← Back

Privacy Policy

Last updated: 2025-08-23

Privacy Policy Secure Hosting OÜ (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we handle customer photos and related data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Data Controller

The data controller responsible for your personal data is: Secure Hosting OÜ.

2. Data We Collect

We process the following categories of data:
  • Customer photos: Images that you upload to our service. Technical metadata: Information such as file format, size, and upload time. We do not collect names, contact information, or any other personal identifiers within your photos.

    • 3. Purpose of Processing

    We process customer photos for the following purposes:
  • To provide our service, which requires processing the photos with AI models. To improve the quality and accuracy of our services.

    • 4. How We Share Your Data

    We may transfer your photos to trusted third-party AI service providers, currently including Google. All transfers are made in an anonymous form, meaning that we remove any personal identifiers before transfer. Google and other providers process the images strictly under our instructions and do not receive information that identifies you.

    5. Legal Basis for Processing

    We process your data based on: Article 6(1)(b) GDPR — performance of a contract (to provide the service you requested). Article 6(1)(f) GDPR — legitimate interests (to operate and improve our services).

    6. Data Retention

    Customer photos are stored only for as long as necessary to provide the service. After processing, photos are either deleted immediately or retained for a limited time [define retention period, e.g., 30 days] to allow you to access results.

    7. Data Security

    We implement appropriate technical and organizational measures to protect your photos against unauthorized access, alteration, or disclosure.

    8. International Data Transfers

    If data is processed outside the European Economic Area (EEA) (e.g., by Google servers in the U.S.), such transfers are protected through: EU Standard Contractual Clauses (SCCs), or Other legal safeguards required by GDPR.

    9. Your Rights

    Under GDPR, you have the right to: Access your data. Request correction or deletion. Restrict or object to processing. Data portability. Lodge a complaint with your local Data Protection Authority. You may exercise these rights by contacting us at: [Company Email].

    10. Changes to This Privacy Policy

    We may update this policy from time to time. The latest version will always be available on our website.

    11. Contact

    For any questions about this Privacy Policy or your data rights, please contact us at: [Company Name] [Company Address] [Company Email]