Privacy

Policy

Effective Date: January 2026

Effective Date: January 2026

Effective Date: January 2026

This Privacy Policy explains how ProductSculpt (“ProductSculpt,” “we,” “us”) collects, uses, discloses, and protects information about you when you visit our website, create an account, or use our client portal and services (collectively, the “Services”).

ProductSculpt is currently operated under the ProductSculpt brand. When our legal entity is finalized, we will update this Policy accordingly.

Contact: For privacy questions or requests, email support@productsculpt.com.

1) Scope and who this is for

Our Services are intended for business customers and their authorized users (e.g., employees, contractors, teammates). We do not offer consumer accounts at this time.

2) Definitions

“Personal Information” means information that identifies, relates to, describes, or could reasonably be linked to an individual (directly or indirectly).

  • “Customer Content” means any files, images, briefs, prompts, brand assets, copy, instructions, and other content submitted to the Services by or on behalf of a customer, as well as outputs we produce for that customer.

3) Controller vs. processor

For website visitors, account administration, billing administration, marketing, security, and internal operations, we generally act as a controller (we decide why and how data is processed).

  • For Customer Content processed to deliver creative services, we typically act as a processor/service providerprocessing Customer Content on the customer’s instructions (as reflected in our agreements and any applicable DPA).

4) Information we collect

  1. Account & Portal Information

  • Name

  • Work email

  • Company name and role/title

  • Login credentials (email and password) and authentication data

  1. Communications

  • Emails and messages you send to us (e.g., support requests, onboarding questions, feedback)

  • We do not record calls by default (if we ever do, we will disclose it clearly in advance).

  1. Customer Content

  • Product images, brand assets, design references, briefs, prompts, guidelines, ad copy, packaging files, and other materials you submit for fulfillment

  • Outputs we generate and deliver back to you

B) Information collected automatically

When you use the Services, we may automatically collect:

  • Device and usage data (e.g., IP address, browser type, device identifiers, pages viewed, timestamps, approximate location derived from IP, and interactions with the portal)

  • Log and security data (e.g., authentication events, fraud/abuse signals)

C) Payment information

We use a trusted third-party payment processor (“Payment Processor”). We generally do not store full payment card numbers on our systems; instead we receive limited payment details (e.g., transaction confirmations, billing status, and payment tokens) as provided by the Payment Processor.

5) How we use information (purposes)

We use Personal Information and Customer Content to:

  1. Provide and operate the Services (create accounts, authenticate users, manage requests, deliver outputs)

  2. Fulfill customer requests using design tools and workflows (including human creative work, editing, compositing, CGI, and AI-assisted generation)

  3. Communicate with you about service updates, support, and administrative messages

  4. Process billing and subscriptions (through a Payment Processor)

  5. Secure the Services (prevent fraud, abuse, unauthorized access, and protect our users and systems)

  6. Improve reliability and performance (debugging, QA, capacity planning, feature improvements)

  7. Run marketing and sales activities (see Sections 8 and 9)

Where laws require it, we rely on recognized legal bases such as performance of a contract, legitimate interests, consent (where required), and legal obligations.

6) AI, confidentiality, and “no training” commitment

A) AI and tool-assisted processing

We may use a combination of human creative work, editing/compositing tools, CGI, and AI-assisted systems to create deliverables requested by our customers.

B) No training on Customer Content

We do not use Customer Content to train public or shared models. Customer Content is processed only to provide the Services, maintain quality and reliability, and protect against abuse—using aggregation or de-identification where feasible.

C) Confidentiality of Customer Content

We treat Customer Content as confidential, limit access to authorized personnel/contractors on a need-to-know basis, and apply safeguards designed to prevent unauthorized disclosure.

D) Case studies / portfolio use (only with permission)

We may publish Customer Content, brand assets, or identifiable deliverables as marketing/case studies. You can request removal of brand assets at any time (and can anonymize or redact sensitive elements on request).

7) User uploads, permissions, and prohibited content

You are responsible for ensuring that you (and your organization) have all rights, permissions, and lawful bases to provide Customer Content to us, including:

  • permission to use images containing individuals, and

  • rights to logos, packaging, copyrighted assets, and brand materials.

No sensitive content: Please do not upload highly sensitive personal data (e.g., medical info, government IDs, payment card numbers, or content involving children). If we become aware of prohibited or sensitive content, we may remove it or restrict processing to protect privacy and safety.

8) Cookies, analytics, pixels, and similar technologies

We may use cookies, pixels, SDKs, and similar technologies for:

  • Strictly necessary site/portal operation and security

  • Analytics (to understand usage and improve performance)

  • Advertising/retargeting (to measure and improve our marketing campaigns)

If you enable analytics/advertising features (including remarketing), certain providers require consent where legally required (including under EU consent rules) and provide user controls/settings.

Consent where required: In jurisdictions that require opt-in consent for non-essential cookies (e.g., UK/EU rules), we will present a consent mechanism and honor your choices.

Your controls: You can also manage cookies via browser settings; however, blocking some cookies may impact functionality.

Hosting note: our website/portal may be hosted via service providers such as Framer and protected/delivered through Cloudflare (e.g., CDN, security, performance), which may process limited technical data (like IP address and device signals) to provide their services.

9) Marketing communications (email)

We may send marketing emails (campaigns) to business contacts consistent with applicable law. You can opt out at any time using the unsubscribe link in the message or by contacting support@productsculpt.com.

We maintain standards designed to comply with the CAN-SPAM Act, including clear opt-out mechanisms and required sender identification/address in commercial messages.

Transactional/service emails (e.g., password resets, invoices, security notices, or service updates) may still be sent when necessary.

10) How we disclose information

We disclose Personal Information only as needed to operate the Services:

  1. Vendors / service providers (subprocessors)
    We use vetted providers for hosting, analytics, security, payments, communications, support tooling, and creative production systems. They may process Personal Information only to provide services to us under contractual confidentiality and data protection obligations.

  2. Professional advisors
    Lawyers, accountants, auditors, and insurers where necessary.

  3. Legal, safety, and enforcement
    To comply with law, respond to lawful requests, protect rights and safety, investigate abuse, or enforce our agreements.

  4. Business transfers
    If we undergo a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction subject to appropriate protections.

11) Data retention

We retain Personal Information and Customer Content only as long as necessary for the purposes described in this Policy, unless a longer period is required by law.

Recommended baseline retention (you can adopt this immediately):

  • Account data: retained while the account is active; deleted or anonymized within 12 months after account closure unless required for legal/security reasons.

  • Customer Content: retained during the subscription; after cancellation, deleted within 30–90 days (customer-selectable), except content needed for disputes, fraud prevention, or legal obligations.

  • Billing records: retained for applicable tax/accounting requirements (commonly multiple years).

  • Support communications: retained for 24 months for continuity and service improvement.

Customers may request deletion of Customer Content sooner where feasible (subject to legal/security exceptions and backup lifecycle constraints).

12) Security

We implement administrative, technical, and organizational measures designed to protect Personal Information and Customer Content, including access controls, least-privilege practices, monitoring, and secure transmission methods. No system can be guaranteed 100% secure, but we work to prevent unauthorized access, alteration, disclosure, or destruction.

13) International data transfers

We expect to start primarily in the United States, but some vendors may process data in other countries. Where cross-border transfers are legally restricted, we use recognized mechanisms such as:

  • Standard Contractual Clauses (SCCs) for transfers to third countries, where applicable.

  • Other lawful transfer mechanisms as available (e.g., the EU-U.S. Data Privacy Framework for certified participants, if applicable to a specific vendor relationship).

14) Your rights and choices

Depending on your location, you may have rights to:

  • access, correct, or delete Personal Information;

  • object to or restrict certain processing; and

  • withdraw consent where processing is based on consent.

To exercise rights, email support@productsculpt.com. We may verify identity/authority before responding. (If you are acting on behalf of a business account, we may coordinate with the account administrator.)

15) California notice (CCPA/CPRA) – if applicable

If we are subject to California privacy law, California residents may have rights including the right to know, delete, correct, and opt out of “sale” or “sharing” (as defined by law).

No sale: We do not sell Personal Information in the traditional sense.

“Sharing” for cross-context behavioral advertising: If we use advertising pixels/retargeting that qualifies as “sharing” under California law, you may opt out by:

  • using [Do Not Sell or Share My Personal Information] (link to be added), and/or

  • adjusting [Cookie Settings], and/or

  • emailing support@productsculpt.com with your request.

Global Privacy Control: Where legally required, we honor browser-based opt-out preference signals such as Global Privacy Control.

16) Children’s privacy

Our Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13. If we learn we have collected such information, we will take steps to delete it.

17) Third-party links

Our Services may contain links to third-party sites. Their privacy practices are governed by their own policies, not ours.

18) Changes to this Policy

We may update this Policy from time to time. We will revise the “Last Updated” date and, if changes are material, provide additional notice where required.

19) Contact

Email: support@productsculpt.com