Privacy Policy
Last updated: May 15, 2026
1. Overview
This Privacy Policy explains what information is collected when you use this site (the "Service") and how it is used. By using the Service, you also agree to the Terms of Use.
2. Information we collect
- Uploaded images: Files you choose to upload for processing. These are sent to our servers and to third-party processors to generate your square output.
- Session identifier: A randomly generated ID stored in your browser to enforce upload limits, rewarded-ad unlocks, rate limits, and consent state.
- Technical metadata: Basic request data such as IP address (used only for rate limiting and abuse prevention), user-agent, timestamps, and error logs.
- Consent record: The fact that you accepted the Terms and this Privacy Policy, with a timestamp and a version identifier.
- Ad-related signals: If ads are enabled, third-party ad providers (e.g., Google) may set their own cookies or identifiers subject to their own policies.
3. How we use information
- To process your image requests and return the resulting square image.
- To enforce upload limits, rate limits, queue policies, and reward unlock logic.
- To detect, prevent, and respond to abuse, fraud, or misuse of the Service.
- To improve reliability, performance, and feature quality.
- To remember your acceptance of the Terms and this Privacy Policy.
4. Third-party processors
We rely on third-party services to operate the Service, which may include:
- AI image providers (such as Replicate) to perform outpainting.
- Hosting and database providers (such as Vercel and MongoDB Atlas).
- Advertising providers (such as Google) if ads are enabled.
When you submit an image for AI processing, the image (or a downscaled copy) is sent to the configured AI provider for processing. Your use of those services is also subject to their privacy policies and terms.
5. Retention
- Job records: AI job entries (including any temporary image data needed to complete them) expire automatically. By default, completed/failed jobs are removed within the configured TTL (commonly 24 hours).
- Consent records: Stored for as long as needed to demonstrate consent and comply with applicable obligations.
- Rate-limit and usage data: Kept only for short windows necessary to enforce limits.
- Logs: Retained for a limited period for security and reliability.
6. Security
We use reasonable technical and organizational measures designed to protect data, including transport encryption (HTTPS), restricted server-side access, and rate limiting. No system is perfectly secure, and we cannot guarantee absolute security.
7. Your choices and rights
- You can stop using the Service at any time.
- You can clear your browser storage to remove your local session identifier and consent state (you will be asked to re-accept on next use).
- Depending on your jurisdiction, you may have rights to access, correct, delete, or object to processing of personal data. Contact us to make a request.
8. Children
The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, please contact us so we can remove it.
9. International users
The Service may be operated from, and use providers in, jurisdictions different from yours. By using the Service, you consent to the processing of your information in those jurisdictions, subject to applicable law.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and may require you to re-accept before continuing to use the Service.
11. Contact
Privacy questions or requests can be sent to the contact address listed on the site.
This template is provided for convenience and is not legal advice. Have a lawyer review before relying on it for production use.