Img Alt Gen Privacy Policy

Privacy Policy

Effective Date: October 27, 2025

Controller: Arctic Fox Developments, 22 Thomas Street, Abertridwr, Caerphilly, United Kingdom CF83 4AZ

Contact: contact@arcticfoxdevelopments

We respect your privacy. This Policy explains how we collect, use, disclose, and protect personal data in connection with the IMG Alt Gen Service and the WordPress client plugin.

1) Scope

This Policy covers: (a) account and billing data you provide; (b) operational/diagnostic data generated by your use of the plugin and Service; and (c) Customer Content (images/media and associated metadata) processed to generate alt text.

2) Data We Collect

  • Account Data: name, email, password hash, organization, role.
  • Billing Data: payment method tokens, billing address, tax IDs (processed by Stripe; we do not store full card numbers).
  • Operational/Technical Data: token usage, request timestamps, API status codes, limited error logs, IP address, user agent, language, plugin/version, WordPress version.
  • Customer Content: images/media and related metadata you submit for generation; generated outputs (alt text).
  • Support Data: messages and attachments you send to us.
  • Cookies/Local Storage: essential authentication/session cookies where applicable; no analytics cookies (we do not use analytics).

3) How We Use Data

  • Provide, maintain, and secure the Service and plugin.
  • Authenticate users; manage accounts, tokens, and billing.
  • Generate alt text from Customer Content via first-party and third-party AI providers.
  • Monitor performance, debug issues, and prevent abuse.
  • Communicate about updates, security, and support.
  • Comply with legal obligations and enforce Terms.

4) Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process on the following bases:

  • Contract (Article 6(1)(b)): to deliver the Service you requested.
  • Legitimate Interests (Article 6(1)(f)): to secure and improve the Service, prevent abuse, and understand aggregate use.
  • Consent (Article 6(1)(a)): where required for optional activities (e.g., marketing).
  • Legal Obligation (Article 6(1)(c)): to meet record-keeping and compliance duties.

5) Customer Content & AI Providers

  • No retention of customer media: By default, we do not retain Customer Content beyond transient processing necessary to generate outputs and ensure delivery/retry.
  • Outputs: Generated alt text may be returned to your site and not retained by us except transiently for delivery, reliability, and abuse prevention.
  • Model training: We do not use Customer Content or outputs to train models unless you explicitly opt in.
  • Subprocessors: We use trusted providers to deliver the Service (e.g., Hostinger for hosting; Stripe for payments). We can provide an up-to-date list of subprocessors on request at contact@arcticfoxdevelopments.

6) Sharing & Disclosure

We do not sell personal data. We share only with:

  • Service Providers/Subprocessors under contracts limiting processing to our instructions;
  • Legal/Compliance recipients when required by law, subpoena, or to protect rights, safety, or property;
  • Corporate Transactions (e.g., merger/acquisition) subject to continued protection.

7) International Transfers

We may transfer data to countries where we or our subprocessors operate. We implement appropriate safeguards (e.g., Standard Contractual Clauses) where required.

8) Security

We employ reasonable technical and organizational measures (encryption in transit, access controls, audit logging). No method is 100% secure; please use strong passwords and restrict WordPress admin access.

9) Retention

  • Account/Billing Data: retained while your account is active and for a reasonable period thereafter to comply with law and resolve disputes.
  • Operational Logs: retained for a limited period consistent with security and troubleshooting needs.
  • Customer Content: not retained beyond transient processing; any ephemeral caches are short-lived and purged automatically. We may anonymize or aggregate data for statistics and retain such datasets.

10) Your Rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing.

  • EEA/UK: You may lodge a complaint with your Data Protection Authority.
  • California (CPRA): You have rights to know, delete, correct, and opt out of “sales”/“sharing” (we do not sell personal information). To exercise rights, contact contact@arcticfoxdevelopments. We will verify and respond within applicable timelines.

11) Children

The Service is not directed to children under 16. We do not knowingly collect their data. If you believe a child has provided data, contact us to delete it.

12) Cookies & Similar Technologies

We use only essential cookies/local storage for authentication and security. We do not use analytics cookies or third-party trackers.

13) Communications

We may send transactional emails (security alerts, billing, product notices). Marketing emails (if any) are sent only with consent and include an unsubscribe option.

14) Data Requests, Representatives, DPO

  • Contact (all regions): contact@arcticfoxdevelopments
  • EU/UK Representatives & DPO: Not currently appointed; we will update this Policy if that changes.

15) Changes to this Policy

We may update this Policy. Material changes will be notified in-product or by email. The “Effective Date” indicates the latest version.

16) Contact

Arctic Fox Developments

22 Thomas Street, Abertridwr, Caerphilly, United Kingdom CF83 4AZ

contact@arcticfoxdevelopments