Privacy Policy

Last Updated: December 8, 2025

1. Introduction

VIXAL ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered image generation service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you sign in with Google OAuth, we collect your email address, name, and profile picture
  • Image Prompts: Text descriptions you provide to generate images
  • Reference Images: Images you upload as references for your projects. These are stored so you can reuse them until you delete them or the related project.
  • Payment Information: Processed through our payment partner Creem.io (we do not store credit card details)

2.2 Automatically Collected Information

  • Usage Data: Information about how you use the Service, including generated images, credit usage, and generation parameters
  • Device Information: Browser type, operating system, IP address, and basic configuration details sent by your browser
  • Log Data: Server logs including access times, pages viewed, and technical errors
  • Cookies: Essential cookies for authentication and session management

2.3 Generated Content

Images generated using our Service are stored in your projects so that you can download, organize, and reuse them. You can delete images from a project at any time; when you do, we remove them from active storage. We may retain lightweight metadata about generated images (e.g., style, quality, timestamps) for analytics, billing, abuse prevention, and service improvement.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process your image generation requests using Google's AI
  • Manage your account and credit balance
  • Process payments and maintain transaction records
  • Communicate with you about your account, updates, and support
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations
  • Enforce our Terms of Service

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with trusted third-party providers who assist in operating our Service:

  • Google's AI: Image prompts and reference images are sent to Google's AI service to generate images
  • Supabase: Hosts our database containing user accounts, credit balances, and usage logs
  • Creem.io: Processes credit card payments and manages transactions

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Account Information: Retained while your account is active and for a reasonable period after deletion
  • Generated Images: Stored in your projects while your account remains active or until you delete them. We may also keep limited backups for a short period for disaster recovery.
  • Usage Logs: Retained for analytics and fraud prevention purposes
  • Transaction Records: Retained for accounting and legal compliance purposes

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using HTTPS/TLS
  • Secure authentication using Google OAuth 2.0
  • Row-level security policies in our database
  • Regular security audits and updates
  • Restricted access to personal data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information by logging into your account. For additional access requests, contact us at contact@vixal.art.

7.2 Account Deletion

You may request deletion of your account by contacting us. We will delete your personal information, subject to legal retention requirements.

7.3 Data Portability

You may request a copy of your personal data in a structured, machine-readable format.

7.4 Marketing Communications

If we send marketing or product update emails, you can opt out by clicking the unsubscribe link or contacting us. You cannot opt out of essential service-related communications (such as billing or security notices).

7.5 Do Not Track

Our Service does not currently respond to Do Not Track (DNT) browser signals.

8. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using the Service, you consent to the transfer of your information to these countries.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at contact@vixal.art.

11. European Union Users (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, contact us at contact@vixal.art.

12. Cookies and Tracking Technologies

We use essential cookies to:

  • Maintain your logged-in session
  • Remember your preferences
  • Ensure security and prevent fraud

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features of the Service.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last Updated" date at the top of this policy indicates when it was last revised.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: contact@vixal.art

Service: VIXAL

Website: https://vixal.art

16. Data Protection Officer

For GDPR or other privacy-related inquiries, you may contact us at contact@vixal.art. While we have not appointed a formal Data Protection Officer, we will review and handle your request in line with applicable data protection laws.

By using VIXAL, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.