Privacy Policy

Fotto.AI (“we”, “us”, or “our”) is a company registered in the Netherlands, operating the AI photo generation service at https://fotto.ai.

We take your privacy seriously. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights you have over your data. By using Fotto.AI, you agree to the practices described here.

If you have any questions about this policy, contact us at fottoai@deevise.com.

We collect the following categories of data:

• Account data: your email address and a password (stored as a secure hash). If you sign in via a third-party provider, we receive the basic profile fields that provider shares with us.
• Photos you upload: reference photos of yourself used to create your character and generate new photos.
• Character data: appearance details you provide during onboarding (gender, body type, height, etc.) used as inputs to the AI model.
• Generated photos: the AI-generated images produced from your uploads.
• Payment data: billing information is collected and stored by our payment processor (Stripe). We never see or store your full card number. We retain billing records (amounts, dates, invoice IDs) as required for tax and accounting purposes.
• Usage data: basic technical information like IP address, browser type, device, pages visited, and actions taken. Used for analytics, security, and abuse prevention.
• Feedback: if you choose to submit feedback about generated photos, we store your response alongside the associated generation ID.

We use your data only for the following purposes:

• To provide the AI photo generation service — uploading your reference photos to the underlying AI model and returning the generated outputs to you.
• To manage your account, process payments, and send transactional emails (such as purchase confirmations and account notifications).
• To improve the service — by analyzing usage patterns, error rates, and feedback in aggregate.
• To prevent fraud, abuse, and violations of our Terms of Use.
• To comply with legal obligations (such as tax reporting, responding to lawful requests from authorities).

We do not use your photos to train AI models. We do not sell your data. We do not share your photos with advertisers or data brokers.

Your photos are not kept indefinitely. We delete them as soon as they are no longer needed to provide the service.

• Reference photos (the selfies you upload to create a character) are stored only for as long as your character exists. When you delete a character or individual photos from your dashboard, they are permanently removed from our storage.
• Generated photos are retained only while they are accessible in your history. You can delete any generated photo from your dashboard at any time.
• Temporary processing files (intermediate data passed to the AI model) are deleted shortly after generation completes — typically within hours.
• Account deletion permanently removes all of your photos, characters, and personal data from our systems. You can delete your account yourself from your dashboard at any time.

Some minimal records (such as billing history and log entries needed for fraud prevention) may be retained for the period required by applicable law, even after account deletion.

You can delete your account at any time, directly from your dashboard.

Go to your profile settings and choose “Delete account.” This will permanently erase your characters, reference photos, generated photos, and personal profile from our database and storage.

If for any reason you are unable to delete your account from the dashboard, you can also email us at fottoai@deevise.com with a deletion request, and we will process it within 30 days.

To provide the service, we share the minimum necessary data with a small number of trusted third-party processors:

• AI model providers: we send your reference photos and prompt to the AI model that generates your photos. Our providers process the data only to return the generated output and do not retain it for their own training or purposes. They are bound by contractual and technical controls to delete inputs after processing.
• Cloud storage: encrypted image storage is handled by our cloud provider (Amazon Web Services or equivalent).
• Payment processor: payments are processed by Stripe. We never receive your full card details.
• Email delivery: transactional emails are sent via our email service provider.
• Analytics: we use privacy-respecting analytics to understand aggregate usage. We do not use invasive cross-site tracking or behavioral advertising.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

If you are located in the European Economic Area (EEA), United Kingdom, or similar jurisdictions, you have the following rights over your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data (you can also do this yourself via account deletion in the dashboard).
• Restriction: limit how we process your data in certain circumstances.
• Portability: request your data in a machine-readable format.
• Objection: object to certain processing activities.
• Withdraw consent: where processing is based on your consent, you can withdraw it at any time.
• Complaint: lodge a complaint with your local data protection authority (in the Netherlands, this is the Autoriteit Persoonsgegevens).

To exercise any of these rights, email us at fottoai@deevise.com. We will respond within 30 days.

We use industry-standard security measures to protect your data, including encryption in transit (TLS), encryption at rest for stored images, secure authentication, and restricted access to production systems. No system is 100% secure, but we take reasonable steps to reduce risk.

If we ever become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

Fotto.AI is not intended for children under 18. We do not knowingly collect data from minors. If you believe a child under 18 has provided us with personal data, please contact us and we will delete it promptly.

We use a small number of essential cookies (for authentication, session management, and fraud prevention) and privacy-respecting analytics cookies. We do not use advertising or cross-site tracking cookies. You can control cookies via your browser settings, but disabling essential cookies may prevent the Site from functioning.

Our servers and third-party processors may be located outside your country of residence, including in the European Union and the United States. When we transfer data internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect your rights.

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page and, for material changes, notify you via email or an in-app notice.

If you have questions about this Privacy Policy, want to exercise your rights, or want to report a concern, please contact us:

Fotto.AI
Registered in the Netherlands
Email: fottoai@deevise.com