Juicifier

Privacy

GDPR and Privacy

Last updated: 30 April 2026

Introduction

This GDPR and Privacy Notice explains how Juicifier collects, uses, stores, shares, and protects personal data when you use juicifier.art, the web app, the API, payment flows, email flows, and related services.

It is intended to meet the transparency requirements of the General Data Protection Regulation (GDPR) where GDPR applies, while also explaining our privacy practices in plain language.

1. Controller and Contact

Juicifier is the controller for personal data processed through the Juicifier service unless a third-party service acts as an independent controller for its own processing, such as a payment provider processing card payments, tax records, fraud checks, or invoices.

For privacy requests, contact postmaster@juicifier.art. If you contact us about an account, use the email address connected to that account where possible so we can verify the request safely.

2. Personal Data We Collect

We may process the following categories of personal data:

  • account data, including email address, display name, password hash, verification status, account creation date, profile settings, subscription tier, billing status, token balance, lifetime token usage, and API token metadata;
  • content data, including uploaded images, generated image results, transform settings, workflow choices, filenames, job status, queue timestamps, download data, and processing metadata;
  • technical and security data, including IP address, user agent, session data, CSRF tokens, login events, registration events, verification events, API authentication events, rate-limit signals, error logs, and server logs;
  • billing-related data received from Polar, including customer identifiers, product identifiers, checkout events, subscription status, payment status, invoice references, discount or test-mode events, refund events, chargeback events, and webhook payloads;
  • communication data, including emails, support requests, legal notices, privacy requests, and related correspondence.

Juicifier does not intentionally store full payment card details. Card and payment method handling is performed by the payment provider.

3. How We Collect Data

We collect data directly from you when you create an account, log in, upload images, choose transform settings, use the API, contact support, or make a purchase.

We collect data automatically when the service creates sessions, logs security events, processes jobs, handles API requests, records errors, or checks token and subscription status.

We receive data from service providers when they send billing events, subscription updates, email delivery information, infrastructure logs, or other information needed to operate the service.

4. Purposes and Legal Bases

We process account, authentication, transform, token, API, and billing data to provide the service and perform our contract with you under Article 6(1)(b) GDPR.

We process billing, invoice, tax, compliance, dispute, and accounting records where necessary to comply with legal obligations under Article 6(1)(c) GDPR.

We process security logs, abuse-prevention data, rate-limit data, fraud signals, error logs, infrastructure diagnostics, and service improvement data based on our legitimate interests under Article 6(1)(f) GDPR in keeping Juicifier secure, reliable, fair, and protected from misuse.

Where we ask for optional consent for a specific activity, such as optional marketing or non-essential tracking if introduced later, the legal basis is Article 6(1)(a) GDPR. You may withdraw consent at any time.

5. Cookies and Similar Technologies

Juicifier uses essential cookies or similar session storage to keep you logged in, protect forms from CSRF attacks, remember session state, show flash messages, and operate authenticated areas of the service.

These essential technologies are required for the service and are not used for third-party advertising. If we introduce optional analytics or marketing cookies later, we will provide additional information and consent controls where required.

6. Recipients and Service Providers

We use service providers where necessary to operate Juicifier. These may include hosting providers, GPU processing providers, email providers, payment providers, DNS/domain providers, infrastructure tools, logging tools, and support tools.

Current infrastructure may include Contabo for hosting, Runpod for GPU processing, Polar for checkout and subscription handling, and domain or DNS providers for domain operation. Provider choices may change over time as the service evolves.

Service providers receive only the data needed for their role. For example, GPU infrastructure receives images and workflow data needed to process a job, while payment infrastructure receives checkout and billing data needed to handle purchases.

Some providers, especially payment providers, may act as independent controllers for their own legally required processing, such as fraud prevention, tax compliance, invoicing, anti-money-laundering checks, and payment records.

7. International Transfers

Some providers, infrastructure locations, or support systems may be located outside the European Economic Area. Where GDPR applies and personal data is transferred internationally, we rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or provider data protection terms.

Because GPU infrastructure can be capacity-based and location-dependent, processing locations may vary. We take reasonable steps to use providers that offer appropriate security and data protection commitments.

8. Retention

We keep personal data only as long as reasonably needed for the purposes described in this notice, unless a longer retention period is required or permitted by law.

  • Account data is kept while your account remains active and for a reasonable period afterward for support, security, dispute handling, and legal compliance.
  • Uploaded images and generated results may be retained while needed for job history, downloads, troubleshooting, abuse prevention, and account functionality.
  • Security, login, registration, API, and server logs are retained for a limited period needed to protect the service, investigate abuse, debug failures, and maintain reliable operations.
  • Billing, invoice, tax, and accounting records may be retained for statutory retention periods.
  • Support and legal correspondence may be retained while needed to resolve the request and protect legal rights.

You may request deletion where applicable, but some data may need to be retained for billing, security, fraud prevention, legal claims, or statutory obligations.

9. Your GDPR Rights

If GDPR applies to you, you may have the right to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of personal data where legal grounds apply;
  • request restriction of processing;
  • request data portability for data you provided to us where applicable;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a data protection supervisory authority.

To exercise these rights, contact postmaster@juicifier.art. We may need to verify your identity before acting on a request, especially for account access, export, or deletion requests.

10. Automated Checks

Juicifier does not use solely automated decision-making that produces legal or similarly significant effects on users. Automated checks may be used for email verification, login security, token checks, queue handling, rate limiting, API authentication, billing status, and abuse prevention.

11. Security

We use technical and organisational measures intended to protect personal data, including HTTPS, password hashing, CSRF protection, authenticated API access, server-side access controls, separation of service credentials, limited provider access, and operational monitoring.

No online service can guarantee absolute security. You should keep your password and API token confidential and notify us promptly if you suspect unauthorised access.

12. Children

Juicifier is not intended for children. Do not create an account or upload content if you are not legally able to agree to the Terms of Service or if using the service would violate age-related laws in your location.

13. Marketing and Service Emails

We send service emails that are necessary to operate Juicifier, such as email verification, account access, billing, security, support, and legal update messages.

If optional marketing emails are introduced later, we will provide a way to opt out where required. Opting out of marketing does not stop necessary service, billing, security, or legal communications.

14. Changes to This Notice

We may update this notice when the service, providers, infrastructure, legal requirements, or data practices change. The latest version will be available on this page and will show the latest update date.

If a change materially affects your privacy rights or how we process personal data, we will take reasonable steps to notify users through the service, website, or email.

15. Contact

For privacy, data protection, or account data requests, contact postmaster@juicifier.art.