Privacy Policy

Last updated: April 6, 2025

This Privacy Policy describes how Antoni Ciechanowicz DGC E-COM ("we", "us", or "our") collects, uses, and protects your personal data when you use the cutlabAI mobile application ("the App"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), Polish data protection law, and other applicable regulations.

1. Data Controller

The data controller is Antoni Ciechanowicz DGC E-COM, ul. Bosmanska 32 lok. 19, 81-116 Gdynia, Poland. NIP: 9581754483. Contact: support@cutlabai.pl.

2. Information We Collect

We collect the following categories of data:

a) Account Data

When you sign in via Google or Apple (through Clerk authentication), we receive your name, email address, and profile picture. We store a unique user identifier, your email, and display name.

b) Content Data

Photos you upload for AI transformation, text prompts you provide, and generated output images/videos. This content is stored to provide the service (history, re-downloading results).

c) Usage & Technical Data

Device type, operating system, app version, approximate location (country level), and diagnostic data. This is collected automatically to improve the service.

d) Subscription & Payment Data

Subscription status and credit balance. Payment processing is handled entirely by Apple (App Store) and RevenueCat — we do not collect or store credit card numbers or payment details.

3. How We Use Your Data

We use your data for the following purposes:

  • Providing and operating the App — processing your photos with AI, maintaining your generation history, and managing your account.
  • Managing subscriptions — tracking your premium status and credit balance via RevenueCat.
  • Improving the service — analyzing aggregated, anonymized usage patterns to enhance features and performance.
  • Communications — sending important service updates and responding to support requests.
  • Legal compliance — fulfilling our legal obligations under applicable laws.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the App's services you requested.
  • Legitimate interests (Art. 6(1)(f) GDPR) — improving our service, preventing fraud, and ensuring security.
  • Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent, e.g., for optional communications.
  • Legal obligation (Art. 6(1)(c) GDPR) — when required by law.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers, solely to operate the App:

  • Clerk — authentication and user management.
  • Convex — backend database and real-time data storage.
  • RevenueCat — subscription and purchase management.
  • AI model providers — to process your photos (images are sent for transformation and not retained by these providers beyond processing).
  • Apple (App Store) — payment processing for subscriptions.

We may also disclose data when required by law, court order, or to protect our legal rights.

6. Data Retention

We retain your personal data for as long as your account is active and as needed to provide services. Generated content (photos, videos) is retained in your history until you delete it or your account. Upon account deletion request, we will delete or anonymize all personal data within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication via Clerk, and access controls on our backend systems. However, no method of electronic transmission or storage is 100% secure.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (where our service providers such as Clerk, Convex, and RevenueCat are based). These transfers are protected by Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by GDPR.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your data ('right to be forgotten').
  • Right to restriction — request limitation of processing.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — withdraw previously given consent at any time.

To exercise any of these rights, contact us at support@cutlabai.pl. We will respond within 30 days. You also have the right to lodge a complaint with the Polish supervisory authority (UODO — Urząd Ochrony Danych Osobowych).

10. Children's Privacy

cutlabAI is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy in the App or on this page. The 'Last updated' date at the top indicates the most recent revision.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: Antoni Ciechanowicz DGC E-COM, ul. Bosmanska 32 lok. 19, 81-116 Gdynia, Poland. Email: support@cutlabai.pl.