Privacy Policy - Maging
Maging Logo Maging

Privacy Policy

Last Updated: July 19, 2025

Effective Date: July 19, 2025

This Privacy Policy describes how Maging ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our services at maging.io and ai.maging.io (the "Services").

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, password, billing information
  • Payment Information: Credit card details, billing address (processed by third-party payment processors)
  • Content: Photos, images, text prompts, and other content you upload or generate
  • Communications: Messages you send us through support channels

1.2 Information We Collect Automatically

  • Usage Data: How you interact with our Services, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, performance data
  • Cookies and Tracking: See our Cookie Policy below

1.3 Information from Third Parties

  • Authentication Providers: Information from Google, Apple, or other login services
  • Payment Processors: Transaction information from Stripe or other payment services
  • Analytics Providers: Aggregated usage statistics
  • AI Infrastructure Providers: Processing results and metadata from Replicate and other AI services

2. How We Use Your Information

AI Training and Model Development

Important: Your uploaded content may be used to train and improve our AI models as described in our Terms of Service.

2.1 Service Provision:

  • Process your AI photo generation requests
  • Train custom AI models for your account
  • Provide customer support and technical assistance
  • Process payments and manage subscriptions

2.2 Service Improvement:

  • Train, improve, and develop our AI models and algorithms
  • Enhance our Services' features and functionality
  • Analyze usage patterns and optimize performance
  • Conduct research and development

2.3 Business Operations:

  • Communicate with you about our Services
  • Send marketing communications (with consent)
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect against fraud and abuse

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

3.1 Contract Performance: Processing necessary to provide our Services under our Terms of Service

3.2 Legitimate Interests: Including:

  • Improving our AI models and Services
  • Ensuring security and preventing fraud
  • Understanding user behavior and preferences
  • Business development and research

3.3 Consent: For marketing communications and certain data processing activities

3.4 Legal Obligations: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers:

  • Cloud hosting providers (Hetzner)
  • Payment processors (Stripe)
  • Analytics providers (Posthog)
  • Customer support tools
  • AI Infrastructure Providers: Replicate, Hertzner, and other AI private processing services that handle your content for generation and training purposes
  • Content delivery networks and data storage providers

Important: Third-Party AI Processing

Your uploaded images and generated content are processed by third-party AI infrastructure providers including Replicate. These providers may have their own data processing policies and rights to your content as outlined in our Terms of Service.

4.2 Legal Requirements:

  • To comply with laws, regulations, or legal processes
  • To protect our rights and property
  • To prevent fraud or abuse
  • In connection with legal proceedings

4.3 Business Transfers: In case of merger, acquisition, or sale of assets

4.4 Public Content: Content you choose to make public through our Services

5. Data Retention

5.1 General Retention: We retain personal data for as long as necessary to:

  • Provide our Services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

5.2 AI Training Data: Content used to train our AI models may be retained indefinitely as part of our model training datasets, even after account deletion, as permitted by our Terms of Service.

5.3 Account Data: Personal account information is typically deleted within 30 days of account closure, subject to legal requirements.

6. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights:

6.1 Access: Request access to your personal data

6.2 Rectification: Correct inaccurate or incomplete data

6.3 Erasure: Request deletion of your personal data (subject to limitations for AI training data)

6.4 Restriction: Limit how we process your data

6.5 Portability: Receive your data in a portable format

6.6 Objection: Object to processing based on legitimate interests

6.7 Withdraw Consent: Withdraw consent for consent-based processing

6.8 Complaint: Lodge a complaint with your data protection authority

Important Limitation

AI Training Data: Please note that data incorporated into our AI training models may not be able to be deleted or modified due to the technical nature of machine learning systems. This is disclosed in our Terms of Service.

To exercise your rights, contact us at: [email protected]

7. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure appropriate safeguards through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Certified frameworks like EU-US Data Privacy Framework
  • Other legally recognized transfer mechanisms

8. Security Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security audits and assessments
  • Employee training on data protection
  • Incident response procedures

However, no system is 100% secure, and we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

9.1 Types of Cookies:

  • Essential Cookies: Necessary for service functionality
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings
  • Marketing Cookies: For targeted advertising (with consent)

9.2 Cookie Control: You can manage cookies through your browser settings. Note that disabling certain cookies may affect service functionality.

9.3 Third-Party Tracking: We use Google Analytics and other services that may track your activity across websites.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover we have collected information from a child under 18, we will delete it immediately.

11. Marketing Communications

We may send you marketing communications if:

  • You have provided consent
  • We have a legitimate interest (for existing customers)
  • As permitted by applicable law

You can opt out at any time by:

  • Clicking unsubscribe links in emails
  • Updating your account preferences
  • Contacting us at [email protected]

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Post updated versions on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or service notifications
  • Provide 30 days' notice for significant changes affecting EU/EEA users

13. Contact Information

For privacy-related questions or concerns, contact us:

13. Supervisory Authority

If you are in the EU/EEA and have concerns about our data processing, you may contact your local data protection authority. You can find your authority's contact information at: https://edpb.europa.eu/about-edpb/board/members_en

By using our Services, you acknowledge that you have read and understood this Privacy Policy.