Privacy Policy

fotolabs ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered real estate photo enhancement platform.

By creating an account or using fotolabs, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

Information you provide directly:

• Account Information: Name, email address, and password when you register. If you sign in with Google, we receive your name and email from Google.
• Workspace Information: Business name and any preferences you configure within your workspace.
• Payment Information: Billing details are processed securely by Stripe. We do not store your full card number — only a tokenized reference provided by Stripe.
• Content: Property photos and associated metadata (room type, project name, style preferences) that you upload to the Service.
• Communications: Messages you send us via email or support channels.

Information collected automatically:

• Usage Data: Pages visited, features used, processing actions taken, and timestamps.
• Device & Log Data: IP address, browser type, operating system, and referring URLs.
• Cookies: Session and preference cookies necessary for the Service to function. See Section 7 for details.

We use the information we collect to:

• Provide and deliver our AI photo enhancement and hosting services
• Process payments and send transaction confirmations
• Generate and host enhanced images, delivered links, and client delivery pages on your behalf
• Send service notifications, product updates, and support responses
• Monitor and analyze usage patterns to improve product quality and performance
• Detect and prevent fraud, abuse, or unauthorized access
• Comply with applicable legal obligations

We do not use your uploaded property photos to train AI models without your explicit consent.

fotolabs provides free, unlimited, indefinite hosting for all content associated with your account — including RAW source files, processed edits, exports, and client delivery links. Files are stored on distributed cloud infrastructure (AWS S3 / CloudFront) and are never automatically deleted while your account remains active.

You can delete any file or project at any time from your dashboard. Deletion is permanent and irreversible. Upon account closure, all associated files are removed from our systems within 30 days.

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Infrastructure Providers: AWS (storage and compute), Supabase (database and auth), and CloudFront (CDN delivery) process data on our behalf under data processing agreements.
• Payment Processor: Stripe handles payment transactions. Their privacy policy governs data collected during checkout.
• AI Processing: Uploaded images are sent to our AI processing pipeline (fal.ai) solely to produce the requested enhancements. Images are not retained by third-party AI providers beyond the processing request.
• Legal Requirements: We may disclose information when required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) for all data transfers
• Encryption at rest for stored files and database records
• Row-level security policies restricting workspace data access
• Access controls and audit logging for administrative operations

No system is completely secure. If you become aware of any security vulnerability or breach, please notify us immediately at security@fotolabs.co.

We use the following categories of cookies:

• Essential: Authentication session tokens required to keep you logged in. These cannot be disabled without breaking the Service.
• Functional: Preference cookies (e.g., selected workspace, UI state). These persist your settings across sessions.
• Analytics: Aggregated usage data to understand feature adoption and improve the product. No personally identifiable data is shared with analytics providers.

You can control non-essential cookies through your browser settings. Blocking essential cookies will prevent you from accessing the Service.

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a machine-readable format and transfer it to another service.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Restriction: Request that we restrict processing while a dispute is resolved.

To exercise any of these rights, contact us at privacy@fotolabs.co. We will respond within 30 days. We may ask you to verify your identity before acting on your request.

We retain your data for as long as your account is active or as needed to provide the Service:

• Account data: Retained until you close your account or request deletion.
• Uploaded photos and processed files: Stored indefinitely at no cost while your account is active. Files are never automatically purged.
• Payment records: Retained for 7 years to satisfy financial and tax reporting obligations.
• Logs and analytics: Aggregated data retained for up to 24 months; raw logs deleted after 90 days.

Upon account deletion, all personal data and associated files are permanently removed within 30 days, except where retention is required by law.

fotolabs is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

We may update this Privacy Policy periodically. For material changes, we will notify you by email or by displaying a notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of the Service after the effective date of any revision constitutes acceptance of the updated policy.

For privacy-related questions, requests, or concerns, please contact us:

fotolabs
Privacy inquiries: privacy@fotolabs.co
General inquiries: ayush@fotolabs.co