and Tracking
We use only essential cookies necessary for the operation of our Services:
- Session Cookies: To maintain your login session
- Security Cookies: For CSRF protection and security purposes
We do not use advertising cookies, analytics cookies, or third-party tracking cookies.
12. Do Not Track
We do not track users across third-party websites. We honor Do Not Track signals and do not use any third-party tracking services.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Effective from" date
- Sending an email notification for significant changes (if you have an account)
Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions about this Privacy Policy, your personal data, or our privacy practices, please contact us:
- Email: [email protected]
- Website: studiolm.dev
We aim to respond to all privacy inquiries within 30 days.