Privacy Policy

Last updated: April 14, 2026

Denoised Studio / LOTIPA — Porto Alegre/RS, Brazil

1. Data We Collect

We collect the following personal data:

• Account data: name, email address (via Google OAuth or Magic Link)
• Usage data: generated images, prompts used, selected settings, generation timestamps
• Payment data: processed directly by Stripe. We do not store credit card numbers on our servers
• Technical data: IP address, browser type, access data for security purposes

2. Legal Bases for Processing (LGPD Art. 7)

We process your data under the following legal bases:

• Contract performance (Art. 7, V): providing the Service, processing payments, managing credits and subscriptions
• Legitimate interest (Art. 7, IX): improving Service quality, preventing fraud and abuse, platform security
• Legal obligation (Art. 7, II): retention of tax and financial records as required by law
• Consent (Art. 7, I): marketing communications and display of images in the public Exhibition

3. How We Use Your Data

• Provide and maintain the Service
• Process payments and manage subscriptions
• Track credit usage
• Improve Service quality
• Prevent fraud and misuse
• Comply with legal obligations

4. Use of Artificial Intelligence

The Service uses third-party AI models to generate and edit images. Your prompts (descriptive text) and uploaded images are processed by these models solely to produce the requested output. Denoised does not use your prompts, generated images, or personal data to train, fine-tune, or improve AI models. Our contracted AI providers operate under agreements that prohibit data retention after processing.

5. Image Storage

Your generated images are stored on Supabase Storage and are linked exclusively to your account. Images are kept while your account is active. You can delete individual images at any time from the gallery. When you delete your account, all images are permanently removed within 30 days.

6. Data Sharing and International Transfers

We do not sell your personal data. We share data only with the following processors, all bound by standard contractual clauses or equivalent data protection commitments:

• Stripe, Inc. (USA): payment processing — PCI DSS certified, subject to the EU-US Data Privacy Framework
• Supabase, Inc. (USA): data storage and authentication — infrastructure in AWS us-east-1 region
• AI providers — fal.ai (USA), OpenAI (USA): temporarily receive prompts and images for processing, with no retention after completion
• Vercel, Inc. (USA): application hosting — global edge network
• Cloudflare, Inc. (USA): DNS, CDN, and attack protection — ISO 27001 certified
• Sentry (USA): application error monitoring — technical data only

Your data may be transferred to the United States of America, where our processors maintain infrastructure. These transfers are carried out based on standard contractual clauses (Art. 33, II, "b" of LGPD) and security safeguards equivalent to those required by Brazilian law. You may request detailed information about the safeguards adopted by contacting our Data Protection Officer.

7. Your Rights (LGPD)

Under Brazil's General Data Protection Law (Law 13,709/2018), you have the right to:

• Access: know what personal data we maintain about you
• Correction: correct incomplete or incorrect data
• Deletion: request removal of your personal data
• Portability: receive your data in a structured format
• Revocation: withdraw consent for data processing
• Opposition: object to data processing in certain circumstances
• Information: know which processors we share data with
• Review of automated decisions: request review of decisions made solely based on automated processing

To exercise any of these rights, contact our Data Protection Officer: privacidade@denoised.ai. We will respond to your request within 15 business days.

8. Account and Data Deletion

You may request complete deletion of your account and all associated data at any time through the Dashboard or by email. After the request, all your data will be removed within 30 days, including: profile and account data, all generated images, prompt history and settings, and project and library data.

9. Security

We employ technical and organizational measures to protect your data, including: encryption in transit (HTTPS/TLS), secure authentication via OAuth 2.0, per-user data isolation (Row Level Security), role-based access control, and PCI-compliant payment processing via Stripe.

10. Cookies

We use strictly necessary cookies for: maintaining your login session, saving language preferences, and ensuring Service functionality. We do not use tracking or advertising cookies.

11. Data Retention

We keep your data while your account is active. After account deletion, data is removed within 30 days. Financial transaction data is retained for the legally required period (5 years for tax purposes).

12. Minors

The Service is intended exclusively for individuals aged 18 or older. We do not intentionally collect data from minors. If we become aware that we have collected data from a minor, we will delete it immediately.

13. Changes to this Policy

We may update this Policy periodically. Significant changes will be communicated by email or platform notification.

14. Data Protection Officer (DPO) and Contact

The Data Protection Officer (DPO) for Denoised can be reached at: privacidade@denoised.ai

For other inquiries: contato@denoised.ai

Denoised Studio / LOTIPA — Porto Alegre/RS, Brazil