Vintage Art StudioBack to Home

Privacy Policy

Last updated: March 17, 2026

1. Introduction

This Privacy Policy explains how Vintage Art Studio ("we," "our," or "us") collects, uses, and protects your personal information when you use our Service. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, and authentication identifiers provided when you log in via OAuth.
  • Usage data: Records of illustrations you create, including selected era, illustration style, props, and poses. This data is used to provide the Service and improve it.
  • Payment information: When you purchase Pro access, payment is processed by Stripe. We do not store your full credit card details — only the Stripe customer ID and payment status.
  • Technical data: IP address, browser type, device information, and usage logs for security and performance monitoring.
  • Cookies: Session cookies for authentication and optional analytics cookies (see Section 6).

3. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service.
  • Process payments and manage your account tier.
  • Enforce usage limits and prevent abuse.
  • Send transactional emails (receipts, important service updates).
  • Comply with legal obligations.
  • Analyze aggregate usage patterns to improve the Service (using anonymized data where possible).

We do not sell your personal information to third parties. We do not use your generated images to train AI models without your explicit consent.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you have requested.
  • Legitimate interests: Security monitoring, fraud prevention, and Service improvement.
  • Consent: Analytics cookies (you may withdraw consent at any time via the cookie settings).
  • Legal obligation: Compliance with applicable laws and regulations.

5. Data Sharing

We share your data only with trusted service providers necessary to operate the Service:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data.
  • Cloud infrastructure providers: Hosting, database, and file storage services.
  • Authentication providers: OAuth login services.

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled without breaking the Service.
  • Analytics cookies (optional): Used to understand how users interact with the Service. You can opt out via the cookie consent banner or your browser settings.

7. Data Retention

We retain your account data for as long as your account is active. Generated images are stored for up to 12 months from creation. You may request deletion of your data at any time (see Section 9). Payment records are retained for 7 years as required by financial regulations.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Withdraw consent for analytics cookies at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. International Transfers

Your data may be transferred to and processed in countries outside your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by GDPR.

11. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at [email protected].