Privacy Policy

Last updated: April 2026

This policy explains what data Shotless collects, why, and what we do with it. Short version: only what we need to run the service, nothing sold to third parties.

1. What we collect

  • Account: email, hashed password (bcrypt), display name.
  • Content: product photos you upload, generated lifestyle images, prompts, scene selections.
  • Billing: Stripe customer ID + invoice history. We never see full card numbers.
  • Usage: basic app events (signups, generations, credits consumed) for product analytics and billing audit.

2. Third-party processors

  • AI processing provider — we send your product photo to our AI processing provider so their image model can generate the scene. Inputs are discarded after processing per the provider's retention policy.
  • Stripe — payment processing.
  • Object storage — we use a cloud object-storage provider to store your images.

3. What we do NOT do

  • We do not sell your data.
  • We do not use your uploads to train our models.
  • We do not share your images with other users.
  • We do not run ad networks or tracking beacons from third-party advertisers.

4. Cookies

We use one essential cookie (shotless_session) to keep you logged in. No analytics cookies or cross-site tracking at this time.

5. Retention

Account data: while your account is active. Generated images: kept forever in your library unless you delete them. Invoice records: 7 years (tax compliance). Logs of system events: 90 days.

6. Your rights

You can download all your images, export your generation history, and request full account deletion at any time. Email privacy@shotless.app.

7. Security

Passwords hashed with bcrypt. All traffic over HTTPS. Session cookies are HTTP-only and secure in production. Database access is restricted to the application layer. Payment details are handled exclusively by Stripe.

8. Contact

privacy@shotless.app