Terms
of
Service
Effective Date: [January 1, 2026]
Last Updated: [January 28, 2026]
This Privacy Policy explains how [ProductSculpt Legal Name, Inc./LLC] (“ProductSculpt,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you:
visit our website at [productsculpt.com] (the “Site”),
use our software platform and related tools (the “SaaS Services”),
purchase or receive our creative/production services (the “Agency Services”),
communicate with us (collectively, the “Services”).
1) Scope and roles (Controller vs. Processor)
A. Site & marketing interactions (we are the “controller”).
When you browse the Site, request a demo, book a call, or contact us, we determine how and why your personal information is processed.
B. SaaS + Agency delivery (we are often a “processor/service provider”).
When a customer (a “Customer”) uses ProductSculpt to upload assets, briefs, product images, brand guidelines, or other content to generate or request deliverables (“Customer Content” / “Client Data”), we generally process that data on the Customer’s instructions. In those cases, the Customer is the controller and we act as a processor/service provider (depending on jurisdiction). If you are an end user interacting with a Customer, please direct privacy requests to that Customer first.
2) Information we collect
We may collect the following categories of information:
A. Information you provide directly
Account & profile info: name, email, password, role, company name, job title.
Billing info: billing contact details and transaction metadata. (Payment card details are typically processed by our payment processor, not stored by us.)
Communications: emails, chat messages, support tickets, call recordings/transcripts if you enable them or consent where required.
Scheduling info: details you submit when booking a call (e.g., availability, meeting preferences).
Customer Content / Client Data: creative briefs, prompts, brand assets, product images, ad copy requests, feedback, and deliverables.
B. Information collected automatically
Device and usage data: IP address, browser type, device identifiers, pages viewed, timestamps, referral URLs, and interactions with the Services.
Cookies and similar technologies: used for functionality, analytics, and (if enabled) advertising/retargeting. See Section 7.
C. Information from third parties
Service providers and integrations you or your employer enables (e.g., storage, analytics, CRM, support desk).
Lead sources (e.g., if you sign up via a partner, event list, or referral).
4) AI, model use, and Customer Content
Because ProductSculpt creates content using AI tooling, we may process Customer Content using AI infrastructure providers and related subprocessors.
We do not use Customer Content to train or improve generalized AI models except (a) to provide the requested output, (b) to maintain safety and prevent abuse, or (c) if the Customer explicitly opts in (e.g., a checkbox or signed addendum).
We may use aggregated or de-identified usage analytics to improve performance and reliability.
You control what you upload. Do not upload sensitive information you don’t want processed (e.g., government IDs, health data) unless you’ve agreed in writing that we will process it and you have a lawful basis to provide it.
5) How we share information
We may disclose information:
A. To service providers (“processors”) that help us run the Services (e.g., hosting, payments, analytics, support, email delivery, error monitoring). They may only process data for our instructions and as permitted by contract.
B. To comply with law / protect rights (e.g., subpoenas, legal process, security incident response, fraud prevention).
C. In business transfers (merger, acquisition, financing, sale of assets), where permitted by law.
D. With your direction (integrations you enable; collaborators you invite).
We do not sell your personal information in the traditional sense.
If you run advertising pixels or cross-context behavioral advertising, California law may treat certain disclosures as “sharing.” If applicable, we provide an opt-out (see Section 10) and honor Global Privacy Control signals.
6) Data retention
We retain personal information only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, dispute resolution). GDPR/UK GDPR require that you be told the retention period or the criteria used to determine it.
Typical approach (edit these):
Account data: retained while the account is active; deleted or anonymized after closure, unless required for legal reasons.
Customer Content: retained per your plan settings. (subject to backups).
Logs/security data: retained for [X days/months].
7) Cookies, analytics, and tracking
We use cookies and similar technologies for:
Essential functions (login, security, preferences),
Analytics (understanding usage and performance),
Advertising (only if enabled).
Your choices: You can control cookies through your browser settings and, where required, our cookie banner/consent tools.
Global Privacy Control (GPC): If applicable, we treat GPC as a valid opt-out of “sale/sharing” under California law where required.
8) Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. No system is 100% secure, and we cannot guarantee absolute security.
We also work to ensure our statements about safeguarding data match our actual practices—misrepresentations can trigger enforcement.
9) Marketing communications
You can opt out of marketing emails by using the “unsubscribe” link in our emails or contacting us at [privacy@yourdomain.com]. Transactional/administrative messages (e.g., invoices, security alerts) may still be sent.
10) U.S. state privacy rights (including California)
Depending on where you live, you may have rights to:
Access/know what personal information we collect and how we use it,
Delete personal information (with exceptions),
Correct inaccurate personal information,
Opt out of certain processing (e.g., targeted advertising) and/or the “sale/sharing” of personal information under California law,
Non-discrimination for exercising privacy rights.
California specifically provides a right to opt out of sale/sharing (including via a user-enabled global privacy control) and a right to correct.
California regulations also emphasize providing notice at or before the point of collection about categories, purposes, and whether data is sold/shared.
How to submit a request:
Email [privacy@yourdomain.com] with subject “Privacy Request” or use [privacy request form link].
Verification: We may need to verify your identity before processing your request (and may request additional information solely for verification).
Authorized agents (California): If you use an authorized agent, we may request proof of authorization and verify your identity.
If you do not sell/share (common SaaS stance):
You may include: “ProductSculpt does not sell or share personal information as defined by the CCPA/CPRA.”
If you do use ad pixels/retargeting, keep the opt-out language and add a ‘Do Not Sell or Share My Personal Information’ link on your footer.
11) GDPR / UK GDPR disclosures (EEA/UK users)
If you are in the EEA/UK, ProductSculpt processes personal data under the following lawful bases (as applicable):
Contract (to provide the Services you request),
Legitimate interests (to secure/improve the Services, prevent fraud, market to business contacts where permitted),
Consent (e.g., where required for certain cookies/marketing),
Legal obligation (compliance).
GDPR/UK GDPR require informing individuals about purposes, lawful bases, recipients, retention, and rights.
Your rights may include: access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. (In the UK, that authority is the ICO.)
12) International data transfers
We may transfer and process information in countries other than where you live (e.g., where our hosting/providers operate). Where required, we use appropriate safeguards (such as contractual protections) to support such transfers. (The UK/EU have specific rules around restricted transfers.)
13) Children’s privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us at [privacy@yourdomain.com] so we can take appropriate action. COPPA imposes requirements on services directed to children under 13 and on services with actual knowledge of collecting such data.
14) Third-party links and services
The Services may contain links to third-party sites or integrations. Their privacy practices are governed by their own policies, not ours.
15) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will update the “Last Updated” date and, if changes are material, provide additional notice as required by law.
16) Contact us
ProductSculpt
[Legal Entity Name]
[Street Address]
[City, State/Region, Postal Code, Country]
Email: [privacy@yourdomain.com]
Support: [support@yourdomain.com]