Privacy Policy

Last updated: March 2025

Situ.art ("we", "our", or "us") operates the Situ.art website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Data Controller

Situ.art is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

2. Information We Collect

Account Information

When you create an account, we collect your email address and encrypted password. If you sign in via a third-party provider (Google or GitHub), we receive your email address and basic profile information from that provider.

Artwork & Generated Images

When you use the Service, you upload artwork images and we generate background images, composite mockups, and enhanced images on your behalf. These images are stored in our cloud storage and associated with your account.

Usage Data

We automatically collect information about how you interact with the Service, including the number of images generated, backgrounds created, and downloads performed. This data is used to enforce usage limits based on your subscription tier.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number or full payment details. We store your Stripe customer ID and subscription status to manage your subscription. In-app purchase transactions on iOS are processed by Apple and managed through RevenueCat; we receive subscription status information but do not have access to your Apple payment details.

Cookies & Local Storage

We use cookies for session management and authentication. We use browser local storage to save your preferences (such as theme settings and app state). Anonymous visitors receive a session cookie for usage tracking purposes.

Device Information

When you use the mobile application, we may collect device type, operating system version, and a unique device identifier for the purpose of providing and improving the Service. We do not collect the Apple Advertising Identifier (IDFA) and do not track you across other apps or websites.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under UK data protection law:

  • Contract: Processing necessary to provide the Service you have signed up for, including account creation, image generation, and subscription management.
  • Legitimate Interest: Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent, such as opting in to marketing communications. You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. How We Use Your Information

  • Service Delivery: To process your artwork, generate backgrounds and composites, and provide the core functionality of the application.
  • Account Management: To manage your account, authenticate your identity, and communicate with you about your account.
  • Billing: To process payments, manage subscriptions, and enforce usage limits based on your tier.
  • Improvement: To understand how the Service is used and to improve its features and performance.

5. Third-Party Services

We use the following third-party services to provide our Service:

  • Supabase: Database hosting, user authentication, and file storage.
  • Stripe: Payment processing and subscription management (web).
  • RevenueCat: In-app purchase and subscription management (iOS).
  • AI Image Generation Services: We use third-party AI services to generate and enhance images. Your uploaded artwork and text prompts may be processed by these services. We select providers based on quality and reliability, and each operates under its own privacy policy.
  • Google Cloud Vision: Object detection in background images for scale reference purposes.

Each of these services has its own privacy policy governing the use of data they process on our behalf. We ensure appropriate data processing agreements are in place with each provider.

6. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, in accordance with UK data protection law.

7. Data Retention

We retain your account data and generated images for as long as your account is active. If you delete your account, all associated data (artworks, mockups, backgrounds, and usage records) are permanently deleted within 30 days.

Anonymous session data is retained for up to one year from the last activity.

8. Your Rights

Under UK data protection law, you have the following rights:

  • Access: You can view your data through the Settings page, or request a copy of the personal data we hold about you.
  • Deletion: You can delete your account and all associated data at any time from the Settings page.
  • Data Portability: You can download your generated images at any time.
  • Correction: You can update your email address through your account settings.
  • Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
  • Objection: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at hello@situ.art. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

9. Data Security

We implement appropriate technical and organizational security measures, including encryption in transit (HTTPS/TLS), row-level security policies on our database, and secure authentication practices. However, no method of electronic storage or transmission is 100% secure.

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

11. Apple App Store

If you access the Service through the iOS application downloaded from the Apple App Store, the following additional terms apply:

  • Apple Inc. is not responsible for the Service or its content.
  • Apple has no obligation to provide any maintenance or support services for the Service.
  • In the event of any failure of the Service to conform to applicable warranties, you may notify Apple and Apple will refund any applicable purchase price. To the maximum extent permitted by applicable law, Apple has no other warranty obligation with respect to the Service.
  • Apple is not responsible for addressing any claims relating to the Service, including product liability claims, any claim that the Service fails to conform to any applicable legal or regulatory requirement, or claims arising under consumer protection or similar legislation.
  • In the event of any third-party claim that the Service or your possession and use of the Service infringes that third party's intellectual property rights, Apple will not be responsible for the investigation, defence, settlement, or discharge of any such intellectual property infringement claim.
  • Apple and its subsidiaries are third-party beneficiaries of this Privacy Policy. Upon your acceptance of this Privacy Policy, Apple will have the right (and will be deemed to have accepted the right) to enforce this Privacy Policy against you as a third-party beneficiary.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will notify you via email or through the Service.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: