Privacy Policy

1. Introduction

FamilyCard AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered holiday card generation service.

By using FamilyCard AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect the following information when you use our Service:

• Account Information: Email address and full name when you register for an account
• Marketing Preferences: Your choice to receive marketing communications (opt-in only)
• Photos: Images you upload for holiday card generation
• Text Customization: Family names, greetings, and other text you add to your cards

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Information about how you interact with our Service, including cards generated, themes selected, and features used
• Device Information: Browser type, operating system, and device type
• Session Information: Authentication cookies to maintain your logged-in session
• Log Data: IP address, access times, and pages viewed for security and analytics purposes

2.3 Payment Information

Payment processing is handled entirely by Stripe, our payment processor. We do not store your credit card information. Stripe collects and processes your payment details according to their Privacy Policy.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• To process your uploaded photos and generate AI-powered holiday cards
• To store and provide access to your generated cards
• To manage your account and subscription credits
• To provide customer support and respond to your inquiries

3.2 Communication

• To send you magic link authentication emails
• To send transactional emails (order confirmations, account updates)
• To send marketing emails about new features and promotions (only if you opted in during registration or subsequently subscribed)

3.3 Service Improvement

• To analyze usage patterns and improve our Service
• To detect and prevent fraud and security issues
• To comply with legal obligations

Important: We do NOT use your uploaded photos to train AI models. Your photos are used solely to generate your requested holiday cards.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with the following third-party services:

• Stripe: For payment processing (name, email, payment information)
• Replicate: For AI image generation (uploaded photos only, no personal identifiers)
• Cloud Storage (S3/MinIO): For storing uploaded photos and generated cards
• Email Service Provider: For sending transactional and marketing emails

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.4 What We Don't Do

• We do NOT sell your personal information to third parties
• We do NOT share your photos with third parties for marketing purposes
• We do NOT use your photos to train AI models

5. Data Retention

We retain your information for as long as necessary to provide our Service:

• Account Information: Retained until you request account deletion
• Generated Cards: Stored indefinitely unless you delete them or close your account
• Uploaded Photos: Stored for 90 days after card generation, then automatically deleted
• Payment Records: Retained for 7 years for tax and accounting purposes
• Session Cookies: Expire after 30 days of inactivity

6. Your Privacy Rights

6.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for marketing purposes
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time

6.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell your information)
• Non-discrimination for exercising your privacy rights

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Marketing Communications

We only send marketing emails to users who have explicitly opted in. You can:

• Choose to receive marketing emails during registration (optional, unchecked by default)
• Unsubscribe at any time using the link in any marketing email
• Update your preferences by contacting us at [email protected]

Even if you opt out of marketing emails, we will still send you transactional emails related to your account and purchases.

8. Cookies and Tracking

FamilyCard AI uses cookies to provide and improve our Service. For detailed information about our cookie usage, please see our Cookie Policy.

We use only essential cookies:

• Session Cookie: To maintain your logged-in state (required for the Service to function)

We do NOT use analytics cookies, advertising cookies, or third-party tracking cookies.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Secure Storage: Your data is stored in secure, access-controlled databases
• Authentication: Magic link authentication ensures only you can access your account
• Payment Security: Payment processing is handled by PCI-compliant Stripe
• Access Controls: Limited employee access to personal data on a need-to-know basis

While we use commercially reasonable efforts to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

While our Service can be used to create cards featuring children, the account must be created and managed by an adult who has parental authority over any children in the photos.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. These countries may have different data protection laws than your country.

If you are located in the EEA, we ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Your explicit consent

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: [email protected]
• General Support: [email protected]
• Data Protection Officer: [email protected]