Editpal

Privacy Policy

Our commitment to your privacy and data security.

2025/08/30

Welcome to Editpal. Editpal provides users and visitors ("you" and "your") with services for editing images using artificial intelligence ("Services"). Our core feature is an AI Image Editor, which refers to the use of artificial intelligence to edit and modify images based on user-provided images and instructions.

This Privacy Policy (the "Policy") describes and governs how we collect, use, share and protect (collectively, "process") personal information collected in the context of our Services. Before you use or submit any information through or in connection with the Services, please carefully review this Policy. By using any part of the Services, you consent to the collection, use, and disclosure of your information as outlined in this Policy. To the extent allowed by law, the English version of this Policy is binding and other translations are for convenience only.

If you are in the European Economic Area, the United Kingdom or Switzerland ("Europe"):

  • for the purposes of the EU General Data Protection Regulation 2016/679 (the "GDPR"), the data controller is Editpal and can be reached at the address set out in Section 12 "How to Contact Us" below; and
  • you will not need to consent to this Privacy Policy, but you do acknowledge you have read and understood its terms.

If you are a resident of California, the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 provide you with additional rights.

This policy applies to the processing of your personal information on the premise that it does not conflict with the laws and regulations applicable to you. The Policy will provide the following information to you:

  1. Definitions
  2. What Information We Collect
  3. How We Use Your Information
  4. How We Disclose Your Information
  5. How We Handle Children's Personal Information
  6. Security
  7. Do-Not-Track Signals
  8. How Your Information Will be Stored and Transferred
  9. Your Rights
  10. Supplemental Terms and Conditions for Certain Regions
  11. How the Policy Will be Updated
  12. How to Contact Us

1. Definitions

In this Policy, unless the context otherwise requires, the following definitions shall apply:

We, Us or Our in this Policy refers to the Editpal team and service providers.

Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.

Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of personal information. For the purpose of the GDPR, Editpal is the Data Controller.

Personal Information (or personal data) is any information that relates to an identified or identifiable individual. For the purposes for GDPR, Personal Information means any information relating to you such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. For the purposes of the CPRA, Personal Information means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

Website refers to Editpal, accessible from https://editpal.im.

Sell refers to any disclosures of personal information by a business to another business or third party for money or other valuable consideration.

Service refers to the use of artificial intelligence to edit, modify, or generate content within images based on user-provided images and instructions.

Service Provider means any natural or legal person who processes the data on behalf of us. It refers to third-party companies or individuals employed by us to facilitate the Service, to provide the Service on behalf of us, to perform services related to the Service or to assist us in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Under GDPR (General Data Protection Regulation), you can be referred to as the Data Subject or as the User as you are the individual using the Service.

2. What Information We Collect

As further described below, when you use or otherwise access the Services, we collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from your browser or device.

2.1. Information That You Provide Directly to Us

A. Registration Information

When you register for our Services or open an account, we may collect your email address, your username, and any information you choose to provide us (such as a profile picture). If you use multi-factor authentication, we may also collect verification codes.

If you are in Europe, we process the information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR).

B. Purchase Information

When you purchase paid services (e.g., a subscription to our Services) through the Website, we or our payment Service Provider may collect: (i) personal information related to your order, such as order number and time of purchase; and (ii) your financial information, such as credit card information.

If you are in Europe, we process the information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR).

C. Content you Provide through our Services

We collect and store content that you upload, post, or generate through our Services. This content includes, but is not limited to, the images you upload and the editing instructions, text prompts, or other commands you input into the Services to modify your image. The content you upload may include personal information about you or others (e.g., a photograph of a person). For any Personal Information of others that you choose to include in your content, you represent and warrant that you have obtained all necessary consents and authorizations from the relevant individuals.

D. Communications to Us

When you contact us via email or other means (for example, for customer support), we collect the information you choose to provide us, such as your contact details and the contents of your message. To protect your information, we request that you do not send sensitive financial or health data unless we specifically ask for it to provide our services.

2.2. Information That is Passively or Automatically Collected

A. Usage Information

When you interact with our Services, we automatically receive and store certain information from your device, such as your IP address, browser settings, device information, click records, crash data, and geolocation information. We collect this information to ensure the security and stability of our Services.

If you are in Europe, we process the information on the basis of our legitimate interests to enable our business and where our interests are not overridden by your data protection rights (Art. 6 para. 1 subpara. 1 f) GDPR).

B. Cookies and Other Electronic Technologies

We use a variety of commonly-used technologies, such as cookies, tracking pixels, and local storage, to collect information. Depending on the technology, this may include text, personal data (like your IP address), and information about your use of Editpal.

3. How We Use Your Information

We use the information collected from the Services in a manner that is consistent with this Policy.

3.1. Provision and Maintenance of Services

We use your information to operate, maintain, and provide you with the Services. This includes processing your uploaded images and editing instructions to generate the final edited image. We may also use this information to restrict attempts to use the Services in breach of our Terms & Conditions.

3.2. Improvement of Our Services

We use the information we collect, including the content you provide, to analyze data usage trends, manage and improve our Services, and develop new features. This may include using your content (e.g., uploaded images, editing prompts, and generated images) to train and enhance our AI models and algorithms. Where feasible, we will use anonymized or aggregated data for this purpose.

3.3. Communication

We use your contact information to send you service-related announcements, security alerts, and support messages.

4. How We Disclose Your Information

We do not sell information about you to advertisers or other third parties. We may share your information in the following circumstances:

4.1. Third-Party Service Providers

We share information with third-party vendors and service providers who perform services on our behalf, such as hosting providers, payment processors, security service providers, and providers of IT services. Any data processing on our behalf complies with applicable laws.

4.2. Government Authorities / Law Enforcement Officials

We may disclose personal data to government authorities or law enforcement officials if required by law or if necessary for the legal protection of our legitimate interests in compliance with applicable laws.

4.3. Corporate Transactions

In the event of a merger, acquisition, reorganization, dissolution, or similar event, your personal data may be shared with our advisers and any prospective purchaser's adviser and will be transferred to the new owners of the business.

4.4. Your Consent

We may share your information for other purposes if (i) you direct us to do so or (ii) you consent to such sharing.

4.5. Aggregated Data

We may aggregate, anonymize, and/or de-identify your information so that it no longer relates to you individually. We may use and share this aggregated data for various lawful purposes, including research and analysis.

4.6. Other Users of Our Services

We provide your information to other users of our Services only if you choose to make your information or generated content publicly available in a publicly accessible area of the Services.

5. How We Handle Children's Personal Information

Our Services are not directed to children under the age of 13 (or 16 for children located in Europe), and we do not knowingly collect personal data from them. If we discover that a child has provided us with personal data, we will promptly delete it. If you believe a child has provided personal information to us, please contact us at hello@editpal.im, and we will delete that information from our systems to the extent required by law.

6. Security

We are committed to keeping your personal data safe. We have put in place robust technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. This includes using encryption for data transmission, employing a dedicated security team, and enforcing strict access controls.

However, no transmission of data via the Internet is completely secure. While we will do our best to protect your personal data, we cannot guarantee its absolute security.

7. Do-Not-Track Signals

Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated DNT signals, as the industry is still working toward a common standard.

8. How Your Information Will be Stored and Transferred

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers. By using our Services, you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For more details on regional transfers, please see Section 10.

9. Your Rights

You have certain rights regarding your personal data, subject to applicable law. These may include the right to:

  • Access your personal data.
  • Rectify any incorrect, incomplete, or inaccurate data.
  • Erase your personal data under certain conditions.
  • Object to or Restrict the processing of your personal data.
  • Receive your personal data in a usable electronic format (Data Portability).
  • Withdraw Consent at any time where we rely on consent to process your data.
  • Lodge a Complaint with your local data protection authority.

If you wish to exercise any of these rights, please contact us at the details in Section 12 "How to Contact Us" below.

10. Supplemental Terms and Conditions for Certain Regions

10.1. Privacy Information for California Residents

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). For information about the categories of personal information we collect and disclose, the purposes of use, and your rights under California law, please refer to the relevant sections of this Policy, including "What Information We Collect", "How We Use Your Information", "How We Disclose Your Information", and "Your Rights". We do not "sell" or "share" your personal information as those terms are defined under the CPRA. We do not use or disclose sensitive personal information for purposes that would require an opt-out under the CPRA.

10.2. Privacy Information for Residents in Europe

If you are in Europe, we process personal information on the basis of entering into and performing our contract with you (Art. 6 para. 1 subpara. 1 b) GDPR) and for our legitimate interests (Art. 6 para. 1 subpara. 1 f) GDPR). When we transfer your personal data outside of Europe to a country not subject to an adequacy decision by the EU Commission, we will implement appropriate safeguards (e.g., EU Standard Contractual Clauses) to ensure an adequate level of protection.

11. How the Policy Will be Updated

We reserve the right to update or modify this Policy at any time. If we make changes, we will update the "Last Updated" date at the top of this page. For material changes, we will provide you with advance notice, such as by email or a pop-up banner on our Website, as required by applicable law. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.

12. How to Contact Us

If you have any questions about this Policy or our information practices, please feel free to contact us at: hello@editpal.im.