Revised: 31 July 2025
1 Overview
This Privacy Notice explains how Paradoxeer s.r.o. (“ImaginAI”, “we”, “our”, “us”) collects, uses, shares and protects your personal data when you visit imaginai.me or use our AI image-generation tools (together, the “Service”).
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Czech law (including Act No. 110/2019 Coll. on Personal Data Processing). By accessing the Service, you acknowledge that you have read and understood this Notice.
2 Who is responsible?
| Controller | Paradoxeer s.r.o. |
|---|---|
| Company No. | 23375141 |
| Registered address | Dandova 2619/13, Horní Počernice, 193 00 Praha, Czech Republic |
| Contact e-mail | better@imaginai.me |
3 Categories of data we collect
| Type | Typical examples |
|---|---|
| Contact details | Name, e-mail, country/region |
| Account data | Username, hashed password, interface settings, wallet balance, saved requests/history |
| Payments & transactions | Top-up amount and currency (EUR), payment status, last four digits of card, taxes, invoices (we do not store full card numbers) |
| User content | Prompts you enter and any AI images you choose to store on our servers |
| Technical & usage | IP address, device/browser info, log files, cookies, analytics events, request metadata (e.g., model options) |
| Identity / compliance | Date of birth or government ID only if verification is legally required (e.g., fraud prevention) |
| Marketing | Newsletter opt-in status, campaign engagement |
We do not intentionally collect special-category data. Please avoid including sensitive personal data in prompts or uploads unless strictly necessary.
4 Why we use your data & legal grounds
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Run and maintain your account; deliver image generation | Contract performance (Art. 6(1)(b)) |
| Process TOP UP payments; maintain wallet balance; issue invoices | Contract; legal obligation (tax/accounting) |
| Deduct per-request fees and provide receipts | Contract |
| Detect fraud, abuse and unauthorised access | Legitimate interests (security) |
| Diagnose errors and improve functionality via analytics | Legitimate interests (service optimisation) |
| Send operational e-mails (balance alerts, policy changes) | Contract; legitimate interests |
| Send marketing e-mails where you opt in | Consent (withdraw any time) |
| Fulfil statutory duties (book-keeping, sanction checks) | Legal obligation |
If we need your data for a materially different purpose, we will inform you and, where required, seek your consent first.
5 Cookies & similar tools
Essential cookies keep the Site running; optional analytics cookies are set only with your consent. See our separate Cookie Notice for details.
6 How long we keep information
-
Accounts & transactions: retained for the period required by Czech accounting/tax laws (up to 10 years after the end of the relevant period).
-
Stored prompts & AI images: kept until you delete them or close your account.
-
Technical logs: typically up to 12 months, unless needed to investigate incidents.
-
Marketing records: retained until you opt out or after 2 years of inactivity.
When retention periods lapse, data are irreversibly deleted or anonymised.
7 Who we share data with
We disclose personal data solely to:
-
Payment processors (e.g., card gateways) to process top-ups;
-
Cloud-hosting & e-mail providers located in the EU/EEA;
-
Professional advisers (lawyers, accountants, auditors) under confidentiality;
-
Public authorities where required by law or to safeguard our legal rights.
All third-party processors act only on our instructions under written contracts (DPAs).
8 International transfers
If personal data are transferred outside the EU/EEA, we use one of the following safeguards:
-
An adequacy decision by the European Commission (Art. 45 GDPR), or
-
Standard Contractual Clauses (Art. 46 GDPR) or equivalent safeguards.
Copies of the relevant safeguards are available on request.
9 Keeping your data safe
We apply industry-standard protections, including TLS encryption in transit, encryption at rest, role-based access controls, regular security testing and ISO-compliant data-centre facilities.
10 Your privacy rights
You may request to access, correct, erase, restrict, object, or port your data, and you may withdraw consent at any time. Send your requests to better@imaginai.me .
If you believe your rights have been violated, you can complain to the Czech Data Protection Authority (ÚOOÚ) or, if you reside in another EEA country, to your local supervisory authority.
11 Children
Our Service is intended for adults (18+). We do not knowingly process data belonging to minors. If we discover such data, we will delete it promptly.
12 Automated decisions
We do not engage in fully automated decision-making that produces legal or similarly significant effects about you.
13 Changes to this Notice
We may update this Notice from time to time. Significant amendments will be highlighted via e-mail or an in-app banner. The latest version is always available on our Site.
