Personal Data We Collect
We collect information ("Personal Data") that identifies or relates to you as follows:
A. Information You Provide
Account Information:
When you create an account, we collect your name, email, password, and other profile details. If you subscribe or make a payment, we may collect billing information such as cardholder name, payment method, and transaction history (processed by our payment partner, Stripe).
User Content:
We collect data that you upload or input, including product images, prompts, files, 3D assets, and other creative materials you use in the platform.
Communication Data:
If you contact us (by email or social media), we collect your name, contact details, and the content of your communication.
Other Voluntary Data:
You may provide additional data through surveys, feedback, or participation in events.
B. Information Collected Automatically
When you access or use our Services, we collect:
- Log and Usage Data: IP address, browser type, device identifiers, access times, pages viewed, and actions taken.
- Device and Technical Data: Operating system, screen resolution, and system performance data.
- Location Data: We determine approximate location from your IP address to ensure service reliability and detect abuse.
- Cookies and Similar Technologies:Used to operate, secure, and improve the Services (see "Cookie Notice" below).
C. Information from Third Parties
We may receive information from:
- Service partners (e.g., hosting, analytics, or fraud prevention providers);
- AI model partners (OpenAI, Replicate, Fal.ai, etc.) to process your content;
- Public or commercial sources for security, analytics, and compliance.
How We Use Personal Data
We use Personal Data to:
Model Training:
IMAI Studio does not directly train or fine-tune its AI models on user-generated content. However, content may be processed through third-party AI providers (such as OpenAI, Replicate, or Fal.ai) solely to generate requested outputs. These providers may have their own privacy policies governing any model training.
Disclosure of Personal Data
We may disclose Personal Data in the following circumstances:
Vendors and Service Providers:
With trusted partners performing services for us, including AWS, Vercel, Convex, Stripe, Resend, and Google Analytics.
AI Processing Partners:
To generate requested results, we securely transmit prompts, files, and instructions to integrated AI providers such as OpenAI, Replicate, or Fal.ai.
Affiliates:
With subsidiaries or affiliates under common control, in accordance with this policy.
Business Transfers:
During any merger, acquisition, or sale of assets.
Legal and Compliance:
When required by law, regulation, or governmental authority, or to protect the rights and safety of users or IMAI.
With Consent:
When you choose to share data with collaborators or publish generated content.
International Data Transfers
We store and process data in the United States and other regions (including the EU and Asia) to improve speed and reliability.
When transferring data outside your country, we rely on Standard Contractual Clauses (SCCs) and equivalent lawful transfer mechanisms to ensure your data receives adequate protection.
Retention
We retain Personal Data only as long as necessary to:
- Provide and maintain the Services;
- Comply with legal obligations;
- Resolve disputes and enforce agreements.
Temporary uploads and generated assets are stored per your account settings and may be deleted after inactivity or account closure.
Security
We implement administrative, technical, and organizational safeguards to protect your data against unauthorized access, alteration, or destruction. However, no system is completely secure, and we cannot guarantee absolute protection.
Children
Our Services are not directed to children under 13, and we do not knowingly collect Personal Data from them.
If you believe a child has provided data, please contact privacy@imai.studio for prompt removal.
Your Rights and Choices
Depending on your jurisdiction, you may have rights to:
You can manage many settings through your account or contact us at privacy@imai.studio.
Links and Third Parties
Our Services may link to third-party platforms or APIs. We are not responsible for their privacy or data handling practices. Please review their policies before sharing information.
Business Accounts and Teams
If you join IMAI Studio through an organization (e.g., business account), your administrator may access or manage your account and content in accordance with that organization's policies.
Changes to This Policy
We may update this Privacy Policy from time to time.
The "Last Updated" date at the top indicates the effective date. Continued use of the Services after updates constitutes acceptance of the revised policy.
Contact Us
IMAI Studio Inc
1388 Haight Street, San Francisco, CA 94117, USA
Email: privacy@imai.studio
For questions, requests, or concerns about privacy, please contact us at the above address.
Privacy Policy Addendum for EEA, UK, and Switzerland Users
Last Updated: October 30, 2025
This Privacy Policy Addendum ("Addendum") supplements the IMAI Studio Global Privacy Policy and applies to users located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.
It describes how IMAI Studio Inc processes your Personal Data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Data Protection Act (FADP).
Controller Information
IMAI Studio Inc
1388 Haight Street
San Francisco, CA 94117, United States
Email: privacy@imai.studio
IMAI Studio Inc acts as the data controller for Personal Data collected through our Services.
For questions or concerns about this Addendum or your data rights, you may contact our Data Protection Officer via privacy@imai.studio.
Legal Bases for Processing
We process your Personal Data only when a legal basis applies under the GDPR. Depending on your interaction with our Services, processing is based on one or more of the following:
| Purpose | Legal Basis |
|---|---|
| To provide, operate, and maintain our Services | Performance of a contract (Art. 6(1)(b)) |
| To authenticate and manage accounts | Performance of a contract (Art. 6(1)(b)) |
| To process payments and transactions | Performance of a contract / legitimate interest (Art. 6(1)(b), (f)) |
| To communicate with you, including support | Legitimate interest / consent (Art. 6(1)(a), (f)) |
| To prevent fraud and maintain security | Legitimate interest (Art. 6(1)(f)) |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| For analytics and service improvement | Legitimate interest / consent (Art. 6(1)(a), (f)) |
| For marketing or newsletters | Consent (Art. 6(1)(a)) |
Where consent is the legal basis, you may withdraw consent at any time without affecting the lawfulness of prior processing.
International Transfers
We may transfer your Personal Data to the United States and other countries outside the EEA, UK, or Switzerland where data protection standards may differ.
To safeguard such transfers, IMAI Studio relies on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- The UK International Data Transfer Addendum; and
- Equivalent protections recognized by Swiss authorities.
A copy of these transfer mechanisms can be requested by contacting privacy@imai.studio.
Retention
We retain Personal Data only for as long as necessary for the purposes outlined in our Global Privacy Policy, including legal, accounting, or reporting requirements.
When retention is no longer necessary, data will be securely deleted or anonymized.
Your Data Protection Rights
Under applicable data protection law, you have the following rights:
Requests can be submitted via privacy@imai.studio or through any available account tools.
We may require identity verification to process your request.
Processing by Third Parties
We engage trusted service providers and AI infrastructure partners to process data strictly under our instructions, including:
Amazon Web Services (AWS), Vercel, Convex, Stripe, Google Analytics, Resend, and AI model providers OpenAI, Replicate, and Fal.ai.
These parties act as processors and are contractually bound by confidentiality and data protection obligations consistent with the GDPR.
IMAI Studio does not use user-generated content to train or fine-tune its own models, and our third-party partners are not permitted to use your content for training unless expressly allowed under their own published policies.
Automated Decision-Making and Profiling
IMAI Studio does not perform automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Security of Processing
We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular assessments of our systems.
Children's Data
Our Services are not directed to children under 13 years (or the minimum age required by local law).
If we become aware that a child has provided Personal Data without parental consent, we will delete it promptly.
Updates to This Addendum
We may amend this Addendum from time to time to reflect changes in law, guidance, or our practices.
The "Last Updated" date at the top indicates the current version.
Material changes will be communicated through our website or by email where legally required.
Contact and Complaints
Data Controller:
IMAI Studio Inc
1388 Haight Street
San Francisco, CA 94117, USA
Email: privacy@imai.studio
If you have concerns about our handling of your Personal Data, you may contact us directly.
You also have the right to lodge a complaint with your local supervisory authority (for example, the CNIL in France, ICO in the UK, or your national authority within the EEA).