MightyPhoto

Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains what personal information MightyPhoto collects, how we use it, who we share it with, and what choices you have. We aim to collect only the information reasonably needed to operate, secure, and support the Service.

Who we are

MightyPhoto is the controller responsible for this Privacy Policy and for privacy questions and requests about the Service. You can contact us at privacy@mightyphoto.ai.

What we collect

  • Account information: your name, email address, password hash, account identifiers, email verification status, and authentication records. If you sign in with a social provider, we also receive the identifiers and profile information that provider shares with us.
  • Profile and preference details: profile fields you choose to save, such as first and last name, plus locale, timezone, profile image, and email preference fields.
  • Photos, prompts, and edits: the photos you upload, the prompts you submit, the edited images generated for you, and related metadata such as original filename, file type, size, dimensions, timestamps, and processing status.
  • Billing and purchase records: Stripe customer IDs, checkout session IDs, payment status, credit-pack purchases, credits granted or reversed, and related transaction metadata. We do not receive or store your full card number.
  • Referral, analytics, and advertising data: referral URLs, UTM campaign parameters, signup and purchase conversion events, page and feature usage, cookie or similar identifiers, and similar measurement data.
  • Session, device, and security data: session tokens, IP address, user agent, browser-provided language, timestamps, last-active time, and similar technical data used to authenticate you, keep you signed in, detect abuse, and debug problems.
  • Support communications: information you send us if you contact support or ask for a refund, deletion, export, or other help.

Where it comes from

Most of the information we collect comes directly from you when you create an account, upload a photo, submit a prompt, buy credits, or contact us. We also receive information from third parties you choose to use with the Service, such as Google or Apple for sign-in, Stripe for payments, Google for analytics and advertising measurement, and our infrastructure providers, plus technical data collected automatically when you use the Service.

How we use your information

We use personal information to:

  • create and manage your account;
  • authenticate you and keep you signed in;
  • store your uploaded photos and generated edits;
  • send your prompts and photos to our AI provider so we can generate edits for you;
  • process payments, grant credits, handle refunds, and prevent payment fraud;
  • send transactional emails, respond to support requests, and manage service notices;
  • measure referrals, ad conversions, and product usage so we can understand and improve the Service;
  • send marketing messages only where permitted by law and your choices;
  • secure, monitor, maintain, and debug the Service;
  • enforce our Terms and prevent misuse;
  • comply with legal obligations and protect our rights, users, and providers.

How your photos and prompts are handled

Photos you upload are stored in Cloudflare R2 and associated with your account. When you request an edit, we send the relevant photo and your prompt to our third-party AI provider, currently Google Gemini API, to generate the output you asked for. The specific provider or model may change as the Service changes.

We do not use your photos, prompts, or edits to train a MightyPhoto model, and we do not intentionally publish them as training datasets. Third-party AI provider handling is governed by that provider's own terms and privacy commitments and may include automated review, manual review, logging, retention, or other processing for abuse prevention, safety, legal compliance, debugging, or service operations.

Photos and edits in your account are private to your account. We do not publish them publicly unless you choose to download, share, or publish them yourself. You should not upload photos that you do not have the right or consent to process through the Service.

Who we share data with

  • AI image-editing provider: photos and prompts submitted for AI processing, plus related technical metadata needed to provide the service.
  • Stripe: payment and refund processing.
  • Cloudflare: hosting, storage, database, email, security, and related infrastructure services.
  • Sign-in providers: Google or Apple, if you choose to use them to authenticate.
  • Google Analytics and Google Ads: analytics and conversion measurement in the app, as described in the Cookies section below.
  • Legal or business recipients: if reasonably necessary to comply with law, enforce our Terms, protect rights or safety, or complete a business transfer such as a sale or reorganization.

We do not sell personal information for money. We do not intentionally provide your photos, prompts, or edits to data brokers or ad networks for targeted advertising. Some analytics and advertising measurement disclosures may be considered "sharing," "targeted advertising," or similar activity under certain privacy laws. You can request an opt-out by emailing privacy@mightyphoto.ai.

Cookies, analytics, and similar technologies

The app (app.mightyphoto.ai), including login, signup, and signed-in pages, may use Google Analytics and Google Ads conversion tracking. These tools can set or read cookies and similar identifiers and share usage data with Google. You can opt out of Google Analytics via the Google Analytics opt-out browser add-on, your browser's tracking-protection features, or by emailing privacy@mightyphoto.ai.

We also use essential cookies and similar session technologies to sign you in, keep you signed in, and protect account security.

If you arrive on login or signup pages with referral or UTM campaign information, we may store that information in a short-lived attribution cookie for up to 7 days and then save it to your account if you sign up.

Retention

We keep different categories of data for different periods depending on why we collected them:

  • Account data: generally until you delete your account or ask us to delete it.
  • Photos and edits: until you delete them in the app or ask us to delete your account or data.
  • AI provider records: retained by the provider according to its own terms and operational policies.
  • Referral and attribution data: attribution cookies last up to 7 days; attribution fields saved to your account are generally kept with your account.
  • Purchase, ledger, and tax-related records: as long as reasonably needed for accounting, fraud prevention, dispute handling, and legal compliance.
  • Security, analytics, and server logs: for as long as reasonably needed for abuse prevention, debugging, measurement, and operations, typically shorter periods than account records.

Your choices and privacy rights

You can request access to, correction of, export of, or deletion of your personal information by emailing privacy@mightyphoto.ai. You can also ask us to opt you out of marketing email and legally required sale, sharing, or targeted-advertising disclosures.

The app currently lets you delete individual photos and edits yourself. Full account deletion and data export are handled manually through support unless and until we add self-serve tools for them.

Depending on where you live, you may also have additional privacy rights under applicable law, such as rights to know what we collect, access or receive a copy of your information, correct inaccurate information, delete information, limit certain uses of sensitive information, opt out of certain disclosures, and appeal a decision. We may need to verify your request and may retain information where permitted or required for security, legal, tax, accounting, dispute, backup, or fraud-prevention purposes.

Security

We use reasonable administrative, technical, and organizational safeguards to protect personal information. No system is perfectly secure, and we cannot guarantee absolute security.

International processing

We and our service providers may process and store information in Canada, the United States, and other countries where we or they operate. Privacy laws in those places may differ from the laws where you live.

Children and age restrictions

MightyPhoto is not intended for anyone under 18, and we do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, contact us and we will investigate and, where appropriate, delete the information.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted here with a new "Last updated" date.

Contact

Questions or requests? Email privacy@mightyphoto.ai.