← Back to Home

Privacy Policy

Last updated: September 30, 2025

1. Introduction

Circo, Inc. ("we", "us", or "our") operates Photowand, an AI-powered photo editing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Photowand, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Password (encrypted)
  • Profile information (if provided)

2.2 User Content

We collect and process:

  • Images you upload to the platform
  • Prompts and instructions you provide
  • Generated images and editing history
  • Project data and workspace information

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. We receive and store:

  • Subscription status and plan type
  • Transaction history
  • Credit usage data

2.4 Usage Data

We automatically collect:

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • Time and date of visits
  • Diagnostic and performance data

2.5 Analytics Data

We use PostHog and DataFast for analytics to understand user behavior and improve our Service. This includes session recordings and event tracking.

3. How We Use Your Information

We use the collected information for:

  • Providing and maintaining the Service
  • Processing your images using AI models
  • Managing your account and subscription
  • Processing payments and maintaining transaction records
  • Sending service-related notifications and updates
  • Improving and optimizing our Service
  • Detecting and preventing fraud or abuse
  • Analyzing usage patterns and trends
  • Complying with legal obligations

4. AI Processing

We use Fal AI and other third-party AI services to process your images. When you use our Service:

  • Your images are sent to AI service providers for processing
  • These providers process your images according to their own privacy policies
  • We use OpenAI for prompt enhancement and image analysis features
  • Processed images are returned to us and stored in our cloud storage (Cloudflare R2)

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Images are stored securely in Cloudflare R2 (S3-compatible storage)
  • Account data is stored in PostgreSQL with Prisma ORM
  • Caching is handled through Upstash Redis
  • All data transmission is encrypted using SSL/TLS
  • Passwords are hashed and encrypted
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Your account data will be deleted within 30 days
  • Your uploaded and generated images will be deleted from our storage
  • We may retain certain information as required by law or for legitimate business purposes
  • Anonymized analytics data may be retained indefinitely

7. Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Fal AI, OpenAI, Stripe, Resend, Cloudflare, Upstash, PostHog, DataFast
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, sale, or acquisition
  • Workspace Members: If you're part of a workspace, certain data may be visible to other members

8. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences
  • Analyze usage patterns through PostHog and DataFast
  • Improve user experience

You can control cookies through your browser settings, but disabling them may affect functionality.

9. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Export: Download your projects and generated images
  • Opt-out: Unsubscribe from marketing emails
  • Restriction: Request we limit processing of your data

To exercise these rights, contact us at support@photowand.ai.

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our Service, you consent to such transfers.

12. Third-Party Services

We use the following third-party services:

  • Fal AI: Image generation and processing
  • OpenAI: Prompt enhancement and image analysis
  • Stripe: Payment processing
  • Cloudflare R2: Image storage
  • Upstash Redis: Caching
  • Resend: Email delivery
  • PostHog & DataFast: Analytics
  • Google: Authentication (optional)

Each service has its own privacy policy governing their use of your data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Circo, Inc.

Email: support@photowand.ai

Privacy Inquiries: privacy@photowand.ai

15. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of your information. We do not sell personal information.

16. GDPR Compliance

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and the right to object to processing of your personal data.