Privacy Policy

DMDX Studio (operated by [DMDX_LEGAL_ENTITY]) provides an AI-powered jewellery image generation platform. Throughout this policy, "we", "us", and "our" refer to that entity. If you have questions about this policy or your data, contact us at [privacy@dmdxstudio.com].

We collect the following categories of personal data:

• Account data — your email address and authentication identifiers issued by Supabase Auth when you sign up.
• Uploaded reference images — the CAD renders, sketches, or product photos you submit so the platform can generate new imagery.
• Generated images — the photorealistic outputs produced from your inputs, together with the prompt parameters used to produce them.
• Usage data — counts of jobs created and credits consumed, used to enforce plan limits and bill correctly.
• Technical data — IP address, browser type, device information, and cookie identifiers (see our Cookie Policy).

• To run the service: generate images, store your outputs, and apply your monthly credit allowance.
• To authenticate you and keep your account secure.
• To respond to support requests and send service-related communications.
• To monitor usage and detect abuse of the platform.
• To comply with our legal obligations.

We rely on a small number of trusted sub-processors to run the platform. We do not sell your data to third parties.

• WaveSpeed AI — performs the image generation. When you click Generate, your reference image URLs and the constructed prompt are sent to WaveSpeed's API, which returns the generated image asynchronously.
• OpenRouter — analyses uploaded reference images at step 2 to identify jewellery type, metal, stones, and other attributes that inform subsequent prompts.
• Supabase — hosts our database (your account, jobs, generated image metadata) and our authentication layer.
• Cloudflare R2 — stores the binary content of uploaded reference images and generated outputs.

Each sub-processor processes your data on our instructions and under their own privacy and security commitments.

Reference images you upload are used solely to produce outputs for your account. We do not use your images, prompts, or generated outputs to train any machine-learning model, and we do not pass them to our sub-processors for training purposes.

Generated images and their associated job records are retained while your account is active. You can delete individual jobs and their images at any time from the dashboard.

We use a small set of essential cookies for authentication and session management. See our Cookie Policy for the full breakdown and instructions for controlling cookies in your browser.

• Account data: for the lifetime of your account, plus 90 days after closure.
• Uploaded reference images and generated images: until you delete the corresponding job, or until your account is closed.
• Usage records (credit consumption, job counts): retained for billing and audit purposes.
• Server logs: rotated on a rolling basis (typically 30 days).

Depending on your jurisdiction (for example, under UK GDPR, EU GDPR, or comparable frameworks), you may have the right to:

• Access the personal data we hold about you.
• Request that we correct inaccurate data or complete incomplete data.
• Request that we delete your data ("right to be forgotten").
• Object to or restrict certain processing.
• Receive a portable copy of your data.

To exercise any of these rights, contact [privacy@dmdxstudio.com]. We aim to respond within 30 days.

Data is transmitted over TLS, and at rest is protected by the encryption controls of our sub-processors (Supabase, Cloudflare R2). We do not store payment card numbers on our own infrastructure.

We may update this policy as the service evolves. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will notify active users by email.

Questions about this policy or your data: [privacy@dmdxstudio.com].