This Privacy Policy describes how PrimeStyleAI processes information in connection with the Services.
In most cases, Customer is the data controller for End User data collected on Customer's properties, and PrimeStyleAI acts as a data processor solely to generate Outputs and operate the Services.
2.1 Data We Process
- Product images and product metadata provided by Customer.
- User-uploaded images and associated request metadata submitted through Customer's integration, processed transiently.
- Technical logs and usage data, such as API calls, timestamps, error logs, IP address, and device/browser information, for security and performance.
- Account and billing data for Authorized Users, including name, business email, and role, as needed to operate the developer portal.
2.2 How We Use Data
- Provide and operate the Services, including rendering Outputs, authenticating sessions, and preventing abuse.
- Maintain security, rate limiting, and fraud prevention.
- Monitor reliability and improve performance through aggregated analytics.
- Comply with legal obligations and enforce our Terms.
2.3 Legal Bases Under GDPR and UK GDPR
Contractual Necessity, Art. 6(1)(b)
Customer account administration and providing the Services.
Legitimate Interests, Art. 6(1)(f)
Security, abuse prevention, and service improvement.
Legal Obligation, Art. 6(1)(c)
Where applicable by law.
2.4 Data Retention
User-uploaded images are intended to be processed transiently for rendering and are not stored persistently by default. We retain technical logs for a limited period necessary for security, troubleshooting, and compliance, typically 30 to 180 days, unless a longer period is required by law or agreed in writing. Customer may request details of current retention settings.
2.5 Sharing and Subprocessors
We may share data with service providers, also called subprocessors, that help us provide the Services, such as cloud hosting providers and AI infrastructure providers. We require subprocessors to protect data through contractual obligations. A current list of subprocessors may be provided upon request or via a DPA exhibit.
2.6 International Transfers
We are based in the United States and may process data in the U.S. and other jurisdictions where we or our subprocessors operate. Where required for transfers from the EEA, UK, or Switzerland, we will use appropriate safeguards such as Standard Contractual Clauses and supplementary measures, typically through a Data Processing Addendum.
2.7 Security
We implement reasonable administrative, technical, and organizational measures designed to protect data, including encryption in transit, access controls, and monitoring. No security measure is perfect; therefore, we cannot guarantee absolute security.
2.8 End User Rights
Because Customer is typically the controller, End Users should direct privacy requests to the Customer. Where PrimeStyleAI is directly responsible under applicable law, data subjects may request access, correction, deletion, restriction, or portability.
2.9 California Privacy Under CCPA and CPRA
PrimeStyleAI does not sell personal information as defined under CCPA/CPRA. California residents may have rights to know, delete, and correct personal information. Because PrimeStyleAI generally acts as a service provider/processor for Customer, requests should be submitted to the Customer first. Authorized Users may contact us for account-related data requests.
2.10 Children's Data
The Services are intended for business use and are not directed to children. Customer must not knowingly submit personal data of children to the Services.
Contact
Contact PrimeStyleAI
For privacy questions or requests, contact PrimeStyleAI in Laguna Niguel, California, USA.