Privacy Policy

Image Enhancer is operated by GOJO BEST INVEST S.R.L., which is the data controller for this service under the EU General Data Protection Regulation (GDPR). You can reach us at support@imageenhancerapp.com for any privacy question.

We keep the bare minimum needed to run accounts, process payments, and deliver enhancements. We don't sell your data, we don't run ad trackers, and we don't keep copies of your photos after the enhancement completes.

The data we hold is scoped to running the product:

• Account information. Your email address (used to sign in and to contact you about your account) and, if you use Google sign-in, the basic profile information Google returns. We never see or store a password — authentication is by magic link or Google OAuth.
• Credit ledger. Your current credit balance, a log of credit additions (signup bonus, purchases) and deductions (completed enhancements), and a record of each enhancement job we started for you. This is what lets us show you your balance and recent activity on /account.
• Purchase records. For every successful credit purchase we store the Stripe Checkout session ID, the package purchased, the amount paid (in EUR), and the time of purchase. We do not store card numbers — all card handling happens inside Stripe.
• Uploaded photos. When you enhance a photo, the image is uploaded to our server, forwarded to the AI model, and the enhanced result is returned to your browser. The photo is held in memory only for the duration of the request. It is not written to our database, it is not written to persistent storage, and it is not retained after the response is sent.
• Technical logs. Our hosting and infrastructure providers record request-level information (IP address, timestamp, HTTP status) for reliability, security, and abuse prevention. These logs are short-lived and are not used to build profiles of users.

Under GDPR, we rely on the following legal bases to process the data above:

• Performance of a contract — to create your account, deliver enhancements, grant credits, and process payments you have asked us to process.
• Legal obligations — to keep the invoicing, VAT, and accounting records we are required to keep under Romanian and EU law.
• Legitimate interests — to keep the service secure, prevent abuse, and debug issues.

We use the following processors. Each one only receives the data it needs to do its job, and each one is bound by data-processing terms:

• Supabase (Supabase Inc.) — Account authentication, user credit ledger, purchase records. Data may be processed in EU / US.
• Stripe (Stripe Payments Europe Ltd.) — Payment processing and fraud prevention for credit purchases. Data may be processed in EU / US.
• Google (Google Ireland Ltd.) — AI image enhancement via the Gemini API. Data may be processed in EU / US.
• Vercel (Vercel Inc.) — Web hosting and request-level infrastructure logs. Data may be processed in EU / US.

Each provider handles international data transfers under Standard Contractual Clauses or equivalent safeguards. We don't share your personal data with advertisers or data brokers.

Uploaded photos are not retained — they are discarded as soon as the enhancement request completes. Account, credit ledger, and purchase records are kept for as long as your account exists, plus any period we are required to retain invoicing / accounting data under law (typically up to 10 years for financial records in the EU). When you delete your account, personal data that is not subject to a retention obligation is deleted or anonymized.

We only set cookies that are strictly necessary to run the service: the Supabase authentication session cookies that keep you signed in. We do not use analytics cookies, advertising cookies, or any other tracking technology, so no cookie-consent banner is required.

If your personal data is subject to the GDPR, you have the right to: access a copy of the data we hold about you, correct inaccuracies, request erasure, restrict or object to processing, and data portability. To exercise any of these rights, visit /account/privacy or email support@imageenhancerapp.com from the address on your account. We aim to respond within one month.

You also have the right to lodge a complaint with your local data protection authority. In Romania this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).

Data is transmitted over HTTPS. API keys for the AI provider and for Stripe are kept server-side and never exposed to the browser. Payment card details are handled exclusively by Stripe, which is PCI-DSS compliant. No online service can be called perfectly secure — please don't upload anything you'd be seriously harmed by losing or leaking.

This service isn't intended for children under 16. Please don't create an account or upload photos of children unless you have the right to do so (for example, you are their parent or legal guardian).

If this policy ever changes in a material way, the “last updated” date at the top of this page will change too, and we'll notify active accounts by email when the change is significant.

Questions, corrections, or concerns? Email support@imageenhancerapp.com.