Privacy Policy

Last updated: May 27, 2026

中文

Welcome to ImgPilot. We are committed to protecting your privacy and being transparent about how your information is handled. This Privacy Policy describes what data we collect when you use ImgPilot, how we use it, who we share it with, and the choices you have regarding your information.

ImgPilot is an AI image generation platform. By using our service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you sign up, we collect basic account information including your email address, and (if you use social login) your name and profile picture as provided by the authentication provider. We support sign-in with Google as well as passwordless email Magic Link; the scope of data shared with us is controlled by you and the respective provider.

1.2 Payment Information

When you purchase a subscription or a credit pack, payment is processed by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details. We only retain the resulting transaction reference, billing email, and the amount paid for our records.

1.3 Prompts and Generated Content

When you use the image generation features, we collect and store:

  • The text prompts you submit
  • Any reference images you upload for image-to-image editing
  • The generated images produced by the AI models
  • The model selected, generation parameters (aspect ratio, resolution), and credit cost

Generated images are stored on Cloudflare R2. Prompts and generation metadata are stored in our database. See Section 4 for how this data is used and Section 7 for retention policies.

Important: Please do not include personally sensitive information (such as government ID numbers, full names of private individuals, or confidential business data) in your prompts. AI generation requires sending your prompts to upstream model providers — see Section 3.

1.4 Usage Data

We automatically collect technical and usage information when you access the service:

  • IP address (derived from cf-connecting-ip via Cloudflare)
  • Browser type, operating system, and device information
  • Pages visited, time spent, and interaction events on the website
  • Referrer URL and any UTM parameters present when you arrived at the site

1.5 Cookies and Local Storage

We use cookies and local storage strictly for the following purposes:

  • Session authentication — to keep you logged in (set by Better Auth)
  • Theme preference — to remember your light/dark mode choice
  • Locale preference — to remember your language choice

We do not use third-party advertising cookies, behavioral tracking cookies, or cross-site retargeting pixels.

1.6 ImgPilot Prompt Lens Browser Extension

If you install the ImgPilot Prompt Lens browser extension, the extension processes information only when you choose its image context-menu action or connect your ImgPilot account. Depending on how you use it, we may process:

  • The URL of the web image you selected for prompt extraction
  • The AI prompt result, tags, and prompt mode metadata returned for that selected image
  • Anonymous trial identifiers, request proof tokens, IP-based rate-limit keys, and related abuse-prevention metadata
  • If you sign in, an extension session token, your ImgPilot account identifier, email, and credit-balance metadata

The extension stores the currently selected image URL, the latest prompt result, anonymous trial token, and connected account token in Chrome local extension storage so the popup can continue to show progress and results after it is closed. Prompt Lens does not read your full browsing history, page content, passwords, cookies, or files.

Prompt extraction may require sending the selected image URL and related prompt request to third-party AI model providers through ImgPilot's server-side AI infrastructure. Do not use Prompt Lens on private, confidential, or sensitive images.

2. How We Use Your Information

We use the collected information to:

  • Provide the core functionality of the service — generating AI images, managing your credit balance, and displaying your generation history
  • Process payments, issue refunds when applicable, and prevent payment fraud
  • Communicate with you about your account, generation results, service notices, and (if you opted in) promotional updates
  • Detect, investigate, and prevent abuse, fraud, content policy violations, and security incidents
  • Analyze aggregated usage patterns to improve the service
  • Comply with legal obligations

3. AI Generation and Third-Party Model Providers

Image generation on ImgPilot is performed by third-party AI model providers. When you generate an image:

  • Your text prompt and any reference images are forwarded to one or more third-party AI model providers, depending on the model you selected (such as Google's Nano Banana series, Black Forest Labs' Flux Kontext, OpenAI's GPT-4o Image, or xAI's Grok Image)
  • The AI model provider processes your prompt to generate the image and may temporarily retain the prompt for safety, abuse prevention, and quality monitoring, according to their own privacy policies
  • We do not control how these providers handle your prompts beyond what they disclose in their own terms

By submitting a prompt, you acknowledge and consent to this data flow. If you do not want your prompt sent to a third-party model, do not submit it.

4. Sharing Feature and Public Disclosure

ImgPilot includes a one-click sharing feature that allows you to share generated images to social media platforms (X / Twitter, Facebook, Pinterest). When you use this feature:

  • A public landing page is created at /share/[id] on our website. This page is accessible to anyone with the link, without requiring login, and may be indexed by search engines.
  • The landing page displays the generated image, the original text prompt, the model used, and the creation date.
  • This sharing action is voluntary — you control whether and when an image becomes public.
  • You may revoke a public share at any time by deleting the corresponding generation from your history page.

5. Service Providers We Use

We do not sell your personal information. We share data only with the following service providers, strictly as necessary to operate the service:

  • Cloudflare — hosting, edge runtime (Workers), CDN, image storage (R2)
  • Supabase — managed PostgreSQL database for user accounts, generation records, and credit balances
  • Stripe — payment processing and subscription management
  • AI model providers — third-party providers of the underlying image generation models offered through our service
  • AI routing and prompt extraction providers — providers used to analyze selected image URLs and return Prompt Lens text prompts
  • Upstash Redis — rate limiting, anonymous trial state, request proof records, account job state, and extension connection flow state
  • Resend — transactional email delivery (welcome emails, payment receipts, etc.)
  • Google — optional social sign-in provider

We may also disclose your information when required by law, legal process, or government request, or when necessary to investigate fraud, security incidents, or violations of our Terms of Service.

6. International Data Transfers

ImgPilot operates globally. Your information may be stored and processed in countries outside your country of residence, including the United States and other regions where our service providers operate. By using the service, you consent to such international transfers.

7. Data Retention

We retain different categories of data for different periods:

  • Account data — retained as long as your account exists. You may request account deletion at any time (see Section 8).
  • Generated images and prompts — retained indefinitely on our servers, but the visibility of older records in your history page depends on your subscription tier (Free: 3 days, Basic: 7 days, Pro: 30 days, Ultra: unlimited). Older records remain stored but are filtered from your view; upgrading restores visibility.
  • Payment records — retained for as long as required by tax and accounting laws (typically 5–10 years, depending on jurisdiction).
  • Server logs and usage data — retained for up to 90 days for security and debugging.
  • Prompt Lens extension data — anonymous trial counters, request proof records, account job records, and extension connection state are retained for a limited period, typically up to 30 days. Chrome local extension storage remains on your device until you clear it or uninstall the extension.
  • Deleted generations — when you delete an individual generation from your history, both the database record and the image file on R2 are removed within a reasonable timeframe.

8. Your Rights and Choices

Depending on the laws of your jurisdiction (such as the GDPR in the European Union or the CCPA in California), you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — ask us to delete your account and associated data
  • Portability — receive your data in a machine-readable format
  • Objection / Restriction — object to or limit how we process your information
  • Withdraw consent — for any processing based on your consent

To exercise any of these rights, contact us at hi@imgpilot.app. We will respond within a reasonable timeframe and in accordance with applicable law.

If you are located in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

9. Security

We implement reasonable technical and organizational measures to protect your information, including HTTPS/TLS encryption in transit, encrypted storage at rest through our cloud providers, and access controls limiting who can view user data. However, no security system is impenetrable, and we cannot guarantee absolute security.

10. Children's Privacy

ImgPilot is not directed to children under 13 years of age (or under 16 in jurisdictions such as the European Union where this is the applicable age of digital consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Third-Party Links

Our service may contain links to third-party websites or tools. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of every site you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Continued use of ImgPilot after an update constitutes your acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact us at hi@imgpilot.app.