Privacy Policy
How Janitor AI collects, uses, protects, and shares your personal data. Your privacy rights under GDPR, CCPA, and other privacy laws.
Published 2025/03/10 · Updated 2026/06/08
1. Introduction
This Privacy Policy explains how Janitor AI ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use our website, applications, and services (collectively, the "Services").
We are committed to protecting your privacy and handling your data in an open and transparent manner. This Policy describes your privacy rights and how the law protects you.
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Janitor AI
- Privacy Contact: [email protected]
- General Support: [email protected]
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, and you have questions about our data practices, you may contact us at the email addresses above.
3. Information We Collect
3.1 Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed) | Account creation, authentication, communication |
| Profile Information | Display name, avatar image | Personalization of your account |
| Payment Information | Payment method details (processed by third-party payment processors) | Processing purchases and subscriptions |
| User Content | Uploaded images, text prompts, generated content | Providing AI generation services |
| Communications | Messages sent to support, feedback, survey responses | Customer support and service improvement |
| Age Verification | Confirmation that you are 18+ | Eligibility verification |
3.2 Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, generation history, click patterns | Service improvement, analytics |
| Device Information | Browser type, operating system, device type, screen resolution | Compatibility, security |
| Network Information | IP address, approximate location (country/region), referral source | Security, localization, compliance |
| Cookie Data | Session identifiers, preferences, analytics identifiers | Service functionality, analytics |
3.3 Information from Third Parties
| Source | Data Type | Purpose |
|---|---|---|
| Authentication Providers (Google, GitHub) | Name, email, profile picture | Social login functionality |
| Payment Processors (PayChanel, Stripe, PayPal) | Transaction confirmation, billing address | Payment verification, fraud prevention |
| Analytics Services | Aggregated usage statistics | Service improvement |
4. Legal Basis for Processing (GDPR)
If you are located in the EEA, UK, or Switzerland, we process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of a contract (Art. 6(1)(b) GDPR) |
| Providing AI generation services | Performance of a contract (Art. 6(1)(b) GDPR) |
| Payment processing | Performance of a contract (Art. 6(1)(b) GDPR) |
| Content moderation and safety | Legitimate interest (Art. 6(1)(f) GDPR) — platform safety and legal compliance |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f) GDPR) — improving our services |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) — where you have opted in |
| Cookie preferences | Consent (Art. 6(1)(a) GDPR) — for non-essential cookies |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f) GDPR) — protecting our platform and users |
You may withdraw consent at any time by contacting us or adjusting your settings, without affecting the lawfulness of processing based on consent before its withdrawal.
5. How We Use Your Information
We use your personal data for the following specific purposes:
- Service Delivery: To provide, operate, and maintain our AI generation platform
- Account Management: To create and manage your account, process transactions, and communicate with you
- Content Processing: To process your prompts and generate AI content as requested
- Content Moderation: To detect and prevent prohibited content, including CSAM, deepfakes, and policy violations
- Safety and Security: To protect against fraud, abuse, unauthorized access, and threats to platform integrity
- Customer Support: To respond to your inquiries and resolve issues
- Service Improvement: To analyze usage patterns and improve our features, performance, and user experience
- Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests
- Communication: To send service-related notices, security alerts, and administrative messages
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days after deletion | Service provision, legal compliance |
| Usage Data | 24 months from collection | Analytics, service improvement |
| Generated Content | Until you delete it or your account is terminated | Service provision |
| Payment Records | 7 years from transaction | Tax and financial compliance |
| Content Moderation Logs | 3 years from event | Legal compliance, abuse prevention |
| Security Logs | 12 months from event | Security, fraud prevention |
| Support Communications | 3 years from last interaction | Customer service quality |
| Cookie Data | Varies by cookie (see Cookie Policy) | Service functionality |
When data is no longer needed, we securely delete or anonymize it. In some cases, we may retain data in anonymized or aggregated form for statistical purposes, which can no longer be linked to you.
7. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| PayChanel / Stripe / PayPal | Payment processing | Payment details, billing address, transaction data | Stripe Privacy |
| Supabase | Database hosting | Account data, usage data, generated content | Supabase Privacy |
| AWS (Amazon Web Services) | Cloud infrastructure, content moderation (Rekognition) | Uploaded images for safety analysis | AWS Privacy |
| Replicate | AI model hosting, content moderation | Generated images for safety classification | Replicate Privacy |
| Google Analytics | Website analytics | Anonymized usage data, device information | Google Privacy |
| Umami | Privacy-focused analytics | Anonymized page views, referrers | Self-hosted, no third-party data sharing |
| Better Auth | Authentication | Login credentials (hashed), session tokens | Open-source, self-hosted |
| Cloudflare | CDN, DDoS protection | IP addresses, request headers | Cloudflare Privacy |
We do not sell your personal data to third parties. We share data with third parties only as described in this Privacy Policy and only to the extent necessary to provide our Services.
8. International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
When we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:
- EU-US Data Privacy Framework certification (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Other appropriate safeguards as required by applicable law
You may request a copy of the applicable safeguards by contacting us at [email protected].
9. Your Privacy Rights
9.1 Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request restriction of processing in certain circumstances |
| Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests or direct marketing |
| Withdraw Consent | Withdraw consent at any time where processing is based on consent |
| Lodge a Complaint | File a complaint with your local data protection authority |
9.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
| Right | Description |
|---|---|
| Right to Know | Request disclosure of the categories and specific pieces of personal information we collect |
| Right to Delete | Request deletion of your personal information |
| Right to Opt-Out | Opt out of the "sale" or "sharing" of your personal information |
| Right to Non-Discrimination | Not be discriminated against for exercising your privacy rights |
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
9.3 Rights Under Other Jurisdictions
Depending on your location, you may have additional rights under local privacy laws, including:
- Brazil (LGPD): Right to information, correction, anonymization, portability, and deletion
- Japan (APPI): Right to disclosure, correction, suspension of use, and deletion
- South Korea (PIPA): Right to access, correction, deletion, and suspension of processing
- Vietnam (Cybersecurity Law): Right to know, correct, and delete personal data
9.4 How to Exercise Your Rights
To exercise any of your privacy rights:
- Email: [email protected]
- Subject Line: "Privacy Rights Request — [Your Request Type]"
- Include: Your account email, the right you wish to exercise, and any relevant details
We will respond to your request within 30 days (or sooner where required by law). We may need to verify your identity before processing your request.
If we cannot fulfill your request, we will explain why and inform you of any available appeal options.
10. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18.
In compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent laws in other jurisdictions:
- We do not knowingly collect, use, or disclose personal information from children under 13 (or 16 in the EEA/UK)
- We do not target our Services to children
- If we discover that we have collected data from a child under the applicable age, we will delete it immediately
- If you believe a child has provided us with personal data, please contact us immediately at [email protected]
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption: Data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
- Access Controls: Role-based access controls limit employee access to personal data on a need-to-know basis.
- Password Security: Passwords are hashed using industry-standard algorithms (bcrypt/argon2). We never store plaintext passwords.
- Infrastructure Security: Our infrastructure is hosted on industry-leading cloud providers with SOC 2 and ISO 27001 certifications.
- Monitoring: We continuously monitor for unauthorized access attempts and security threats.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR)
- Notify affected users without undue delay where the breach poses a high risk to their rights and freedoms
- Provide information about the nature of the breach, the data affected, and the measures taken to address it
12. Cookies and Similar Technologies
We use cookies and similar tracking technologies to operate and improve our Services. For detailed information about the cookies we use, how we use them, and how you can control them, please see our Cookie Policy.
Cookie Consent
When you first visit our Services, we will present you with a cookie consent banner that allows you to:
- Accept all cookies — including analytics and targeting cookies
- Reject non-essential cookies — only essential cookies will be set
- Manage preferences — choose which categories of cookies to accept
You can change your cookie preferences at any time by accessing the cookie settings link in our footer.
13. Marketing Communications
We may send you marketing communications about our Services, features, and promotions if you have opted in to receive them.
You can opt out of marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Adjusting your communication preferences in your account settings
- Contacting us at [email protected]
Even if you opt out of marketing, we may still send you service-related and transactional communications (e.g., purchase confirmations, security alerts).
14. Third-Party Links
Our Services may contain links to third-party websites, services, or content that we do not control. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
15. Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) feature. Our Services currently do not respond to DNT signals. However, you can manage your tracking preferences through our cookie consent mechanism and your browser settings.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
When we make material changes:
- We will update the "Last Updated" date at the top of this Policy
- We will provide notice through our Services or via email where practicable
- We will provide at least 30 days' notice before material changes take effect
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Inquiries: [email protected]
- General Support: [email protected]
- Web: Contact Page
Response Commitment: We aim to respond to all privacy inquiries within 2 business days and fulfill data subject requests within 30 days.
Last Updated: June 8, 2026
Effective Date: June 8, 2026
Trust and editorial links
Keep trust pages connected to creation, safety, and examples
Trust and support pages should keep readers close to the product instead of becoming dead ends. These links route people back to safety, editorial standards, and core visual workflows.
Current page: Privacy Policy
