Privacy Policy

Last updated: March 27, 2026

Shotixy ("we," "our," or "us") is operated by Shotixy. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

By using Shotixy (photoai.co), you agree to the collection and use of information in accordance with this policy. If you have any questions, contact us at privacy@photoai.co.

1. Data We Collect

We collect information to provide and improve our service. The types of data we collect include:

Account Information

When you create an account, we collect your email address, name, and a hashed password (or your OAuth identifier if you sign in with Google). We also collect your subscription plan and billing information through our payment processor (Stripe).

Usage Data

We collect information about how you interact with the service: which features you use, how many photoshoots you generate, session timestamps, browser type, device type, and IP address. This data is used to improve the product and detect abuse.

Product Images

When you use Shotixy, you upload product images and we generate new images based on them. Both the uploaded images and generated results are stored on our servers to allow you to access them later. See the "Image Data" section for important details on how these are handled.

Payment Information

We do not store credit card numbers. Payment processing is handled entirely by Stripe, a PCI-DSS compliant payment processor. We receive only a payment confirmation and basic billing details (last 4 digits, expiry) for display purposes.

Communications

If you contact us via email or through our support channels, we keep records of that correspondence to help resolve your inquiry.

2. How We Use Your Data

We use the information we collect to:

  • Provide and operate the Shotixy service, including generating product images from your uploads
  • Manage your account, subscription, and billing
  • Send transactional emails (account confirmation, password resets, subscription receipts)
  • Improve the product by understanding usage patterns and identifying issues
  • Enforce our Terms of Service and prevent fraud or abuse
  • Respond to customer support requests
  • Send marketing communications, only with your explicit opt-in consent

3. Data Storage and Security

Your data is stored securely using Supabase, a PostgreSQL-based database and storage platform. Supabase is hosted on AWS infrastructure with industry-standard security measures including encryption at rest and in transit.

Product images (both uploaded and generated) are stored in Supabase Storage with access controlled by Row-Level Security (RLS) policies, meaning only you can access your own images.

All data transmission between your browser and our servers uses TLS (HTTPS). We never transmit sensitive data over unencrypted connections.

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

Shotixy uses the following third-party services to operate. Each has their own privacy policy:

Supabase

Database, authentication, and file storage. Your account data and images are stored on Supabase infrastructure.

fal.ai

AI image generation platform. When you generate a photoshoot, your product image is sent to fal.ai's API for processing. fal.ai processes the image to generate the requested output and returns the result. fal.ai does not retain your images for training purposes.

Anthropic (Claude)

We use Anthropic's Claude API for certain AI-powered features, including scene analysis and prompt enhancement. Data sent to Anthropic is subject to their API usage policy. Anthropic does not use API data to train models.

Stripe

Payment processing. All payment information is handled directly by Stripe and subject to their privacy policy. We do not have access to your full card details.

Vercel / Cloudflare

Web hosting and CDN. Our web application is served through Vercel infrastructure with Cloudflare providing CDN and DDoS protection.

5. Image Data

Your uploaded product images and generated results are yours. We do not use your images to train AI models, share them with third parties for marketing, or use them for any purpose other than delivering the service to you.

Images you upload are transmitted to fal.ai for AI processing. This is necessary to generate the photoshoot output. fal.ai processes the images transiently and does not retain them beyond the API call.

Generated images are stored in your private account storage on Supabase. They are accessible only to you and are not publicly shared or indexed.

You may delete your images at any time from your account settings. Upon account deletion, all your images are permanently removed from our storage within 30 days.

6. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies.

We may use lightweight analytics tools to understand aggregate usage patterns (e.g., page views, feature usage). These analytics do not track you personally across websites.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (e.g., billing records may be retained for up to 7 years as required by tax law).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a portable format.
  • Opt-out: Opt out of marketing communications at any time via the unsubscribe link in any email.

To exercise any of these rights, contact us at privacy@photoai.co.

9. Children's Privacy

Shotixy is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for significant changes, notify you by email or via a notice in the app.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Shotixy / Shotixy

Email: privacy@photoai.co