Cave Sight ("we", "our", or "us") operates the PicPolisher website and service (accessible at https://picpolisher.com). We are committed to protecting your privacy and ensuring you have control over your personal data.
This Privacy Policy applies to our website, AI image generation services, and any related services (collectively, the "Service"). It explains how we collect, use, disclose, and safeguard your information in accordance with applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
1. Information We Collect
A. Information You Provide
- Account Information: When you register, we collect your email address.
- User Content: Photos you upload for training our AI models ("{trainingData}").
- Payment Information: We use third-party payment processors (e.g., Stripe). We do not store your full credit card details.
- Communications: Content of messages you send to our support team.
B. Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, and clickstream data.
- Technical Data: IP address, browser type, device information, operating system, and crash logs (via Sentry).
- Cookies & Local Storage: We use cookies for authentication (Supabase) and essential site functionality.
2. How We Use Your Information
We use your data for the following specific purposes:
- Service Provision: To create your account, process payments, and generate AI headshots based on your uploaded photos.
- AI Processing: Your uploaded photos are used exclusively to train a temporary, user-specific AI model. This model is used solely to generate your requested images.
- Improvement: To analyze usage patterns, fix bugs (using error monitoring), and improve website performance.
- Communication: To send transactional emails (receipts, password resets, completed task notifications) and support responses.
- Security: To detect and prevent fraud, abuse, or security incidents.
3. Data Retention & AI Model Privacy
Our Data Promise
We are not in the business of hoarding your biometric data. Our system is designed for transience.
- Training Photos: Source photos you upload are stored securely and are automatically deleted from our servers after the AI training process is complete or within 24 hours of upload, whichever comes first.
- AI Models: The custom AI model files (.safetensors, etc.) created for your headshots are deleted automatically after 30 days to save storage and protect privacy.
- Generated Images: The final headshots we generate for you are stored in your private gallery. You can delete them at any time. We may retain them for up to 30 days to allow you to download them, after which they may be archived or deleted.
- Account Data: We retain your account information (email, billing history) as long as your account is active or as required by tax/legal obligations.
4. Third-Party Services
We do not sell your personal data. We share data only with the following categories of trusted service providers to operate the Service:
| Service Category | Provider(s) | Purpose |
|---|
| Infrastructure & Hosting | Vercel, Supabase (AWS) | Hosting website, database, and file storage. |
| AI Processing | Replicate, Fal.ai, Google | GPU processing for image generation. |
| Payments | Stripe | Payment processing and fraud detection. |
| Authentication | Supabase Auth, Google OAuth | Secure user login and session management. |
| Monitoring | Sentry | Error tracking and performance monitoring. |
5. Google OAuth Data Usage
If you choose to use your Google account to log in to PicPolisher, we will access certain information from your Google account.
Google API Services User Data Policy
PicPolisher's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Information Accessed: We only request the minimum required permissions (scopes) to authenticate you: your email address and basic profile information (name and profile picture).
- Purpose of Use: We use this information solely to create and manage your {productName} account, provide the service, and communicate with you about your account.
- Data Sharing: We do not share your Google user data with any other third parties, except for our core infrastructure provider (Supabase) as described below.
- Authorized Domains Notice: During the Google OAuth authentication process, you may see
supabase.co listed as an authorized domain. This is because we utilize Supabase as our secure authentication and database provider. Your data is managed by {productName} through Supabase's infrastructure, ensuring high security and compliance with Google's policies.
6. International Data Transfers
PicPolisher is operated from Australia, but our infrastructure and service providers are distributed globally (primarily in the United States and EU).
By using the Service, you acknowledge that your information may be transferred to, stored, and processed in countries outside of your residence. When we transfer data across borders, we rely on:
- Adequacy Decisions: For transfers to countries deemed to provide adequate protection.
- Standard Contractual Clauses (SCCs): We use provider agreements that include SCCs approved by the European Commission or equivalent mechanisms to ensure data protection.
7. Your Rights (GDPR, CCPA, APP)
Depending on your location, you may have specific rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Deletion (Right to be Forgotten): Request deletion of your account and all associated data. You can often do this directly in your account settings.
- Portability: Request your data in a structured, machine-readable format.
- Opt-Out: Opt-out of marketing communications.
To exercise these rights, please contact us at [email protected]. We will respond within the statutory timeframes (usually 30 days).
8. Cookies and Tracking
We use "cookies" (small text files) to improve your experience. We categorize them as:
- Essential Cookies: Required for login (Supabase) and security. Cannot be disabled.
- Functional Cookies: Remember your preferences.
- Analytics Cookies: Help us understand how the site is used.
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from logging in or using the Service.
9. Children's Privacy
The Service is strictly for users aged 18 and over. We do not knowingly collect data from children. If we discover we have collected data from a child under 18, we will delete it immediately.
10. Changes to Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice on our website. The "Last updated" date at the top indicates when the latest changes were made.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: