Privacy Policy

Last updated: August 20, 2025

We are glad to welcome you on our website. Many thanks for using our website and supporting us! Here are some formalities before you start.

Please read our Privacy policy carefully before using https://www.generaspace.ai/ (the "Website").

Your access to and use of the Website is conditioned on your acceptance of and compliance with these Terms of Use and Privacy Policy and License Agreement. The Terms of Use and Privacy Policy apply to all visitors, users and others who access or use Website. By accessing or using Website, you agree to be bound by this Privacy Policy and Terms of Use. If you disagree with any part of the Privacy policy, we kindly ask you to stop using the Website.

This Privacy Policy explains how Evolox Inc (the "Company," "we," "us," or "our") collects, uses, shares, and protects personal data in connection with our AI‑based fashion image generation Service. It applies to our website, apps, and related services (collectively, the "Service")

Controller
For end‑user personal data we determine the purposes and means of processing; we act as controller under GDPR/UK GDPR. For business customers who supply personal data about others, we act as processor and will make a Data Processing Addendum available upon request.
Privacy Policy
This chapter informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of Website regarding the data protection.

We use your Personal Information only for purposes described below. By using the Website, you agree to the collection and use of information in agreement with this policy.

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information except for the purposes of Website Services providing (Disclaimer: this does not include the tools or any other third party service that may be used to make sure that we provide you the best experience regarding Website, including Website interface and analytics), sending you information about existing, new or upcoming features, updates to Website for improving your experience and the tools that allow us to conduct our operations smoothly. Nevertheless, we will always strive to keep your data safe and secure.)
How we collect information and how we use it
While using the Website, we may ask you to provide us with certain personal information that can be used to contact or identify you. Personal information may include but is not limited to your name, email address, birthday, telephone.

We may use your personal information for us to:

  • Provide and operate the Service (account creation, session management, image generation, usage limits)
  • Billing & payments (charge subscription, prevent duplicate charges, tax/VAT)
  • Analytics & Service improvement (measure performance, debug, de-identify usage to improve models)
  • Security & fraud prevention (abuse detection, rate-limiting, incident response)
  • Marketing communications (Customize our services, like advertising product updates (email), onboarding to provide a more personalised experience)
  • Compliance (enforce Terms, respond to lawful requests)

Sources of Personal Data
  • You provide it (account registration, profile, support).
  • Automatically collected via cookies/SDKs/analytics and server logs.
  • Third parties (payment processor provides payment status/last 4 digits/token; fraud prevention signals).
Data collected
What data and how do we collect:
  • Account Data: display name, email address, avatar.
  • Payment Data: billing contact (email); payment instruments are processed by Stripe; we do not store full card numbers.
  • Usage & Device Data: pages viewed, features used, session events, IP address, device identifiers, browser/device information; collected via analytics (e. g., Google Analytics) and our logs.
  • Generated Content: prompts/Inputs and AI-generated Outputs associated with your account.
  • Support Data: communications with support, bug reports.
  • Approximate Location: country (state).
  • No Sensitive Data: we do not intentionally collect special category data under GDPR or "sensitive personal information" under CPRA unless otherwise specifically agreed with you.
Cookies
Like many websites, we use "cookies" to collect information. If you do not accept cookies, you may not be able to use Website.

We use cookies and similar technologies to operate the Service and for analytics. Non‑essential analytics cookies (e. g., Google Analytics) are used only with your consent in the EEA/UK. You may change preferences at any time via our Cookie Preferences link. See our Cookie Notice for details.
Sharing and Disclosures
We share personal data as follows:
  • Service Providers / Processors: infrastructure and operational partners that process data on our behalf pursuant to data protection agreements, including: Google Cloud Platform (GCP) (Cloud Run, Firestore), Firebase, Stripe (payments), Runpod. io, Hostkey. com, and Google Analytics (as configured).
  • Affiliates and corporate transactions: in case of merger, acquisition, or asset transfer.
  • Legal and safety: to comply with law or protect rights, safety, and security.
  • De-identified/aggregated data: we may share insights that do not identify individuals.

No Sale or Sharing (CPRA). We do not "sell" your personal information and do not "share" it for cross-context behavioral advertising as those terms are defined by California law. If this changes, we will provide required Notice at Collection, a "Do Not Sell or Share My Personal Information" link, and honor opt-out signals including Global Privacy Control (GPC).

AI Training and Partners. We may use de-identified data to improve features and model quality. Where partners are involved, they act as service providers/processors under binding contracts that prohibit retention, use, or disclosure beyond providing services. If any training would involve personal data beyond de-identified form, we will seek consent or provide a clear opt-out.

International Transfers
Data are primarily stored and processed in regions compatible with GDPR (generally within the EEA). For certain plans (e. g., Basic, Advanced, and, where necessary, Enterprise), processing may occur outside the EEA/UK (e. g., U. S. or other locations). In such cases, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK IDTA/Addendum, and technical/organizational measures (encryption in transit/at rest, access controls, minimization).
Retention
We retain personal data for as long as your account is active or as needed to provide the Service, and delete or anonymize upon request or account closure. We may retain limited records as required by law (e. g., tax, fraud prevention, security logs).
Security
We and our providers implement industry-standard security measures, including encryption in transit and at rest, least-privilege access control, authentication and audit logging, vulnerability management, backups, and incident response procedures. All information you provide to us is stored on our secure servers behind firewalls and in our CRM system(s). Unfortunately, the transmission of information via the internet is not 100% secure. Although we do our best to protect your private information, we cannot guarantee the security of your private information transmitted to the Website. Any transmission of personal information is at your risk. We are not responsible for circumvention of any privacy settings or security measures contained on Website. However, our team always strives to keep your information as secure as possible all the time.

The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password or access through a unique link on your email address for access to certain parts of the Website, you are responsible for keeping the password and the content in your email inbox confidential. We ask you not to share your password, the unique information that you will receive in your email account or the login link with anyone. We urge you to be careful about giving out information in public areas of the Website like message/comment boards.
Changes to This Privacy Policy
Occasionally we may, in our discretion, make changes to the Agreements. When we make changes to the Agreements, we will make sure to provide you with prominent notice as appropriate under the circumstances, e. g., by displaying a prominent notice within Website or by sending you an email. In some cases, we will notify you in advance, and your continued use of Website after the changes have been made will constitute your acceptance of the changes. Please, therefore, make sure you read any such notice carefully.
Your data protection rights
EU/UK (GDPR/UK GDPR). You have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), and portability, and to withdraw consent at any time without affecting prior processing. We will respond within one month (extendable by two months for complex requests). You may lodge a complaint with your local supervisory authority.

California (CPRA). You have the right to know/access, correct, delete, opt out of sale/share (not currently applicable), and the right to non‑discrimination. We recognize and honor GPC signals as an opt‑out where applicable. We respond within 45 days (extendable once by 45 days).

How to Exercise. Submit requests via support email.
Children’s Privacy
The Service is not directed to children under 18. We do not knowingly collect personal data from children under 13 (or under the applicable age of digital consent in your country). If you believe a child has provided data, contact us to delete it.
Subprocessors and Key Providers (illustrative, may be changed if needed for Servcies provision without changing this Privacy Policy)
  • Google Cloud Platform (GCP) — hosting and infrastructure (Cloud Run, Firestore).
  • Google Firebase — application platform/services.
  • Stripe — payment processing (PCI DSS compliant).
  • Runpod.io — compute provider for model workloads.
  • Hostkey.com — compute/hosting provider.
  • Google Analytics — usage analytics (cookie-based; consented in EEA/UK).
  • Other providers as reasonably necessary to deliver high-quality services (similar obligations apply via data protection agreements).
Contact Us
Our details:

  • If you feel like something is missing or misleading in our Terms of Use or Privacy Policy, please feel free to notify us.
  • You can contact us by sending an email hello@generaspace.ai.
  • Privacy Policy were last modified on 20th day of August, 2025