Privacy Policy
Last updated: June 1, 2026
This Privacy Policy explains what personal information Facetra Technologies Pvt. Ltd. ("Facetra", "we") collects from users of facetra.studio (the "Service"), how we use it, who we share it with, and the choices you have. We comply with the Digital Personal Data Protection Act, 2023 (India) and follow principles from the GDPR for international users.
1. Information We Collect
1.1 You provide to us
- Account: name, email address, profile photo (via Google sign-in).
- Waitlist / demo booking: name, email, company, role, message.
- User Content: sketches, reference images, prompts, render selections, BOM edits, portfolio names.
- Payments: billing name, email, payment method details — processed and stored by Razorpay. We only store the payment_id, order_id, amount, status and pack purchased.
- Communications: messages you send us via email or in-app.
1.2 Collected automatically
- Usage data: pages visited, features used, credit transactions, generation counts, timestamps.
- Device & log data: IP address, browser type, OS, referrer URL, error logs.
- Cookies: a single HTTP-only session cookie (
session_token) for authentication. We do not use third-party advertising cookies.
2. How We Use Your Information
- To provide and operate the Service (generate renders, save portfolios, process payments).
- To authenticate you and protect against abuse (rate-limiting, brute-force protection).
- To send transactional emails (welcome, demo booking confirmations, studio-ready notifications, payment receipts).
- To improve the Service (analytics on feature usage — never tied to your generated content).
- To comply with legal obligations and respond to lawful requests.
3. AI Processing
Prompts, sketches, and reference images you submit are transmitted to our AI provider (currently Google Gemini, routed via Emergent's integration layer) solely to generate your requested render. Generated outputs are stored in our database and durable storage (MongoDB GridFS) under your account. We do not use your User Content to train third-party AI models outside the request/response cycle, and our provider agreements prohibit them from doing so for our customers' content.
4. Who We Share Information With
We share information only with service providers strictly necessary to operate Facetra:
| Provider | Purpose | Data |
|---|---|---|
| Sign-in (OAuth) | email, profile | |
| Google Gemini / Emergent | AI image & text generation | prompts, reference images |
| Razorpay | Payment processing | billing name, email, payment method |
| Resend | Transactional email | name, email |
| MongoDB Atlas | Database hosting | all stored data, encrypted at rest |
| Emergent (Kubernetes infra) | App hosting | app runtime, logs |
We do not sell your personal information. We may disclose information to comply with valid legal requests (subpoenas, court orders) or to protect our rights and users' safety.
5. Data Retention
- Account & User Content: retained while your account is active.
- Generated renders & portfolios: until you delete them or close your account.
- Payment records: retained for 7 years as required by Indian tax law.
- Logs (server, error, security): retained 90 days, then anonymised.
You can request deletion of your account and associated data by emailing hello@facetra.studio. We will action verified requests within 30 days, subject to retention required by law.
6. Your Rights
Under DPDP Act 2023 and applicable law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Erase your data (subject to legal retention)
- Withdraw consent at any time
- Grievance redressal — contact our DPO below
7. Security
We protect your data with: HTTPS/TLS in transit, encryption at rest, HMAC-signed download URLs for image access, IP-based rate-limiting on admin endpoints, short-lived session tokens, and access controls limiting data to authorised personnel. No system is perfectly secure — if we detect a breach we will notify affected users without undue delay as required by law.
8. International Transfers
Some of our service providers may process data outside India. We rely on their contractual commitments (Standard Contractual Clauses where applicable) to ensure equivalent protection.
9. Children
The Service is not directed to users under 18. We do not knowingly collect data from children.
10. Changes to This Policy
We will post any material change on this page and notify active users via email when appropriate. The "Last updated" date reflects the most recent revision.
11. Contact — Data Protection Officer
Facetra Technologies Pvt. Ltd.
Email: privacy@facetra.studio
General: hello@facetra.studio