Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains what personal data MemAI Studio (memaistudio.com — the "Service", "we", "us") collects, why we collect it, how long we keep it, who we share it with, and what rights you have. It applies to everyone who visits or uses the Service, with or without an account.
For privacy questions or requests, contact us at [email protected].
1. What we collect
1.1. Account data:
- email address;
- password (stored only as a cryptographic hash — we never see or store your plain password);
- if you sign in with Google: your Google account email and basic profile identifier.
1.2. Content you upload:
- photos you submit for processing;
- the processing results (restored, retouched, and background-processed images) generated for you.
1.3. Payment metadata:
- purchase amount, currency, package, payment method, and the transaction identifier assigned by the payment provider;
- we never receive or store your full card number, CVC, or crypto wallet private keys — payments are handled entirely by our payment processors.
1.4. Technical data:
- IP address, browser and device information;
- date and time of requests, pages visited;
- data needed for security and abuse prevention (e.g. rate-limiting and fraud checks).
2. Why we use your data
- to provide the Service: process your photos, deliver results, maintain your account and token balance (performance of contract);
- to process payments and keep records required by law (legal obligation, performance of contract);
- to send service emails — email verification, password reset, order notifications (performance of contract);
- to respond to support requests (legitimate interest);
- to secure the Service and prevent fraud and abuse (legitimate interest);
- to measure site usage with analytics — only with your consent (consent).
We do not use your photos to train AI models and do not use your data for third-party advertising.
3. How long we keep your data
3.1. Photos and processing results — 3 days. Uploaded photos and generated results are automatically and permanently deleted 3 days after the order is completed. Public "before/after" share links expire after 24 hours.
3.2. Account data — kept until you delete your account. You can delete your account from your profile at any time; deletion removes your account data and any remaining photos and results.
3.3. Payment records — kept as long as required by applicable accounting and tax law.
3.4. Technical logs — kept for a limited period for security and troubleshooting, then deleted or anonymized.
4. Who we share data with (processors)
4.1. We share data only with service providers that we need in order to run the Service, and only to the extent necessary:
- AI processing providers — your photos are transmitted to third-party AI image-processing APIs to perform restoration and retouching; providers may be located outside the EU/EEA (including the United States);
- payment processors — a cryptocurrency payment gateway receives the data needed to complete your payment;
- Cloudflare — CDN, DNS, and security layer in front of the Service;
- hosting provider — the Service is hosted on servers located in Germany (EU);
- auxiliary image-processing server — one automated processing step (background removal) runs on our processing server located outside the EU (in Russia); photos pass through it transiently for processing only.
4.2. We never sell your personal data, and we do not share it with anyone for their own marketing purposes.
4.3. We may disclose data where required by law or to protect our legal rights.
5. International transfers
5.1. As described in Section 4, some processing takes place outside the EU/EEA. Where data is transferred internationally, we limit it to what is technically necessary (primarily the image being processed), keep transfers transient, and rely on your contract with us (Art. 49(1)(b) GDPR) and appropriate safeguards where available.
6. Cookies and analytics
6.1. Strictly necessary storage — we use browser storage to keep you signed in (session token). This is required for the Service to function and does not need consent.
6.2. Analytics (Google Analytics 4) — used to understand how the site is used. GA4 cookies are set only after you give consent via the cookie banner. You can decline or withdraw consent at any time; the Service works fully without analytics cookies.
7. Your rights
7.1. Under the GDPR and similar laws, you have the right to:
- access the personal data we hold about you and receive a copy;
- correct inaccurate data;
- erasure ("right to be forgotten") — delete your account in your profile, or email us and we will delete your data;
- restrict or object to processing based on legitimate interests;
- data portability;
- withdraw consent at any time (e.g. for analytics), without affecting prior processing;
- lodge a complaint with your local data protection supervisory authority.
7.2. To exercise any of these rights, email [email protected]. We respond within 30 days.
8. Security
8.1. All traffic to the Service is encrypted (TLS). Passwords are stored as salted hashes. Access to production data is restricted, and uploaded photos are automatically purged on the schedule described in Section 3.
8.2. If a data breach affecting your personal data occurs, we will notify you and the competent authority as required by law.
9. Photos of other people
9.1. The Service is typically used to prepare portraits — often of deceased relatives — for engraving. Photos are processed automatically, are not reviewed by humans in the normal course of operation, are not used for AI training, and are deleted within 3 days. By uploading a photo of another person, you confirm that you have a lawful basis to have it processed.
10. Children
10.1. The Service is not directed at children under 16, and we do not knowingly collect their data. If you believe a child has provided us personal data, contact us and we will delete it.
11. Changes to this Policy
11.1. We may update this Policy from time to time. The current version is always available on this page; the "Last updated" date reflects the latest revision. Material changes will be announced through the Service.
12. Contact
12.1. Data controller: the operator of memaistudio.com. Contact for all privacy matters: [email protected].