Privacy Policy

NanoPaws (“we”, “us”, or “our”) is a web service that generates AI-styled pet portrait galleries from photos you upload. We are operated as an independent service accessible at nanopaws.app.

For any privacy-related questions, contact us at: hello@nanopaws.app

We collect only the minimum data necessary to provide the service:

• Pet photos — uploaded by you to generate AI portraits. Stored securely in Google Cloud Storage and deleted automatically after 30 days.
• Email address — provided voluntarily at the upload step. Used only to send you your gallery link and a completion notification. Never used for marketing without your consent.
• Pet name — optional, used only to personalise the gallery title and email.
• Payment data — handled entirely by Stripe. We never see or store your card number, CVV, or full payment details. We receive only a Stripe session ID and payment confirmation.
• Technical logs — standard server logs (IP address, user agent, timestamp, HTTP status) retained for up to 30 days for security and debugging purposes.

We do not use cookies for tracking or advertising. We do not run any third-party analytics scripts on this site.

• To generate and deliver your AI portrait gallery.
• To send you transactional emails (purchase confirmation and gallery-ready notification).
• To detect and prevent abuse, fraud, and security incidents.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following sub-processors to deliver the service:

• Google Cloud (GCP) — cloud infrastructure, storage, and AI image generation (Gemini API). Data is processed in the United States. Privacy policy.
• Stripe — payment processing. Your payment data is governed by Stripe’s privacy policy. Privacy policy.
• Resend — transactional email delivery. Your email address is shared with Resend only to deliver your gallery emails. Privacy policy.

• Pet photos and generated images — deleted automatically 30 days after your purchase.
• Email address — retained for up to 30 days alongside your job record, then deleted.
• Payment records — retained by Stripe per their own policies; we retain only the Stripe session ID.
• Server logs — retained for up to 30 days, then deleted.

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — you may request a copy of the personal data we hold about you.
• Right to erasure — you may request deletion of your data at any time.
• Right to rectification — you may request correction of inaccurate data.
• Right to object — you may object to our processing of your data.
• Right to data portability — you may request your data in a machine-readable format.

To exercise any of these rights, email us at hello@nanopaws.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

We process your data on the following legal bases:

• Contract performance (Art. 6(1)(b)) — processing your photos and email to deliver the service you purchased.
• Legitimate interests (Art. 6(1)(f)) — server logs for security and fraud prevention.

Our services are hosted on Google Cloud infrastructure in the United States. If you are located in the EEA, your data is transferred to the US under Google’s Standard Contractual Clauses (SCCs), which provide appropriate safeguards under GDPR.

We take reasonable technical and organisational measures to protect your data, including HTTPS encryption in transit, access-controlled cloud storage, and automatic data expiry. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

NanoPaws is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.