Privacy Policy

1. Introduction

This Privacy Policy explains how Anteambulo Pty Ltd (ABN 49 657 365 681) (“we”, “us”, or “our”) collects, uses, discloses, and protects personal information in connection with Imagine Studio (“Service”), available at imaginestud.io.

We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy applies to all users of the Service, regardless of location.

2. Information We Collect

We collect the following types of personal information:

2.1 Account Information

When you create an account, we collect your email address and any display name or profile information you choose to provide.

2.2 Payment Information

Payment processing is handled by Stripe. When you subscribe to a paid plan, Stripe collects your payment details (credit card number, expiration date, billing address). We do not store your credit card details on our servers. We receive from Stripe a limited set of information including a payment token, the last four digits of your card, your card type, and billing history.

2.3 Usage Data

We do not permanently store your usage data. Your generated images and edit history are stored locally in your browser (IndexedDB) and are not retained on our servers. When you generate or edit an image, your text prompts and generation parameters are transmitted through our servers to Venice.ai for processing. This data is forwarded to Venice.ai in real time and is not logged or stored by us.

2.4 Technical Data

We do not actively collect or store technical data such as IP addresses, browser type, or device information. However, our hosting provider (Railway) may automatically log standard HTTP request metadata (including IP addresses and timestamps) as part of its infrastructure. These logs are managed by Railway in accordance with their privacy policy and are not accessed by us except when investigating security incidents or abuse.

2.5 Cookies

We use cookies solely for authentication and session management via Supabase. We do not use analytics or tracking cookies. See Section 10 for more details.

3. How We Collect Information

We collect personal information:

• Directly from you — when you create an account, subscribe to a paid plan, or contact us
• Automatically — through cookies for authentication and session management when you use the Service
• From third parties — from Stripe (payment confirmation and billing data) and from authentication providers if you sign in using a third-party service

We only collect personal information that is reasonably necessary for our functions and activities, in accordance with APP 3.

4. Why We Collect, Use, and Disclose Your Information

We collect, use, and disclose your personal information for the following purposes:

• Providing the Service — managing your account and facilitating access to AI image generation via Venice.ai
• Payment processing — managing subscriptions, processing payments, issuing receipts and invoices
• Service improvement — improving the Service, fixing issues, and developing new features
• Safety and moderation — enforcing our Acceptable Use Policy and preventing prohibited content
• Communication — responding to your enquiries, sending service-related notifications, and (with your consent) marketing communications
• Legal compliance — complying with applicable Australian laws, regulations, and lawful requests from authorities
• Security — detecting and preventing fraud, abuse, and unauthorised access

5. Disclosure to Third Parties

We may disclose your personal information to the following categories of third parties:

We do not sell your personal information to any third party.

6. Cross-Border Disclosure

In accordance with APP 8, we inform you that your personal information may be disclosed to recipients located outside Australia. Specifically:

• Venice.ai — AI model provider with servers in the United States. Your text prompts and generation parameters are forwarded through our servers to Venice.ai for processing.
• Stripe — Payment processing infrastructure in the United States.
• Supabase — Cloud infrastructure for authentication and data storage in the United States.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles your information in a manner consistent with the APPs. However, where information is transferred to an overseas recipient, you acknowledge that the overseas recipient may not be subject to the Privacy Act and you may not be able to seek redress under the Privacy Act against the overseas recipient.

7. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, in accordance with APP 11. Our security measures include:

• Encryption of data in transit using TLS/SSL
• Secure authentication through Supabase with industry-standard practices
• Payment data handled by Stripe, which is PCI DSS Level 1 certified
• Access controls limiting who can access personal data
• Regular review of our security practices and procedures

While we take reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

8. Access and Correction

In accordance with APPs 12 and 13, you have the right to:

• Access the personal information we hold about you
• Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading

To make an access or correction request, please contact us at support@imaginestud.io. We will respond to your request within 30 days. We may require you to verify your identity before processing your request. In certain limited circumstances permitted by the APPs, we may refuse to provide access or make corrections, in which case we will provide you with written reasons.

9. Data Retention and Destruction

We retain your personal information only for as long as it is needed for the purposes described in this Policy or as required by law. Specifically:

• Account data is retained while your account is active and for a reasonable period afterwards to comply with legal obligations
• Payment records are retained as required by Australian tax law (generally 5 years)
• Generated images, prompts, and edit history are stored locally in your browser (IndexedDB) and are never transmitted to or stored on our servers

When your personal information is no longer required, we take reasonable steps to destroy or de-identify it, in accordance with APP 11.2. You may request deletion of your account and associated personal information by contacting us at support@imaginestud.io.

10. Cookies and Similar Technologies

We use only essential cookies managed by Supabase for authentication and session management. These cookies store your access token and refresh token so you can remain signed in across page visits. They cannot be disabled as the Service will not function without them.

We do not use analytics cookies, tracking cookies, or third-party advertising cookies.

11. Direct Marketing

In accordance with APP 7 and the Spam Act 2003 (Cth), we will only send you marketing communications where you have provided your express consent. All marketing emails include a functional unsubscribe mechanism. You may opt out of marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting us at support@imaginestud.io

Opting out of marketing does not affect service-related communications (such as billing notifications, security alerts, and Terms updates), which are necessary for the operation of the Service.

12. Children’s Privacy

The Service is restricted to users aged 18 years and over. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as practicable. If you believe that a minor has provided us with personal information, please contact us immediately at support@imaginestud.io.

13. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach that is likely to result in serious harm to any affected individuals, we will:

• Take immediate steps to contain the breach and assess the risk of serious harm
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals, including a description of the breach, the types of information involved, and recommended steps to take

14. Complaints

If you believe we have breached the APPs or otherwise mishandled your personal information, you may lodge a complaint with us:

• Email: support@imaginestud.io

We will acknowledge your complaint within 7 days and investigate it promptly. We aim to resolve complaints within 30 days. We will inform you of the outcome of your complaint in writing.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you by email or by posting a prominent notice on the Service. The “Last updated” date at the top of this page indicates when the Policy was last revised.

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

• Anteambulo Pty Ltd (ABN 49 657 365 681)
• Email: support@imaginestud.io