← Back to NanoPaws

Privacy Policy

Last updated: May 22, 2026

1. Who we are

NanoPaws (“we”, “us”, or “our”) is a web service that generates AI-styled pet portrait galleries from photos you upload. We are operated as an independent service accessible at nanopaws.app.

For any privacy-related questions, contact us at: hello@nanopaws.app

2. What data we collect

We collect only the minimum data necessary to provide the service:

  • Pet photos — uploaded by you to generate AI portraits. Stored securely in Google Cloud Storage and deleted automatically after 30 days.
  • Email address — provided voluntarily at the upload step. Used only to send you your gallery link and a completion notification. Never used for marketing without your consent.
  • Pet name — optional, used only to personalise the gallery title and email.
  • Payment data — handled entirely by Stripe. We never see or store your card number, CVV, or full payment details. We receive only a Stripe session ID and payment confirmation.
  • Technical logs — standard server logs (IP address, user agent, timestamp, HTTP status) retained for up to 30 days for security and debugging purposes.
  • Free trial verification data — if you use the free trial, we store your email address (to send the one-time magic link and enforce the one-free-portrait-per-email limit) together with a hashed form of your IP address and a hashed browser fingerprint. The fingerprint is computed locally in your browser by an open-source library (FingerprintJS) and is never shared with any third party; we use these hashes solely to prevent abuse of the free trial (fraud prevention). Trial photos are deleted within 7 days and the generated trial image within 30 days.

We use PostHog for anonymous product analytics (e.g. which pages are visited and where users drop off in the funnel). PostHog stores a random anonymous identifier in your browser’s localStorageno cookies are used. We never call PostHog’s identify() function, so no personal profile is ever created. Analytics data is collected in aggregate and cannot be traced back to an individual. You can opt out by enabling your browser’s “Do Not Track” signal or by blocking the /ingest path in a browser extension.

3. How we use your data

  • To generate and deliver your AI portrait gallery.
  • To send you transactional emails (purchase confirmation and gallery-ready notification).
  • To detect and prevent abuse, fraud, and security incidents.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-party services

We use the following sub-processors to deliver the service:

  • Google Cloud (GCP) — cloud infrastructure, storage, and AI image generation (Gemini API). Data is processed in the United States. Privacy policy.
  • Stripe — payment processing. Your payment data is governed by Stripe’s privacy policy. Privacy policy.
  • Resend — transactional email delivery. Your email address is shared with Resend only to deliver your gallery emails. Privacy policy.
  • PostHog — anonymous product analytics, proxied through our own domain (nanopaws.app/ingest). No personal data is sent; only anonymous usage events. Privacy policy.

5. Data retention

  • Pet photos and generated images — deleted automatically 30 days after your purchase.
  • Email address — retained for up to 30 days alongside your job record, then deleted.
  • Payment records — retained by Stripe per their own policies; we retain only the Stripe session ID.
  • Server logs — retained for up to 30 days, then deleted.

6. Your rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to erasure — you may request deletion of your data at any time.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to object — you may object to our processing of your data.
  • Right to data portability — you may request your data in a machine-readable format.

To exercise any of these rights, email us at hello@nanopaws.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7. Legal basis for processing (GDPR)

We process your data on the following legal bases:

  • Contract performance (Art. 6(1)(b)) — processing your photos and email to deliver the service you purchased.
  • Legitimate interests (Art. 6(1)(f)) — server logs for security, and hashed IP / hashed device-fingerprint checks that prevent abuse of the free trial (fraud prevention).

8. International transfers

Our services are hosted on Google Cloud infrastructure in the United States. If you are located in the EEA, your data is transferred to the US under Google’s Standard Contractual Clauses (SCCs), which provide appropriate safeguards under GDPR.

9. Security

We take reasonable technical and organisational measures to protect your data, including HTTPS encryption in transit, access-controlled cloud storage, and automatic data expiry. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Children

NanoPaws is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions? Email us at hello@nanopaws.app