Logo Paintit.ai
/Privacy Policy

Privacy Policy of Paintitai LTD 

Last Updated: Dec 1, 2025

This Privacy Policy ("Policy") describes how Paintitai LTD ("we," "us," or "Company") collects, uses, stores, discloses, and protects personal data of users ("you" or "User") of the Paintit.ai web application at app.paintit.ai and related products and services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Policy.

1. Definitions
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • "Input" means any text, images, or other materials you submit to the Service.
  • "Output" means the results generated by the Service based on your Input.
2. Data We Collect
  1. Registration Data: name, email address, date of birth (if required to verify age).
  2. Payment Data: payment card details or account information, processed by Stripe, Inc. (https://stripe.com).
  3. Technical Data: IP address, device identifiers, browser type, operating system, server logs.
  4. Usage Data: history of images generated or modified, features used, chat interactions with AI.
  5. Marketing Data: advertising identifiers, click-through and impression data.
  6. Referral Data: referral codes and rewards activity.
  7. Content Data: the actual content of your prompts, messages, and chat history with our AI assistant, as well as any images and other files you upload, generate, or modify using the Service (together with associated metadata such as timestamps, model parameters, and style presets).
  8. Affiliate Program Data: if you join our affiliate program, we collect information such as your name, email address, affiliate ID, payout details, referral link performance, and commission history. This data is used to track referrals, calculate commissions, and operate the affiliate program, and may be processed through our affiliate tracking provider Tolt, Inc.

Sources: Directly from you; automatically via cookies and similar technologies; from our advertising and affiliate partners.

We do not intend the Service to be used for the submission or processing of special categories of personal data (such as health information, financial account numbers, government identifiers, information about children, or data revealing racial or ethnic origin, political opinions, religious beliefs, or sexual orientation). Please do not include such information in your Input. If you nevertheless choose to provide such data, you do so at your own risk, and we process it only as necessary to provide the Service and in accordance with this Policy.

3. Purposes and Legal Bases for Processing
PurposeLegal Basis
Account creation, authentication, and managementPerformance of contract
Payment processing and billingPerformance of contract
Service personalization and improvement (GTM, GA4, Clarity)Legitimate interests of the Company
Marketing communications (upon consent)Your consent
Analytics and reportingLegitimate interests of the Company
Referral program administrationPerformance of contract / Legitimate interests
Targeted advertising via third-party platformsLegitimate interests of the Company
Affiliate program administration (including tracking referrals, calculating commissions, and issuing payouts)Performance of contract / Legitimate interests of the Company
Operating, maintaining, and improving our AI models and image generation systems (including quality control, testing, and training of models using Content Data)Legitimate interests of the Company; where required by applicable law, your consent
Deriving aggregated insights from Content Data for product analytics, audience segmentation, and measuring the effectiveness of our marketing campaigns and advertisingLegitimate interests of the Company
4. Cookies and Similar Technologies

We use the following categories of cookies and tracking technologies:

  • Strictly Necessary Cookies: enable core functionality (authentication, security).
  • Performance & Analytics Cookies: Google Tag Manager (GTM), Google Analytics 4 (GA4), Microsoft Clarity.
  • Marketing Cookies: used by Meta (Facebook & Instagram), TikTok, Pinterest, and Google Ads for ad targeting.

You may manage or disable cookies via your browser settings or through the "Cookie Settings" section on our website. Although we do not respond to Do Not Track signals, when DNT is enabled we refrain from using marketing cookies.

4A. Content Review and AI-Assisted Processing
  • 4A.1. To operate the Service, investigate abuse, provide support, and improve our products, authorized employees and contractors may access and review Content Data on a strictly “need-to-know” basis and subject to confidentiality obligations.
  • 4A.2. We may process Content Data using third-party AI infrastructure providers, such as OpenAI, Google (Gemini), Anthropic (Claude), Perplexity AI, and similar vendors, to generate responses, perform analysis, and develop and test our models. Where we use API-based services (for example, the OpenAI API), we configure them so that data submitted through the API is not used to train those providers’ foundation models, in line with their documentation and data policies.
  • 4A.3. Where feasible, we aggregate, anonymize, or pseudonymize Content Data before using it for analytics, model training, or marketing-related purposes.
5. Disclosure to Third Parties

We share Personal Data with the following categories of service providers:

  1. Payment Processor:
    Stripe, Inc. (https://stripe.com)
    See Stripe's Privacy Policy sections on "Payment Data Processing," "Data Retention," and "Your Privacy Rights."
  2. Advertising Platforms:
    Meta Platforms, Inc. (Facebook & Instagram) – https://www.meta.com/legal/privacy
    See sections on "Targeted Advertising," "Use of Cookies and Local Storage," and "Data Sharing with Partners."
    TikTok Inc. – https://www.tiktok.com/legal/privacy-policy
    See sections on "Personalization and Advertising," "Information Collected from Your Device," and "Third-Party Sharing."
    Pinterest, Inc. - https://policy.pinterest.com/privacy-policy
    See sections on "Ad Targeting," "Cookies and Similar Technologies," and "Sharing Information with Businesses."
    Google LLC (Google Ads) - https://policies.google.com/privacy
    See sections on "Advertising Services," "Information Google Collects," and "Data Use for Ad Personalization."
  3. Affiliate Networks:
    AWIN AG - https://www.awin.com/gb/privacy-policy
    See "Tracking Technologies," "Data Collected in the Program," and "Your Rights."
    CJ Affiliate by Conversant – https://www.cj.com/privacy-policy
    See "Cookies and Tracking," "Data Use for Commissioning," and "Opt-Out Mechanisms."
    Webgains Ltd – https://www.webgains.com/legal/privacy-policy
    See "Partner Tracking," "Retention of Click and Conversion Data," and "Your Rights."
    Skimlinks Ltd – https://skimlinks.com/privacy/
    See "Link Transformation," "Data Collected," and "Data Sharing Practices."
  4. Analytics Providers:
    Google Analytics 4 (GA4) – https://policies.google.com/privacy
    See sections on "Data Collection," "Use of Data," and "Data Retention."
    Microsoft Clarity – https://privacy.microsoft.com/privacystatement
    See "Usage Data Collection," "Session Recording," and "Your Privacy Choices."
  5. Affiliate Tracking Provider:
    Tolt, Inc. – https://tolt.com and https://tolt.io
    We use Tolt’s affiliate tracking platform to operate our affiliate program, including tracking visits and sign-ups generated through affiliate links, calculating commissions, and managing payouts. Tolt acts as an independent data controller or processor (as applicable) for certain processing activities.
    You can learn more about how Tolt processes personal data in Tolt’s Privacy Policy, available at https://tolt.com/privacy-policy. We encourage you to review Tolt’s privacy documentation for details on data collection, use, and your rights in relation to Tolt’s services.
    To the extent permitted by law, we are not responsible for Tolt’s independent processing activities, websites, or services, which are governed by Tolt’s own terms and privacy policies.
  6. AI Infrastructure and Model Providers:
    OpenAI OpCo, LLC – https://openai.com
    Anthropic PBC (Claude) – https://claude.ai and https://privacy.claude.com

    We use these providers to host and run certain AI models, generate responses, and analyze Content Data as described in this Policy. These providers process data under their own privacy policies and, where applicable, under data processing agreements with us. We encourage you to review their privacy documentation for details on their practices.

    To the extent permitted by law, we are not responsible for such providers’ independent processing activities, which are governed by their own terms and privacy policies.

When transferring data outside the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses (SCC) or other legally recognized transfer mechanisms to ensure adequate protection.

6. Data Retention
  • Account and Transaction Data: retained as long as necessary to fulfill contractual obligations and for at least one (1) year after account closure.
  • Analytics and Marketing Data: retained for up to two (2) years from collection.
7. Your Rights

You have the right to:

  • Access your Personal Data;
  • Rectify inaccurate data or complete incomplete data;
  • Erase your data ("right to be forgotten");
  • Restrict processing of your data;
  • Object to processing based on legitimate interests;
  • Port your data in a structured, commonly used format;
  • Withdraw consent at any time for processing based solely on consent.

Where we rely on legitimate interests as our legal basis (for example, to improve our models or for certain marketing and analytics uses), you have the right to object to such processing. If you object, we will cease processing your Personal Data for those purposes unless we demonstrate compelling legitimate grounds or are required to continue by law.

To exercise any of these rights, please contact us at hi@paintit.ai.

8. Security Measures

We implement organizational and technical safeguards, including encryption, access controls, and regular security audits. Access to Personal Data is limited to authorized personnel only.

9. Legal Disclosures

We may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, to the extent permitted by law.

10. Age Restrictions

Consistent with our Terms of Service, we do not knowingly collect Personal Data from children under 13. Users aged 13–17 may use the Service only with parental or guardian consent.

11. Changes to This Policy

We reserve the right to modify this Policy at any time. Material changes will be communicated at least thirty (30) days before taking effect via email and/or in-app notification.

12. Contact Information

If you have questions or concerns about this Policy or our data practices, please contact:

PAINTITAI LTD
52 Leytonstone road, London, E15 1SQ, UK
Phone: +44 7366 359241
Alternate Phone: +34 697 357 937
Email: hi@paintit.ai