Privacy Policy

The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

This policy applies to all services operated by Reflet.

What We Collect and Why

Identity & Access

When you sign up for Reflet, we use OAuth authentication through trusted providers (Google, Apple, Discord). We receive your email address and basic profile information (name, profile picture) from these providers. We need this information to create your account and provide you access to our Services.

We'll never sell your personal information to third parties, and we won't use your name or company in marketing statements without your permission either.

Generation Data

When you use our AI generation services, we collect:

Prompts and inputs: The text prompts, reference images, and parameters you provide for generation
Generated content: The images, videos, audio files, and other content created by our AI services
Generation metadata: Information about which models you used, generation settings, and timestamps

We store this data so you can access your creations, manage your history, and continue working on your projects. Your generated content belongs to you.

Reference Images

When you upload reference images for AI generation (faces, clothes, products, objects, places), these images are stored in secure cloud storage. We use these images solely to provide the AI generation services you request. You confirm that you have the right to use any images you upload.

Usage Data

We track how you use our Services to improve them. This includes:

Which features you use and how often
Credit usage and purchase history
Error logs and performance data
General web analytics (pages visited, time spent, browser type)

We use this data to improve our Services, fix bugs, and understand which features are most valuable to our users.

Billing Information

When you purchase credits, we collect billing information necessary to process your payment. Payment details are submitted directly to our payment processor (Stripe) and never hit Reflet servers. We only store the last four digits of your card number and expiration date for reference.

Affiliate Program Data

If you participate in our affiliate program, we collect additional information including your payout email, payment method preferences, social media links, and referral performance data. This information is used solely to manage the affiliate program and process payments.

Cookies and Tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how you use our Services. These are essential for the Services to work properly.

Third-Party AI Services

To provide AI generation capabilities, we use third-party AI service providers:

Fal AI: Image and Video processing and upscaling
ElevenLabs: Voice synthesis, music generation, sound effects

When you use our Services, your prompts and inputs are sent to these providers to generate your requested content. We choose our providers carefully and require them to meet high standards for privacy and security. However, we encourage you to review their privacy policies as well:

Fal AI: fal.ai/privacy
ElevenLabs: elevenlabs.io/privacy

Important: We do not share your personal information (email, name, billing details) with these AI providers. Only your generation requests (prompts, reference images, parameters) are sent to them.

Where We Store Your Data

Our Services use cloud infrastructure to store your data securely:

Database: PostgreSQL database for account information, generation metadata, and settings
File Storage: Google Cloud Storage (via Firebase) for your generated content and reference images
Backups: Automated backups stored securely with encryption

All data is encrypted in transit (HTTPS/TLS) and at rest. We implement industry-standard security measures to protect your data from unauthorized access.

Data Retention

We keep your data for as long as your account is active. If you delete your account:

All data becomes immediately inaccessible from our Services
Within 30 days, all data is permanently deleted from active systems
Backups may retain data for up to 60 days for disaster recovery purposes, then are permanently deleted

We may retain certain data longer if required by law or for legitimate business purposes (for example, transaction records for tax compliance).

Your Rights With Respect to Your Data

You have the right to:

Access Your Data

You can access all your data through your account dashboard. Your generation history, reference images, and account settings are always available to you.

Download Your Data

You can download any of your generated content at any time. Simply click the download button on any image, video, or audio file you've created.

Delete Your Data

You can delete individual generations or reference images from your account. To delete all your data, delete your account from the settings page.

Correct Your Data

You can update your profile information and settings at any time through your account settings.

Object to Processing

If you object to how we process your data, you can stop using our Services and delete your account. However, some data processing is necessary to provide the Services (for example, we must process your prompts to generate your requested content).

How We Secure Your Data

We take security seriously. Here's how we protect your data:

All data transmission is encrypted with TLS/HTTPS
Data at rest is encrypted in our databases and file storage
We use OAuth authentication through trusted providers (no password storage)
Payment information is processed by PCI-compliant payment processors
Regular security audits and updates
Staff access to data is limited and logged

While we implement strong security measures, no system is 100% secure. We'll notify you promptly if we detect any unauthorized access to your data.

Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. If we make significant changes, we'll notify you by email or through a notice in our Services.

Your continued use of our Services after a policy change means you accept the new policy.

Data Requests and Privacy Concerns

If you have questions or concerns about your privacy, or if you'd like to:

Request a copy of all data we have about you
Request deletion of specific data
Report a privacy concern
Exercise any of your privacy rights

Please contact us through our help page or send us an email. We'll respond to your request within 30 days.

Law Enforcement and Legal Requests

Reflet won't hand your data over to law enforcement unless a court order says we have to. We reject requests from law enforcement when they seek data without a court order. And unless we're legally prevented from it, we'll always inform you when such requests are made.

We may preserve or disclose your data if required by law or if we believe in good faith that it's necessary to:

Comply with a law, regulation, or valid legal process
Protect the safety of any person
Protect our rights or property
Prevent fraud or abuse of our Services

Questions?

If you have any questions about this Privacy Policy, please contact us privacy@reflet.ai

This policy is adapted from Basecamp's open-source policies.
We believe in transparency and respecting your privacy, just like they do.