Privacy Policy

1. Introduction

This Privacy Policy explains how Global Commerce Media GmbH ("we", "us", "our", or "RAWSHOT AI") collects, uses, stores, and protects your personal data when you use our AI-powered fashion photography platform at https://rawshot.ai.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Global Commerce Media GmbH
Tränk 1
86551 Aichach
Germany
Email: [email protected]

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information: Name, email address, password (encrypted).

3.2 Payment Information: Payment processing is handled by our third-party payment provider, Paddle. We do not store your complete credit card details. Paddle may collect billing address, payment method details, and transaction history. Please refer to Paddle's Privacy Policy for more information.

3.3 User Content: Product images you upload to our platform, AI-generated images and outputs created through our service, AI fashion models you create within the platform.

3.4 Technical Data: IP address, browser type and version, device information, usage data and interaction logs, cookies and similar technologies (see Section 10).

4. Data Accuracy

You represent and warrant that the information and data you provide to us is accurate, current, and truthful. We request that you notify us immediately of any changes to your data so that the information contained in our systems is up-to-date at all times and does not contain errors.

You may update your account information at any time through your account settings or by contacting us at [email protected].

5. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and legal bases under Article 6 GDPR:

5.1 Contract Performance (Art. 6(1)(b) GDPR): Providing access to our AI fashion photography platform, processing your uploaded images and generating AI outputs, managing your account and subscription, processing payments and managing tokens.

5.2 Legitimate Interests (Art. 6(1)(f) GDPR): Improving and optimizing our services, preventing fraud and ensuring platform security, analyzing usage patterns to enhance user experience.

5.3 Legal Obligations (Art. 6(1)(c) GDPR): Compliance with tax and accounting requirements, responding to lawful requests from authorities.

5.4 Consent (Art. 6(1)(a) GDPR): Marketing communications (where applicable).

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

6.1 Account Data: Your account information is retained for as long as your account remains active. Upon account deletion or subscription expiration, account data is deleted within 30 days, unless we are required to retain it for legal or regulatory purposes.

6.2 Uploaded Images and Generated Content: Product images you upload and AI-generated outputs are retained until 30 days after your account is deleted or your subscription expires. You may delete your images at any time through the user interface.

6.3 Payment Records: Transaction records are retained for the period required by applicable tax and commercial laws (typically 10 years in Germany under §§ 147 AO, 257 HGB).

6.4 Technical Logs: Server logs and technical data are retained for up to 90 days for security and troubleshooting purposes.

7. AI Model Training and Automated Decision-Making

7.1 No AI Training on Your Data: We do not use your uploaded images or generated content to train our AI models. Your content is processed solely to provide you with the requested service outputs and is not used for any machine learning or model improvement purposes.

7.2 Automated Decision-Making: We use artificial intelligence to generate fashion images based on your inputs. However, we do not make automated decisions that produce legal effects or similarly significantly affect you within the meaning of Article 22 GDPR. The AI is used solely for image generation purposes at your direction, and you retain full control over which generated outputs you choose to use.

8. Third-Party Service Providers

We share personal data with the following categories of third-party service providers who process data on our behalf:

8.1 Hosting and Infrastructure: Amazon Web Services (AWS) – Frankfurt, Germany: Cloud hosting and data storage.

8.2 Payment Processing: Paddle: Payment processing and subscription management (https://www.paddle.com).

8.3 AI Processing Services: Replicate: AI image generation infrastructure (https://replicate.com). OpenAI: AI processing services (https://openai.com).

All third-party processors are bound by data processing agreements that ensure GDPR-compliant handling of your personal data.

9. Third-Party Links

Our website may contain links to third-party websites, services, or resources that are not operated or controlled by us. This Privacy Policy does not apply to such third-party sites. We are not responsible for the privacy practices, content, or security of any third-party websites.

We encourage you to review the privacy policies of any third-party websites you visit. Clicking on a third-party link or enabling a third-party connection is at your own risk, and we disclaim any responsibility for the practices of such third parties.

10. International Data Transfers

Your primary data is stored within the European Union (AWS Frankfurt, Germany). However, some of our third-party service providers (Replicate, OpenAI) may process data in the United States.

For transfers to countries outside the European Economic Area (EEA) that do not have an adequacy decision from the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

You may request a copy of the safeguards we use by contacting us at the address provided in Section 2.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our platform, analyze usage, and improve our services. Essential cookies are necessary for the platform to function and do not require consent. For non-essential cookies (analytics, marketing), we obtain your consent through our cookie banner.

You can manage your cookie preferences at any time through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our service. For detailed information about the cookies we use, please refer to our Cookie Policy.

12. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and obtain a copy of that data.

Right to Rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR): You may request deletion of your personal data under certain circumstances.

Right to Restriction (Art. 18 GDPR): You may request that we restrict the processing of your personal data in certain situations.

Right to Data Portability (Art. 20 GDPR): You may request to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The competent supervisory authority in Germany is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, which may be extended by two further months where necessary.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and secure hosting infrastructure within the EU.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practicable standards.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (Bayerisches Landesamt für Datenschutzaufsicht) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.

If the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you directly without undue delay, in accordance with Article 34 GDPR. This notification will describe the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address the breach and mitigate its effects.

15. Customer Testimonials and Marketing

We may display customer testimonials, company names, and logos on our website and in marketing materials to showcase how businesses use RAWSHOT AI. If you provide a testimonial or if your company's use of our service is featured, your name, company name, and/or logo may be published.

We will only use your testimonial, company name, or logo for marketing purposes with your prior consent or as agreed in our Terms & Conditions. If you wish to have your testimonial, company name, or logo removed from our website or marketing materials, please contact us at [email protected], and we will remove it within a reasonable timeframe.

16. Social Media

RAWSHOT AI may maintain a presence on social media platforms such as LinkedIn, Instagram, X (Twitter), and others. Please note that we do not collect personal data through our social media pages beyond what these platforms provide to page administrators in aggregated, anonymized form (such as page analytics).

When you interact with our social media pages, your interactions are governed by the privacy policies of the respective social media platforms. We encourage you to review the privacy policies of these platforms to understand how they collect and use your data.

17. Children's Privacy

Our services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may also notify you by email. We encourage you to review this policy periodically.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Global Commerce Media GmbH
Tränk 1, 86551 Aichach, Germany
Email: [email protected]