Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This includes:

• Account information (name, email, company)
• Payment information (processed securely via Stripe)
• Images and media files you upload for processing
• Usage data and API call logs
• Device and browser information

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our image processing services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Monitor and analyze usage patterns and trends
• Detect, investigate, and prevent fraudulent or unauthorized activity

3. Image Data

Images uploaded to GrainLux are processed according to your instructions and stored securely. We do not use your images for training AI models unless you explicitly opt in. Images are encrypted at rest and in transit.

4. Data Retention

We retain your images and processed outputs for as long as your account is active or as needed to provide services. You can delete your images at any time through the dashboard or API. Deleted images are permanently removed within 30 days.

5. Data Sharing

We do not sell your personal information. We may share information with third-party service providers who assist in operating our platform, subject to confidentiality agreements.

6. Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data. Contact privacy@grainlux.com to exercise these rights.

7. Cookies & Tracking

We use essential cookies to maintain your session and preferences. Analytics cookies help us understand how our service is used. You can manage cookie preferences through your browser settings or our cookie consent banner.

• Essential cookies: Required for service functionality
• Analytics cookies: Help us improve the platform
• Marketing cookies: Used only with explicit consent

8. International Transfers

Your data may be processed in countries outside your jurisdiction. We use Standard Contractual Clauses and other approved mechanisms to ensure adequate protection for international data transfers.

9. Children's Privacy

GrainLux is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through a notice on our website at least 30 days before the changes take effect.

11. Contact Us

For privacy-related questions, contact us at privacy@grainlux.com or write to: GrainLux Inc., 548 Market St, Suite 300, San Francisco, CA 94104.

Data Protection Officer: dpo@grainlux.com

EU Representative: GrainLux EU Ltd., 10 Finsbury Square, London EC2A 1AF, United Kingdom

12. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information. We do not sell personal information.

13. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments. For more details, see our Security page.