Cave Sight ("we", "our", or "us") operates the PicPolisher website and service (accessible at http://localhost:3000). We are committed to protecting your privacy and ensuring you have control over your personal data.
This Privacy Policy applies to our website, AI image generation services, and any related services (collectively, the "Service"). It explains how we collect, use, disclose, and safeguard your information in accordance with applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
1. Information We Collect
A. Information You Provide
- Account Information: When you register, we collect your email address.
- User Content: Photos you upload for training our AI models ("Training Data").
- Payment Information: We use third-party payment processors (e.g., Stripe). We do not store your full credit card details.
- Communications: Content of messages you send to our support team.
B. Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, and clickstream data.
- Technical Data: IP address, browser type, device information, operating system, and crash logs (via Sentry).
- Cookies & Local Storage: We use cookies for authentication (Supabase) and essential site functionality.
2. How We Use Your Information
We use your data for the following specific purposes:
- Service Provision: To create your account, process payments, and generate AI headshots based on your uploaded photos.
- AI Processing: Your uploaded photos are used exclusively to train a temporary, user-specific AI model. This model is used solely to generate your requested images.
- Improvement: To analyze usage patterns, fix bugs (using error monitoring), and improve website performance.
- Communication: To send transactional emails (receipts, password resets, completed task notifications) and support responses.
- Security: To detect and prevent fraud, abuse, or security incidents.
3. Data Retention & AI Model Privacy
Our Data Promise
We are not in the business of hoarding your biometric data. Our system is designed for transience.
- Training Photos: Source photos you upload are stored securely and are automatically deleted from our servers after the AI training process is complete or within 24 hours of upload, whichever comes first.
- AI Models: The custom AI model files (.safetensors, etc.) created for your headshots are deleted automatically after 30 days to save storage and protect privacy.
- Generated Images: The final headshots we generate for you are stored in your private gallery. You can delete them at any time. We may retain them for up to 30 days to allow you to download them, after which they may be archived or deleted.
- Account Data: We retain your account information (email, billing history) as long as your account is active or as required by tax/legal obligations.
4. Third-Party Services
We do not sell your personal data. We share data only with the following categories of trusted service providers to operate the Service:
| Service Category | Provider(s) | Purpose |
|---|
| Infrastructure & Hosting | Vercel, Supabase (AWS) | Hosting website, database, and file storage. |
| AI Processing | Replicate, Fal.ai, Google | GPU processing for image generation. |
| Payments | Stripe | Payment processing and fraud detection. |
| Authentication | Supabase Auth | Secure user login and session management. |
| Monitoring | Sentry | Error tracking and performance monitoring. |
5. International Data Transfers
PicPolisher is operated from Australia, but our infrastructure and service providers are distributed globally (primarily in the United States and EU).
By using the Service, you acknowledge that your information may be transferred to, stored, and processed in countries outside of your residence. When we transfer data across borders, we rely on:
- Adequacy Decisions: For transfers to countries deemed to provide adequate protection.
- Standard Contractual Clauses (SCCs): We use provider agreements that include SCCs approved by the European Commission or equivalent mechanisms to ensure data protection.
6. Your Rights (GDPR, CCPA, APP)
Depending on your location, you may have specific rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Deletion (Right to be Forgotten): Request deletion of your account and all associated data. You can often do this directly in your account settings.
- Portability: Request your data in a structured, machine-readable format.
- Opt-Out: Opt-out of marketing communications.
To exercise these rights, please contact us at info@picpolisher.com. We will respond within the statutory timeframes (usually 30 days).
7. Cookies and Tracking
We use "cookies" (small text files) to improve your experience. We categorize them as:
- Essential Cookies: Required for login (Supabase) and security. Cannot be disabled.
- Functional Cookies: Remember your preferences.
- Analytics Cookies: Help us understand how the site is used.
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from logging in or using the Service.
8. Children's Privacy
The Service is strictly for users aged 18 and over. We do not knowingly collect data from children. If we discover we have collected data from a child under 18, we will delete it immediately.
9. Changes to Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice on our website. The "Last updated" date at the top indicates when the latest changes were made.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: