Privacy Policy

Overview

This Privacy Policy describes how PoofBG Inc. ("PoofBG," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our website, API, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service. This policy should be read alongside our Terms of Service.

Data We Collect

We collect several types of information to provide and improve the Service:

Account Information

When you create an account, we collect information through our authentication provider, WorkOS. This may include your name, email address, profile picture, and authentication identifiers. The specific information collected depends on the sign-in method you choose (e.g., email, Google, GitHub).

Uploaded Images

When you use the Service, you upload images for background removal processing. We temporarily store these images and the processed results to deliver the Service. We do not use your uploaded images for AI model training.

Payment Information

Payment processing is handled entirely by Stripe. We do not directly collect or store your credit card numbers or bank account details. Stripe may collect your payment card information, billing address, and other payment-related data. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.

Usage Data

We automatically collect certain information when you access the Service, including your IP address, browser type and version, operating system, referring URLs, pages visited, time and date of access, and the number of images processed. This data helps us understand how the Service is used and how we can improve it.

Device Data

We may collect information about the device you use to access the Service, including device type, screen resolution, and browser capabilities. This data helps us optimize the Service for different devices.

How We Use Your Data

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service, including processing your images and delivering results.
• To manage your account, process payments, and provide customer support.
• To communicate with you about the Service, including sending service-related notices, updates, and promotional messages (with your consent where required).
• To monitor and analyze usage trends to improve user experience and Service performance.
• To detect, prevent, and address technical issues, fraud, and security threats.
• To comply with legal obligations and enforce our Terms of Service.

Data Processing

Your data is processed through the following systems and third-party services as part of delivering the Service:

AI Processing Pipeline

Uploaded images are processed through our AI-powered background removal pipeline. Images are analyzed and processed in real-time, and the results are delivered back to you. We do not retain images in the processing pipeline beyond what is necessary to complete the request.

Cloudflare R2

Uploaded images and processed results are stored on Cloudflare R2. Files are stored with encryption at rest and are accessible only through authenticated and time-limited URLs. Stored images are subject to our data retention policies.

Stripe

All payment processing is handled by Stripe. When you make a purchase, Stripe processes your payment information directly. We receive only non-sensitive transaction details (such as the transaction amount, date, and a reference ID) from Stripe. See Stripe's Privacy Policy.

WorkOS

User authentication is managed through WorkOS. When you sign in, WorkOS handles the authentication flow and provides us with your basic profile information. See WorkOS's Privacy Policy.

Data Storage & Security

We take the security of your data seriously and implement a variety of measures to protect it:

• All data is transmitted over HTTPS/TLS encrypted connections.
• Uploaded images and processed results are encrypted at rest on Cloudflare R2.
• Access to production systems is restricted and audited.
• API keys are hashed before storage and are never stored in plaintext.
• We conduct regular security reviews and follow industry best practices.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data, and you use the Service at your own risk.

Cookies & Tracking

We use cookies and similar technologies to operate and improve the Service:

Essential Cookies

These cookies are necessary for the Service to function. They include session cookies for authentication, security tokens, and preference storage (such as your theme selection). You cannot opt out of essential cookies while using the Service.

Analytics

We may use analytics tools to understand how users interact with the Service. These tools may set cookies to collect anonymized usage data such as page views, feature usage, and session duration. This data is used solely to improve the Service.

Most web browsers allow you to control cookies through their settings. Note that disabling certain cookies may affect the functionality of the Service.

Third-Party Services

We use the following third-party services to operate the Service. Each service has its own privacy policy governing data handling:

• Cloudflare — Cloud infrastructure, image storage (R2), and edge network services.
• Stripe — Payment processing, subscription management, and billing.
• WorkOS — User authentication and identity management.

We only share the minimum data necessary with each third-party service to provide the Service. We do not sell your personal data to any third parties.

Your Rights

Depending on your location, you may have certain rights regarding your personal data under applicable data protection laws:

GDPR Rights (European Economic Area)

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Access — The right to request a copy of your personal data.
• Rectification — The right to request correction of inaccurate personal data.
• Erasure — The right to request deletion of your personal data ("right to be forgotten").
• Restriction — The right to request restriction of processing of your personal data.
• Portability — The right to receive your personal data in a structured, machine-readable format.
• Objection — The right to object to processing of your personal data.
• Withdraw consent — The right to withdraw consent at any time where we rely on consent as a legal basis.

CCPA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know — The right to know what personal information we collect, use, disclose, and sell.
• Right to Delete — The right to request deletion of your personal information.
• Right to Opt-Out — The right to opt out of the sale of your personal information. Note: we do not sell personal information.
• Non-Discrimination — The right not to be discriminated against for exercising your CCPA rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law.

Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data — Retained for as long as your account is active. Upon account deletion, your data is removed within 30 days, except where retention is required by law.
• Uploaded images and results — Temporarily stored to deliver the Service. Images are automatically deleted according to our retention schedule.
• Payment records — Retained as required by applicable tax and financial regulations.
• Usage logs — Retained for up to 12 months for analytics and security purposes, then anonymized or deleted.

Children's Privacy

The Service is not intended for use by individuals under the age of 18 (or the applicable age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

International Transfers

PoofBG is based in the Netherlands and operates within the European Economic Area (EEA). Your data may be transferred to and processed in other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

Where data is transferred outside the EEA, we ensure that transfers of personal data are protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

By using the Service, you consent to the transfer of your data to jurisdictions as described in this policy.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice (such as a banner on the Service or an email notification).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated policy.

Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: [email protected]
• General support: [email protected]
• Website: poofbg.com