Privacy Policy | AI Product Image Generator for Ecommerce Image Sets

Overview

Product Creative Generator helps ecommerce sellers turn product photos into listing, detail-page, launch, ad, and social image sets. This Privacy Policy explains what personal data we process, why we process it, which providers help us run the service, and how you can contact us about your data.

Product Creative Generator is operated by Molith Lab.

Controller contact: Product Creative Generator, productcreativegenerator@molith.io.

Data We Collect

We collect data in these situations:

Account data: name, email address, login provider, avatar URL when provided by an OAuth provider, email verification state, account status, and Stripe customer ID when checkout is used.
Authentication and security data: session tokens, session expiry, IP address, user agent, password hash for credential login, OAuth account identifiers, and API key records if API keys are enabled.
Product creative data: uploaded product images, file names, storage URLs and keys, product name, product notes, platform, target market, language, visual theme, image set plan, generated prompts, task IDs, generation status, result URLs, and result storage keys.
Credits and payment data: credit balances, credit transaction history, package purchased, Stripe checkout session ID, invoice ID, payment status, price ID, and refund or failure records. We do not store full card numbers.
Support and contact data: the name, email address, and message you submit through the contact form or email support.
Newsletter data: email subscription status when newsletter features are enabled.
Technical and usage data: logs, device/browser data, performance events, and analytics events when optional analytics tools are enabled and you have consented where required.

Why We Use Data

We use data for the following purposes:

Create and secure user accounts.
Let users upload product images and submit image generation tasks.
Generate product creative sets through our AI provider.
Store input images and generated results so users can return to the result page and dashboard.
Deduct, refund, and display credits.
Process one-time credit package checkout and payment records.
Send verification, password reset, transactional, support, and optional newsletter emails.
Prevent abuse, investigate errors, debug provider callbacks, and protect the service.
Understand product usage and improve reliability when analytics tools are enabled with the required consent.

Legal Bases

Where GDPR applies, we rely on these legal bases:

Contract: to provide accounts, uploads, generations, credits, checkout, dashboard, result pages, and support.
Legitimate interests: to secure the service, prevent abuse, debug failures, improve reliability, and maintain business records that are not required by law.
Consent: for optional analytics, marketing, affiliate tracking, chat tools, newsletter subscription, and other non-essential cookies or similar technologies where required.
Legal obligation: to keep records required for accounting, tax, payment disputes, fraud prevention, and regulatory compliance.

You may withdraw consent for optional cookies and marketing features without losing access to the core service.

Providers and Recipients

We use service providers to operate Product Creative Generator. Depending on which features are enabled, data may be processed by:

PostgreSQL database hosting for account, credit, payment, and generation records.
S3/R2 compatible storage for uploaded product photos and generated result images.
AI generation infrastructure for asynchronous image generation tasks.
Stripe for checkout, invoices, customer records, and payment events.
Resend for transactional email, support email, and newsletter contacts.
Google OAuth when you choose Google sign-in.
Optional analytics providers configured by environment variables, such as Google Analytics, Umami, Plausible, Ahrefs, DataFast, OpenPanel, Seline, Microsoft Clarity, or PostHog.
Optional affiliate, captcha, chat, and notification providers when enabled.

We do not sell uploaded product photos or generated results. We do not publish user result pages in the sitemap. We do not use user-generated images as public examples unless we have separate permission.

AI Image Generation

When you submit a generation, we send the information required to create the requested image set to the AI provider. This may include input image URLs, product name, product notes, creative module instructions, platform, target market, and language. The provider returns task status and output image URLs. We transfer result images to our configured storage so they are not dependent on temporary provider URLs.

The service helps produce ecommerce creative assets. It does not make legal, financial, medical, credit, employment, or similarly significant decisions about you.

Cookies and Similar Technologies

We use essential cookies and browser storage for login, security, locale, theme, and draft recovery. Optional analytics, marketing, affiliate, and chat tools are loaded only after the relevant consent choice where required.

See the Cookie Policy for the current categories and preference controls.

Retention

We keep data only as long as needed for the purposes above:

Account records are kept while your account is active, unless deletion is requested or legal retention applies.
Auth sessions are short-lived and are configured to expire after a limited period.
Product creative records, uploaded images, and generated result images are kept while needed for dashboard history, result access, support, and auditability, unless deletion is requested and no legal retention applies.
Credit, payment, invoice, refund, and fraud-prevention records may be kept as required for accounting, tax, chargeback, and compliance obligations.
Support messages are kept while needed to resolve the request and maintain a reasonable support history.
Browser session draft data is stored on your device and can be cleared by your browser or after it is restored.

Backups and provider logs may take additional time to expire under their normal retention cycles.

Your Rights

Depending on where you live, you may have the right to:

Access your personal data.
Correct inaccurate data.
Delete data.
Restrict or object to processing.
Receive a portable copy of data you provided.
Withdraw consent where processing is based on consent.
Lodge a complaint with a data protection authority.

To make a request, contact productcreativegenerator@molith.io from the email address linked to your account when possible. We may ask for information needed to verify the request.

Security

We use authentication, provider boundaries, access controls, webhook secrets, and storage provider controls to protect data. No online service is completely risk-free, so you should avoid uploading files you are not allowed to process or share with a generation provider.

Children

Product Creative Generator is intended for business and ecommerce users. It is not directed to children. Do not use the service if you are not old enough to enter into the applicable terms in your location.

International Transfers

Our providers may process data in countries other than your country. Where required, we rely on contractual safeguards, provider data protection terms, adequacy decisions, or other lawful transfer mechanisms.

Changes

We may update this Privacy Policy when the product, providers, or legal requirements change. The date at the top of this page shows the latest published update.

Contact

For privacy, account, image deletion, or security questions, contact productcreativegenerator@molith.io.