Privacy Policy

At mnml.ai, we understand the importance of protecting your privacy and personal information. This privacy policy outlines how we collect, use, store, and protect your information when you use our services.

1Information We Collect

We collect the following types of information:

• Account Information: Email address, name (optional), and password (encrypted) when you create an account.
• Google Sign-In Data: If you sign in with Google, we receive your email address, name, and profile picture from Google. We use this solely for account creation and authentication.
• User Content: Images you upload and AI-generated images created using our service.
• Usage Data: Features used, generation parameters, and credit usage history.
• Technical Data: IP address, browser type, device information, and pages visited.
• Payment Data: Billing information processed securely through our payment providers (Stripe). We do not store your credit card details.

2How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To create and manage your account, authenticate your identity, and provide AI image generation services.
• Communication: To send you service updates, security alerts, and support messages.
• Billing: To process payments and maintain transaction records.
• Service Improvement: To analyze usage patterns and improve our services (using anonymized data).
• Security: To detect, prevent, and address security issues and abuse.

We do NOT: Sell your personal data, use your images for AI model training without consent, or share your data with advertisers.

3Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide our services (account management, AI generation, billing).
• Legitimate Interest: Processing for security, fraud prevention, and service improvement.
• Consent: Marketing communications and optional analytics (you can withdraw consent anytime).
• Legal Obligation: Retaining financial records as required by law.

4Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted during transmission and when stored on our servers.
• Password Security: Passwords are securely hashed and never stored in plain text.
• Access Controls: Strict access controls limit who can access your data.
• Regular Audits: We regularly review our security practices and conduct security assessments.

5Data Retention

We retain your data only as long as necessary:

• Account Data & Content: Retained while your account is active. Permanently deleted within 30 days of account deletion request.
• Financial Records: Retained for up to 7 years as required by law.

6Third-Party Service Providers

We work with trusted third-party providers to deliver our services. These providers are contractually bound to protect your data:

• Cloud Infrastructure: Secure hosting providers in the EU for data storage and processing.
• AI Processing: Third-party AI providers to generate images based on your inputs.
• Stripe: Secure payment processing. We do not store your credit card details.
• Google: Authentication services when you choose to sign in with Google.

All service providers are required to protect your data and may only use it to provide services on our behalf.

7International Data Transfers

Your data may be processed in different countries to provide our services. We ensure appropriate safeguards are in place:

• Primary data storage is in the European Union for GDPR compliance.
• When data is transferred outside the EU, we use legally approved mechanisms to protect your data.
• All service providers are contractually required to protect your data.

8Your Data Rights

Under GDPR and applicable data protection laws, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data.
• Right to Data Portability: Receive your data in a portable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe we have violated your data protection rights.

To exercise any of these rights, contact us. We will respond within 30 days.

9Security Incident Notification

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of confirmation. We will provide details about the incident, the types of data affected, steps we are taking, and any recommended actions for you.

10Children's Privacy

Our service is not intended for children under the age of 16 (EU) or 13 (US). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information and terminate the account.

11Cookies

12Changes to Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. For material changes, we will provide at least 30 days advance notice via email before the changes take effect. We will also update the "Last Updated" date at the bottom of this page.

13Contact Us

If you have any questions about this privacy policy, wish to exercise your data rights, or have security concerns, please contact us.