Privacy Policy

1. Introduction

Bitzen S.r.l. Semplificata ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Fluxion platform ("Service").

This Privacy Policy applies to all users of our Service and complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Bitzen S.r.l. Semplificata is the data controller responsible for your personal data collected through the Service.

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Email address, name, profile picture (when using Google OAuth), and password (when using email authentication)
• Payment Information: Billing details processed through Stripe (we do not store complete payment card details)
• User Content: Images you upload, text prompts, project names, and generated media
• Communications: Messages, inquiries, and feedback you send to us

3.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Usage Data: Features used, generation history, credit usage, login timestamps
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, errors encountered, referring URLs
• Cookies and Similar Technologies: Session management, authentication tokens, preferences

3.3 Third-Party Information

When you authenticate using Google OAuth, we receive:

• Your name, email address, and profile picture from your Google account
• Basic profile information necessary for authentication

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

• Create and manage your account
• Process image and video generation requests
• Manage credits and subscriptions
• Store and organize your projects and generated content
• Provide customer support

4.2 Business Operations

• Process payments and billing
• Send transactional emails (receipts, account notifications)
• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

4.3 Service Improvement

• Analyze usage patterns and trends
• Improve Service functionality and user experience
• Develop new features and services
• Monitor Service performance and reliability

4.4 Communications

• Send important Service updates and security alerts
• Respond to your inquiries and requests
• Send promotional communications (with your consent)

4.5 Legal Basis (GDPR)

Under GDPR, we process your data based on:

• Contractual necessity: To provide the Service you have subscribed to
• Legitimate interests: To improve our Service and prevent fraud
• Consent: For marketing communications (which you can withdraw at any time)
• Legal obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

• Supabase: Database hosting, authentication, and backend infrastructure
• Stripe: Payment processing and subscription management
• Google Cloud: AI models for image generation (Imagen 3) and video generation (Veo 3)
• DigitalOcean: Application hosting and deployment

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders, subpoenas, or other legal processes
• Government or regulatory requests
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety, or that of our users or others

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located.

We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Service providers certified under the EU-US Data Privacy Framework
• Other legally approved transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period afterward to comply with legal obligations
• Payment Data: Retained as required by tax and accounting regulations (typically 7-10 years)
• Generated Content: Retained until you delete it or your account is terminated
• Usage Logs: Typically retained for 12-24 months for security and analytics purposes

You can request deletion of your data at any time by contacting us or deleting your account.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication using industry-standard protocols
• Regular security assessments and updates
• Access controls and monitoring
• Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

9.1 Right to Access

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to certain legal exceptions (e.g., tax records).

9.4 Right to Restriction of Processing

You can request that we limit how we use your personal data in certain circumstances.

9.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

9.8 Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe we have violated your rights.

Italian Data Protection Authority (Garante per la protezione dei dati personali):

To exercise any of these rights, please contact us at [email protected].

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Analyze how you use the Service
• Improve Service performance

10.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and Service functionality
• Performance Cookies: Help us understand how the Service is being used
• Functional Cookies: Remember your preferences and settings

10.2 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling essential cookies may affect your ability to use certain features of the Service.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

12. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Google OAuth: Google Privacy Policy
• Stripe: Stripe Privacy Policy
• Supabase: Supabase Privacy Policy
• Google Cloud AI: Google Cloud Privacy Notice

We recommend reviewing these third-party privacy policies to understand how they handle your data.

13. AI-Generated Content and Data Usage

When you use our AI generation features:

• Your prompts and uploaded images are sent to Google Cloud AI services for processing
• We do not use your content to train AI models
• Google's usage of your data is governed by their Cloud AI privacy policies
• Generated content is stored in our database and associated with your account

14. Marketing Communications

We may send you promotional emails about new features, special offers, or other information we think you might find interesting.

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at [email protected]

Note: You cannot opt out of transactional emails (account notifications, receipts, security alerts) as these are necessary for Service operation.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days, as required by GDPR.