Privacy & Policy

1. Introduction

   CatShotAI ("Company", "we", "our", or "us") is committed to protecting and respecting your privacy. This

   Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you

   access and use the CatShotAI platform (website, application, and related services, collectively the

   "Platform").

   This Policy is drafted in accordance with applicable data protection laws, including the Information

   Technology Act, 2000 (India), the Information Technology (Reasonable Security Practices and Procedures

   and Sensitive Personal Data or Information) Rules, 2011, and globally recognised data protection

   principles.

   By accessing or using the Platform, you consent to the collection and use of your information as described

   in this Privacy Policy. If you do not agree with the terms of this policy, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration Data: Full name, email address, password (hashed), and phone number (optional).

• Profile Information: Profile picture, business name, and account preferences.

• Payment Information: Billing details, payment method information processed through Razorpay. We do not store full card details on our servers.

• User-Uploaded Content: Garment images, product photographs, and any other files you upload to the Platform.

• Communications: Messages, feedback, and support tickets submitted to our team.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, generation history, credit consumption, and session duration.

• Device and Technical Data: IP address, browser type and version, device type, operating system, and screen resolution.

• Log Data: Server logs including access times, HTTP request data, error logs, and referrer URLs.

Privacy Policy

• Cookies and Similar Technologies: Session cookies for authentication, preference cookies, and analytics cookies (see Section 9 for details).

2.3 Information from Third Parties

• Payment verification and fraud detection data from Razorpay.

• Technical performance and error monitoring data from our infrastructure providers.

• Analytics data from approved analytics partners.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Platform Operation: To provide, maintain, and improve the AI try-on services, process image generation requests, and manage your account.

• Authentication and Security: To verify your identity using JWT-based authentication, prevent unauthorised access, and protect against fraud.

• Payment Processing: To process subscription payments and add-on credit purchases through Razorpay in INR.

• Customer Support: To respond to your enquiries, troubleshoot issues, and provide technical assistance.

• Communications: To send transactional emails (account confirmations, payment receipts), service updates, and, with your consent, promotional communications.

• Analytics and Improvement: To analyse usage patterns, improve Platform features, and develop new services.

• Legal Compliance: To comply with applicable legal obligations, enforce our Terms and Conditions, and respond to lawful requests from authorities.

• Safety and Abuse Prevention: To detect, investigate, and prevent fraudulent, harmful, or illegal activities on the Platform.

4. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and

organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

Key security measures include:

• AES-256-GCM encryption for all API data transmissions between the frontend and backend.

• JWT tokens with 7-day expiry for secure session management.

• Secure cloud storage of uploaded and generated images via Cloudflare R2, a GDPR-compliant object storage service.

• Hashed and salted password storage — we never store plain-text passwords.

• Regular security audits and vulnerability assessments of our infrastructure.

• Role-based access controls (RBAC) limiting staff access to personal data on a need-to-know basis.

Your data is stored on secure servers. While we implement industry-standard security measures, no

method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee

absolute security.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this Privacy

Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained for the duration of your account and up to 3 years after account deletion for legal and compliance purposes.

• Uploaded Images: Retained on Cloudflare R2 while your account is active. You may delete your uploaded images at any time through your dashboard.

• Generated Images: Retained in your library while your account is active. You may delete generated images at any time.

• Payment Records: Retained for 7 years as required by Indian financial regulations.

• Log Data: Typically retained for 90 days for security and debugging purposes.

After the applicable retention period, personal data is securely deleted or anonymised in accordance with

our data deletion procedures.

7. Sharing of Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We

may share your information with:

• Service Providers: Third-party vendors who assist us in operating the Platform, including Cloudflare (storage), Google (AI processing via Gemini API), Razorpay (payments), and Baserow (database services). These providers are contractually bound to use your data only to provide services to us.

• Legal Authorities: Government agencies, law enforcement, or courts where required by applicable law, regulation, legal process, or governmental request.

• Business Transfers: In connection with a merger, acquisition, asset sale, or similar transaction, your information may be transferred to the acquiring entity, subject to the same privacy protections.

• Safety and Protection: Where we believe disclosure is necessary to protect the rights, property, or safety of CatShotAI, our users, or the public.

Any sharing of personal data with third parties is governed by appropriate data processing agreements

and confidentiality obligations.

8. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence,

including servers operated by Cloudflare and Google. These transfers are conducted in compliance with

applicable data protection laws and subject to appropriate safeguards, such as standard contractual

clauses or equivalent data protection frameworks.

By using the Platform, you consent to the transfer of your personal data to these international locations as

described in this Privacy Policy.

8. Your Rights

Subject to applicable law, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete personal data.

• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.

• Right to Restriction: Request that we restrict the processing of your personal data in certain circumstances.

• Right to Data Portability: Request a structured, machine-readable copy of your data.

• Right to Object: Object to processing of your personal data for direct marketing or on grounds relating to your particular situation.

• Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please submit a written request to privacy@catshotai.com. We will

respond within 30 days. We may need to verify your identity before fulfilling the request.

9. Cookies and Tracking Technologies

CatShotAI uses cookies and similar tracking technologies to enhance your experience on the Platform. We

use:

• Essential / Session Cookies: Required for authentication (JWT-based sessions) and basic Platform functionality. These cannot be disabled without impacting Platform use.

• Preference Cookies: Remember your settings and preferences for a personalised experience.

• Analytics Cookies: Collect anonymous usage data to help us understand how users interact with the Platform and improve our services.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies

may affect Platform functionality. By continuing to use the Platform, you consent to our use of cookies as

described in this section.

10. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data

from children. If you believe that a child has provided personal data to us, please contact us at

privacy@catshotai.com and we will promptly delete such information from our records.

11. Third-Party Links

The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to

those external sites, and we are not responsible for their privacy practices. We encourage you to review

the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal

requirements, or for other operational reasons. When we make material changes, we will notify you by

email or by posting a prominent notice on the Platform prior to the change becoming effective.

The updated policy will be posted with a revised effective date. Your continued use of the Platform after

the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

13. Contact and Data Controller

CatShotAI is the data controller responsible for your personal information. For any privacy-related

enquiries, requests, or concerns, please contact our Data Protection Officer at:

CatShotAI – Data Protection Officer

Email: privacy@catshotai.com

General Support: support@catshotai.com

Website: www.catshotai.com

For formal legal notices, please send correspondence to legal@catshotai.com with "Privacy Notice" in the

subject line. We are committed to working with you to resolve any privacy concerns promptly and fairly.