AIPhotoPrompts.org may process prompt text, generation parameters, reference images, generated outputs, account data, credit ledger entries, and billing references only as needed to provide the requested Studio workflow, safety checks, billing, support, abuse prevention, account history, and legal/security obligations.
Account and sign-in data
Google OAuth identifiers such as email, provider account id, display name, and avatar where used.
Session and security data
Sign-in session records, the aip_session cookie where enabled, OAuth/security state, CSRF or anti-abuse signals where implemented, and standard hosting/security logs.
Generation data
Prompt text, negative prompt, mode, aspect ratio, reference image metadata where uploaded, generation status, provider response metadata, job ids, and result references.
Assets
Uploaded reference images and generated images may be stored privately and accessed through signed or limited-access URLs where implemented.
Credits and billing data
Credit ledger entries, free generation grants, checkout sessions, payment status, receipt references, pack ids, credit amounts, Stripe customer or payment references, order status, and webhook event records. AIPhotoPrompts does not store full card numbers.
Safety and abuse data
Blocked categories, policy events, audit signals, and abuse-prevention records. We do not intentionally send raw prompt text, uploaded images, generated images, or high-risk blocked inputs to analytics tools.
Support data
Email messages and information you choose to send for billing, privacy, safety, deletion, correction, or account support.
Provider and vendor handling
AI providers, payment providers, hosting providers, and security providers may process the information needed to provide their services. For AI generation, the selected model provider may receive prompt text, generation parameters, and, where image-to-image is enabled, reference images. Provider processing, retention, safety review, and training restrictions must follow the relevant vendor terms and production configuration.
We do not claim that third-party model or infrastructure providers will never process, retain, review, or use submitted content unless their terms and configuration have been reviewed and support that statement.
NEEDS_OWNER_CONFIRMATION: vendor ToS review, provider retention/training statement, OpenRouter selected model, Replicate fallback status, and image-to-image production scope.
Retention and deletion
Retention periods, deletion controls, account deletion handling, and provider-side deletion paths must match the production implementation before public launch.
Where deletion controls are available, you can delete generated images or uploaded references from your account history. If self-serve deletion is unavailable, contact support for account or data deletion help.
NEEDS_OWNER_CONFIRMATION: self-serve deletion, support deletion scope, billing/tax/fraud/security retention exceptions, and privacy contact.
Analytics and cookies
We do not intentionally send raw prompt text, uploaded images, generated images, or high-risk blocked inputs to analytics tools. If analytics, ads, retargeting, or non-essential tracking are added later, Privacy and Cookie Policy must be updated before launch and consent/opt-out requirements must be reviewed.