Privacy Policy
Privacy is the point. We collect the minimum we need to run the service, we never train AI on your content, and we never sell your data. With your consent, we use product analytics to understand what works and where the product breaks. This policy explains exactly what we process, why, and the rights you have under the GDPR.
Feral Signal Limited, 20 Harcourt Street, Dublin 2, D02 H364, Ireland (company no. 814597) is the controller of your personal data. Contact our privacy team at privacy@generateporn.ai.
1.What we collect
- Account data — your email address and authentication identifiers, managed by our secure account system. You may also have a referral code.
- Generation data — the prompts, settings, and generated outputs associated with your jobs, plus mode, resolution, and timestamps. Your generated media is stored in object storage so you can access your library.
- Billing data — the billing name, email and postal address you provide at checkout; purchase and membership records (amount, currency, method, status, and membership term start and end); your Credits balance; payment-processor references used to process and reconcile payments; and masked card metadata such as card brand and last four digits. Payment is handled by our processors. We do not receive or store your full card number, card security code (CVV) or wallet credentials.
- Technical & security data — your IP address is processed for security and abuse prevention but is stored only as a salted hash, never in plain text; we also process basic device/browser information.
- Safety logs — records of blocked prompts and policy events, used to enforce our Acceptable Use Policy and cooperate with law enforcement where required.
2.What we never do
- We do not use your prompts, inputs, or outputs to train AI systems.
- We do not sell, rent, or share your personal data with advertisers or data brokers.
- We do not run advertising pixels, sell analytics data, or track you across unrelated sites.
- We do not store your IP address in plain text, and we do not build biometric or facial-recognition profiles.
3.Why we process data & legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Create your account & provide the service | Performance of a contract (Art. 6(1)(b)) |
| Process generations & manage Credits | Performance of a contract (Art. 6(1)(b)) |
| Process payments & keep financial records | Contract & legal obligation (Art. 6(1)(b),(c)) |
| Security, fraud & abuse prevention | Legitimate interests (Art. 6(1)(f)) |
| Enforce safety policies & report illegal content | Legal obligation & legitimate interests (Art. 6(1)(c),(f)) |
| Optional product analytics and conversion attribution | Consent (Art. 6(1)(a)) |
| Service & policy notifications | Contract / legitimate interests |
4.Who processes data for us
We use a small set of vetted sub-processors, each contractually limited to what they need to perform their function:
| Service | Purpose | Data |
|---|---|---|
| Secure account system | Authentication & account management | Email, auth identifiers |
| Hosting and storage services | Hosting, edge delivery, database & media storage | All service data, at rest & in transit |
| AI generation system | Running your generations | Prompt & generated media for the job |
| Payment processors | One-time card and cryptocurrency payments | Billing contact and address data, transaction and membership-term metadata, full card details handled by the processor, and cryptocurrency wallet addresses and transaction data needed to complete payment |
| PostHog | Consent-gated app product analytics, page views, feature usage and reliability signals | Device/browser data, app page and event data, approximate location, in-memory pseudonymous identifiers |
Each sub-processor operates under its own terms and applicable data-processing agreements. We do not grant any of them access beyond what their function requires.
5.How long we keep data
- Generations & library media are kept until you delete them or close your account.
- Account data is kept while your account is open.
- Billing & tax records, including purchase and membership records, masked card metadata and payment-processor references, are kept for as long as the law requires (typically up to 6–7 years).
- Safety & moderation logs are kept as long as needed for safety, legal, and law-enforcement purposes.
- When you delete your account, we remove your personal data within 30 days, except where retention is legally required (e.g. financial records) or necessary to investigate abuse.
6.International transfers
Some of our service partners operate outside the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision. You can ask us for details using the contact below.
7.Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. To exercise any right, email privacy@generateporn.ai or delete your account from your dashboard. We respond within one month.
You also have the right to lodge a complaint with your local supervisory authority. Our lead authority is the Irish Data Protection Commission (dataprotection.ie).
8.Security
We use encryption in transit (HTTPS/TLS) and at rest, salted hashing of IP addresses, and role-based access controls on production systems. No system is perfectly secure, so we encourage a strong, unique password. Report any suspected vulnerability to support@generateporn.ai.
9.Cookies
We use strictly-necessary cookies or local storage for authentication, age confirmation, consent preferences and session security. If you choose Accept, the app uses in-memory PostHog product analytics to measure app page views, feature usage and reliability, while landing pages may use first-party cookies for affiliate or referral conversion attribution. Landing pages do not load PostHog. Optional measurement stays off if you reject or close the banner. We do not use advertising cookies or cross-site ad tracking. See our Cookie Notice for the full list and controls.
10.Children
The service is strictly for adults. We do not knowingly collect data from anyone under 18. If you believe a minor has used the service, contact removals@generateporn.ai immediately and we will act.
Contact
- Privacy / data rightsprivacy@generateporn.ai
- Securitysupport@generateporn.ai
- PostalFeral Signal Limited, 20 Harcourt Street, Dublin 2, D02 H364, Ireland
We may update this policy; material changes are posted here with a new effective date.