• Company: MP Merlin Limited
• Address: 97 Wordsworth Road, M27 9SJ, Swinton, UK
• Email: contact@upvinti.com

We are the controller of your personal data collected through our website.

We collect the following types of personal data from you:

• Name
• Email address
• Uploaded images (used for editing)
• Payment information (processed securely by third-party provider)
• Cookies and analytics data (e.g., IP address, device type)

Your data is collected through:

• Account registration
• Image upload forms
• Cookies and tracking scripts
• Payment processing (via Stripe or another third-party provider)
• Non-code integrations (e.g., Lovable)
• Backend services (e.g., Supabase, Google AI Studio)

We process your personal data for the following purposes:

• To provide and improve our AI photo editing service
• To process payments securely
• To send transactional communications (e.g., confirmations, password resets)
• To improve the user experience and platform performance
• To comply with legal obligations

Under GDPR, we rely on the following legal bases to process your data:

• Contractual necessity – to provide our service to you
• Consent – for cookies and optional communications
• Legitimate interest – for platform improvement
• Legal obligation – where required by law

We use cookies to:

• Analyze website traffic and usage
• Maintain user sessions
• Improve functionality

You will see a cookie consent banner when you visit our site, allowing you to manage your preferences. You can also update preferences via your account dashboard.

Uploaded images are stored until you have created 50 edited images, after which they are automatically deleted. We do not use your images to train AI models unless we request and receive explicit consent.

• Account data is stored as long as your account is active and deleted upon your request.
• Payment data is processed and stored only by our secure third-party payment provider (e.g., Stripe). We do not store your full payment information on our servers.

You have the following rights under GDPR:

• Access – Request a copy of your data
• Rectification – Correct inaccurate data
• Erasure – Delete your data
• Objection – Object to certain types of processing
• Data portability – Request a copy in a portable format
• Withdraw consent – At any time for cookies or marketing

You can exercise your rights by contacting us at: contact@upvinti.com or via your account dashboard.

We may share your data with trusted third parties who help us run our service:

• Supabase – Database and authentication services
• Google AI Studio – Image analysis and enhancement
• Lovable – No-code tool for interface and workflow management
• Payment provider – e.g., Stripe, for secure payment processing

All third-party processors are under data processing agreements (DPAs) and comply with GDPR standards.

Some of our service providers are located outside the UK and EU. We ensure adequate data protection using:

• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Agreement (IDTA)

These mechanisms ensure your data is handled securely even outside the EU/UK.

• Uploaded images: Automatically deleted after you create 50 edited images
• Account data: Stored until you delete your account
• Payment data: Handled solely by our third-party payment provider
• Cookies and analytics: Retained based on your preferences

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top of this page
• Significant changes may be communicated via email or website notice

If you have any questions about this policy or your data rights, please contact:

• 📧 Email: contact@upvinti.com
• 📍 Address: MP Merlin Limited, 97 Wordsworth Road, M27 9SJ, Swinton, UK