Privacy Policy
Last updated: June 6, 2026
This Privacy Policy explains how Pyrovex ("Pyrovex", "we", "us", or "our") collects, uses, shares, and protects information when you use our websites, applications, APIs, AI tools, billing, support, and related services (the "Services"). The Pyrovex contracting entity is the operator shown in your checkout flow, invoice, order form, or account records.
Information We Collect
We collect information you provide directly, including account details, contact information, profile settings, support messages, API key metadata, billing and transaction information, and any content you submit to the Services.
We also collect technical and usage data needed to operate, secure, debug, and improve the Services, such as IP address, device and browser information, approximate location derived from IP address, log data, feature usage, generation settings, error reports, and security events.
Payment card details are processed by our payment providers. We do not intentionally store full card numbers on our own systems.
Content You Submit for Processing
When you use Pyrovex features, you submit content to our Services for AI processing. This may include product images, photographs, product information such as titles, descriptions, categories, attributes, prices, prompts, masks, reference images, and other instructions you provide. We process this content to generate the results you request, operate the Services, maintain security, prevent abuse, provide support, and improve reliability.
You should not submit sensitive personal data, biometric identifiers, government IDs, medical or financial documents, images of children, private images of identifiable people, or other regulated information unless you have a lawful basis, all required rights, and all required consents to do so.
We do not use your submitted images or product content to train our own foundational models without your consent. Generated outputs are returned to you and, where applicable, stored in your account, media library, or connected workspace.
Controller and Processor Roles
For account, billing, analytics, support, security, and service administration data, Pyrovex generally acts as a data controller or business. For content submitted by business customers for AI processing, Pyrovex may act as a processor or service provider on the customer's behalf. Business customers are responsible for providing any required notices, obtaining permissions, and ensuring they have rights to upload and process their content through the Services. Where Pyrovex processes personal data as a processor or service provider, the parties may enter into a Data Processing Addendum.
Third-Party Providers and AI Sub-Processors
To deliver the Services, Pyrovex may share information with vendors that help us operate the Services, including hosting providers, storage providers, payment processors, email providers, analytics and logging providers, customer support tools, fraud-prevention services, and AI model or compute providers.
For AI features, Pyrovex transmits the content you submit and related instructions to third-party model and infrastructure providers acting on our behalf. These providers process the content only as needed to perform the requested operation, maintain safety, prevent abuse, and comply with their obligations. Some providers may temporarily retain inputs, outputs, or logs for security, debugging, legal compliance, or abuse-monitoring purposes under their own terms. We may use customer content to debug, secure, maintain, and support the Services, but we do not authorize sub-processors to train models on your customer content or build generalized datasets from it unless we disclose this or obtain consent where required.
A current list of material sub-processors is available on request. Where legally required, we will provide notice of material sub-processor changes.
How We Use Information
We use information to:
- provide, maintain, secure, and improve the Services;
- create and manage accounts, authentication, API keys, credits, and billing;
- process AI requests and return generated outputs;
- provide customer support and service notices;
- detect, prevent, and investigate fraud, abuse, security incidents, unlawful activity, and policy violations;
- comply with legal, tax, accounting, sanctions, reporting, and regulatory obligations; and
- send product updates or marketing communications where permitted by law.
Where applicable, our legal bases include performance of a contract, legitimate interests in operating and securing the Services, consent, and compliance with legal obligations.
Cookies, Analytics, and Local Storage
We may use cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure the Services, measure performance, understand feature usage, and improve the product. Some technologies are necessary for the Services to work. Where required by law, optional analytics or marketing technologies are used only with consent or with an available opt-out.
Data Sharing
We may share information with service providers and sub-processors described in this policy, with your connected third-party services at your direction, with professional advisers, in connection with a merger or business transfer, or with authorities where required by law or where we believe disclosure is necessary to protect rights, safety, security, or prevent abuse. We do not sell your personal information or customer content. Where laws define targeted advertising disclosures as a "share" of personal information, we will provide any required notice or opt-out.
International Transfers
We and our service providers may process information in countries other than your own. Where required, we use appropriate safeguards for international transfers, such as data processing agreements, standard contractual clauses, or other lawful transfer mechanisms.
Data Retention
We retain information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required by law. In general:
- account information is retained while your account is active and for a reasonable period after closure;
- billing, tax, and transaction records are retained as required by accounting and tax laws;
- submitted content and generated outputs are retained until deleted by you, removed through account controls, or deleted after account closure, unless needed for security, support, or legal reasons;
- logs and security records are retained for a limited period appropriate to fraud prevention, debugging, and abuse investigations; and
- evidence related to suspected unlawful activity, CSAM, fraud, or security incidents may be retained and disclosed as legally required.
Security and Incident Notice
We implement reasonable technical and organizational measures designed to protect information, including access controls, encryption in transit, monitoring, and operational safeguards. No system can be guaranteed to be 100% secure. Where legally required, we will notify affected users, customers, or regulators of a data breach.
Children
The Services are not intended for children under 18. You may not use the Services to upload, generate, or process images or personal information of minors unless you have a lawful basis and all required parental or guardian consent. Content that sexualizes, exploits, or endangers minors is strictly prohibited.
Your Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal information; withdraw consent; opt out of certain communications; appeal a decision; or complain to a data protection authority. We may need to verify your identity before responding. To make a request, contact us using the details below.
Changes to This Policy
We may update this policy from time to time. If changes are material, we will provide notice where required by law. The updated date above shows when this policy was last revised.
Contact
Questions, privacy requests, or sub-processor requests can be sent to info@pyrovex.info.