Privacy Policy

Account information: email, display name, and an authentication identifier (e.g. Google OAuth sub) when you sign in. Generation inputs and outputs: the prompts you submit and the media we return, retained so you can revisit your history. Billing data: Stripe customer ID, subscription state, and credit balance — actual card numbers never touch our servers (handled by Stripe). Usage logs: request timestamps, model used, credit cost, and error states, used for debugging and abuse detection.

We use your data to deliver the service (run generations, manage credits, process payments), respond to support requests, prevent abuse (spam, CSAM, content-policy violations), and improve product reliability. We do not sell your data. We do not train AI models on your prompts or outputs. Generations are sent to our upstream model providers (see Section 3) only to fulfil your request and are not retained by us for model training.

We rely on the following third parties to deliver the service: Supabase (hosting + database, EU/US region), Stripe (payments, PCI-compliant), Cloudflare (CDN, DDoS protection, image optimization), fal.ai / Replicate / kie.ai / DeepSeek / OpenRouter (AI model inference). Each subprocessor receives only the data needed to perform its function. Provider-side data handling is governed by their respective privacy policies.

We retain account data and generation history for as long as your account is active. After account deletion, account records, billing history, and generation outputs are deleted within 30 days, except where retention is legally required (e.g. tax records for completed Stripe transactions, typically 7 years). Logs older than 90 days are aggregated and stripped of user identifiers.

Regardless of where you live, you can: request a copy of your data, request deletion of your account, export your generation history, and ask us to correct inaccurate information. EU/UK residents have additional rights under the GDPR (lawful basis: contract performance + legitimate interest). California residents have rights under the CCPA/CPRA (we are not a data broker; we do not sell personal information). Email [email protected] to exercise any right.

We use first-party cookies for authentication, session management, and language preferences. Third-party cookies are set by Stripe (checkout) and Cloudflare (security). We do not use third-party advertising cookies. Details and opt-out instructions are in our Cookie Policy.

GeminiOmni is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this policy as the service evolves. Material changes will be announced via in-product notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.