Privacy

What we collect

When you sign in with Google, we receive your email address, display name, and Google profile picture. We use these to identify your account and display your name in the UI. Nothing else from your Google account is read or stored.

When you generate an image, we store:

• The prompt or Look slot values you submitted
• The model and quality tier used
• The resulting image and its metadata (size, model, timestamp)
• A flag indicating whether you uploaded a reference image — but not the uploaded image itself

When you buy credits, we store the Stripe payment ID and session ID, the amount and currency, the credit count, and the transaction status. We never see or store your card details — Stripe handles those directly.

Why we collect it

• To run the service (deduct credits, serve your archive)
• To bill you correctly
• To detect abuse and enforce the terms
• To diagnose bugs

We don't sell your data, run targeted ads, or share with data brokers.

Where it goes

To deliver the service, your data passes through a few third parties under standard data-processor agreements:

• Replicate — runs the AI models. Your prompts and reference images are sent to Replicate's API to produce the output.
• Cloudflare R2 — stores generated images.
• Stripe — processes credit purchases.
• Vercel — hosts the site and provides anonymized analytics (page views, no PII).
• Google — handles sign-in via OAuth.

Cookies

One cookie, set by our auth library to keep you signed in. It expires when your session ends. We don't set marketing or cross-site tracking cookies.

How long we keep it

• Account, profile, credit balance: until you delete the account
• Generations and prompts: until you delete them individually or delete the account
• Payment records: retained as required by tax law

Your rights

You can:

• See your data — the archive at /history shows every image we've generated for you, with metadata
• Delete a single generation — open it in the lightbox and click delete
• Delete your account — email [email protected] and we'll erase everything within 30 days
• Export your data — email [email protected] and we'll send a JSON dump

If you're in the EU, EEA, or UK, GDPR gives you these rights by law: access, rectification, erasure, portability, objection, and restriction. Exercise any of them by emailing [email protected].

Children

FluxGen isn't built for users under 13. If you're under 13, please don't sign up. If we discover an underage account, we'll close it and delete the data.

Changes

We'll update this page if our practices change. Material changes will be announced in the journal and by email.

Contact

Questions about this policy? [email protected]