AIOE

Privacy Policy

Last updated: March 6, 2026

ScaleCommerce Group AB ("AIOE", "we", "us", or "our") operates the AIOE Image Generator service. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform. We are committed to compliance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile information provided through our authentication provider (Clerk). We do not store passwords directly.

Usage Data

We collect data about how you use the service, including credit consumption, images generated, prompts created, templates selected, and feature usage patterns.

Uploaded Content

Product images you upload and URLs you provide for scraping are processed to generate AI prompts and images. Uploaded images are stored temporarily for processing and in your image history.

Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed exclusively by Stripe. We store only Stripe customer IDs and subscription status - never raw payment credentials.

Technical Data

We automatically collect IP addresses, browser type, device information, and access timestamps for security, analytics, and service improvement purposes.

2. How We Use Your Information

  • Provide and operate the AIOE Image Generator service, including AI prompt generation and image creation
  • Process payments and manage your subscription and credit balance
  • Send transactional emails related to your account, billing, and service updates
  • Improve our AI models and service quality through aggregated, anonymized usage analytics
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations under GDPR and Swedish law

3. Data Storage & Security

Your data is stored on secure servers within the European Economic Area (EEA) where possible. We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security audits to protect your personal data from unauthorized access, alteration, or destruction.

Generated images are stored using Vercel Blob Storage with access-controlled URLs. Database records are maintained in Neon PostgreSQL with encrypted connections.

4. Third-Party Services

We use the following third-party services to operate our platform. Each processes data in accordance with their own privacy policies:

  • Clerk - Authentication and user management. Handles sign-up, sign-in, and session management.
  • Stripe - Payment processing. Handles subscription billing, credit pack purchases, and payment method storage.
  • Google (Gemini AI) - AI image generation. Product images and prompts are sent to Google's Gemini API to generate studio-quality product photographs.
  • Anthropic (Claude AI) - AI prompt generation. Product context is sent to Anthropic's Claude API to generate optimized photography prompts.
  • Vercel - Application hosting, edge network, and blob storage for generated images. Vercel Analytics and Speed Insights collect anonymized performance metrics (page load times, web vitals) to help us improve site performance. No personal data is collected.
  • Sentry - Error monitoring and performance tracking. Sentry collects technical error data (stack traces, browser information, request URLs) to help us identify and fix issues. A small percentage of user sessions may be recorded for debugging purposes. This data is processed only when you have accepted analytics cookies.
  • Upstash - Redis-based rate limiting. Stores only your user ID temporarily to enforce per-user request limits. No personal data is persisted.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access - Request a copy of the personal data we hold about you.
  • Right to Rectification - Request correction of inaccurate or incomplete data.
  • Right to Erasure - Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing - Request that we limit how we use your data.
  • Right to Data Portability - Receive your data in a structured, machine-readable format.
  • Right to Object - Object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, contact us at privacy@scalecommerce.se. We will respond within 30 days.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Generated images are retained in your account history until you delete them or close your account. After account deletion, we remove personal data within 30 days, except where retention is required for legal or regulatory compliance.

7. Cookies

We use essential cookies required for authentication, session management, and security. These cookies are strictly necessary for the service to function and cannot be disabled.

We also use optional analytics cookies (Sentry error monitoring, Vercel Analytics, and Speed Insights) to improve service quality. These are only activated if you accept cookies via our consent banner. We do not use advertising or third-party tracking cookies.

For a full list of cookies we use, see our Cookie Policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

9. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

ScaleCommerce Group AB

AIOE Brand

Email: privacy@scalecommerce.se