Privacy Policy

Effective Date: September 21st, 2025
Last Updated: April 30th, 2026

 

Emilia Digital Ltd. (“Company,” “we,” “our,” or “us“), located in Israel, is committed to protecting your privacy and handling personal information transparently and responsibly.

This Privacy Policy explains how we collect, use, store, disclose, and otherwise process personal information when you access or use our website, applications, eCommerce AI platform, and related services (collectively, the “Services“).

By using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy.

If you have any questions, wish to exercise your privacy rights, or need to request our Data Processing Agreement (DPA), you may contact us at:

Email: aistudio@emilia.digital
Phone: +972 9 796 8531

 

1. Scope and Our Role

This Privacy Policy applies to personal information we collect when you access or use the Services.

For B2B and Enterprise Clients: When we provide Services to corporate clients under a commercial agreement, we generally act as a “Data Processor” (or Service Provider) under applicable data protection laws (including the GDPR), while our client acts as the “Data Controller.” In such cases, our processing of your data is governed by our Data Processing Agreement (DPA).

 

2. Information We Collect

We may collect the following categories of personal information.

2.1 Account and Registration Information

When you create or manage an account, we may collect:

• name or username;

• email address;

• password hash and authentication credentials;

• login/session data;

• security tokens, nonces, and authentication data;

• anti-spam and bot-prevention signals, including reCAPTCHA tokens and honeypot fields.

2.2 User Content and Service Data

When you use the Services, we may collect and process content you upload, create, or request us to generate, including:

• uploaded product images (“Product Images“);

• uploaded inspiration images;

• uploaded presenter or likeness images;

• prompts, product descriptions, instructions, and generation settings;

• AI-generated images, text, and related outputs;

• render metadata, including date, time, model, preset, options, resolution, and workflow settings;

• project history, render history, presenter slots, saved drafts, and related usage records;

• customer support submissions and attachments;

• interaction data relating to Inspiration Feeds, such as which trending or inspiration images you view, filter, or select as a creative reference within the Services.

Important note regarding Product Images:
We may retain Product Images and related metadata for internal purposes, including providing and operating the Services, maintaining account history, quality assurance, support, service improvement, safety monitoring, abuse detection, operational analysis, and model development, training, evaluation, or refinement, where permitted by applicable law. (Note: Enterprise clients may opt out of model training—see Section 15).

Note regarding Inspiration Feeds:
Inspiration Feeds surface publicly available third-party visual material for creative research purposes. The Company does not host such material as permanent assets, does not claim ownership of it, and does not treat it as User-submitted content. Information we process in connection with Inspiration Feeds relates primarily to how Users interact with the feature within the Services, not to the underlying third-party images themselves. Further details are provided in Section 15A.

2.3 Payment and Billing Information

When you subscribe or make a payment, we may collect:

• subscription plan details;

• billing status;

• invoices and transaction records;

• payment-related identifiers from payment providers.

Payments are processed by third-party providers such as Stripe, PayPal, PayPlus, WooCommerce gateways, or other payment processors we may use from time to time. We do not store full payment card numbers.

2.4 Technical and Device Information

When you access or use the Services, we may automatically collect:

• IP address;

• browser type and version;

• device type, operating system, and language settings;

• approximate geolocation derived from IP;

• referral URLs and timestamps;

• crash logs, diagnostic logs, and error reports;

• usage events and interaction logs.

2.5 Cookies, Local Storage, and Similar Technologies

We and our partners may use cookies, pixels, SDKs, localStorage, sessionStorage, analytics identifiers, and advertising technologies for session management, performance data, and campaign attribution.

2.6 Remote Upload and Mobile Session Data

If you use QR-based or mobile-assisted upload flows, we may collect temporary session IDs, short-lived tokens, upload session data, and transfer records.

2.7 Communications and Support Data

If you contact us, we may collect your name, contact details, the contents of your messages, support history, and technical details you provide.

 

3. How We Use Your Information

We apply the principle of Data Minimization, processing only the data necessary to achieve the following purposes:

• to provide, operate, maintain, and secure the Services;

• to authenticate users and manage accounts;

• to process uploads and generate AI images, text, descriptions, or other outputs;

• to save account history, render history, product workflows, and related service records;

• to detect, prevent, and investigate fraud, abuse, misuse, and security incidents;

• to develop, train, evaluate, validate, fine-tune, or improve our models and systems, where permitted by applicable law (subject to Enterprise opt-outs);

• to comply with legal, regulatory, tax, accounting, and enforcement obligations.

 

4. Legal Bases for Processing (EEA/UK)

If the GDPR or UK GDPR applies to our processing, we rely on one or more of the following legal bases:

• Contractual necessity: where processing is necessary to provide the Services you request.

• Legitimate interests: where processing is necessary for service improvement, security, fraud prevention, and product development.

• Consent: where required by law, including for non-essential cookies.

• Legal obligation: where processing is necessary to comply with legal obligations.

 

5. Cookies and Similar Technologies

Where required by law, we will request your consent before using non-essential cookies or similar technologies. You can manage cookies through your browser settings.

 

6. How We Share Information (Sub-processors)

To provide our Services, we utilize trusted third-party service providers (“Sub-processors”). We may disclose personal information to the following categories of recipients:

• cloud hosting and infrastructure providers (e.g., AWS, Google Cloud);

• payment processors and billing platforms;

• AI providers and model vendors via API (e.g., OpenAI, Google) used strictly to generate requested content;

• security and anti-abuse providers.

We ensure that all Sub-processors are bound by strict confidentiality and data protection obligations compatible with the GDPR. A full list of current Sub-processors is available to Enterprise clients upon request.

 

7. Sale / Sharing Disclosures

We do not sell personal information for money.

 

8. International Transfers

Emilia Digital Ltd. is based in Israel, a country recognized by the European Commission as providing an adequate level of data protection.

Where we transfer personal information to Sub-processors outside of Israel, the EEA, or the UK (such as to the United States), we implement appropriate legal safeguards, strictly utilizing the European Commission’s Standard Contractual Clauses (SCCs) and carrying out Transfer Impact Assessments (TIAs) where required.

 

9. Retention

We retain personal information only for as long as reasonably necessary. Account data is retained while active; billing records for up to 7 years; and temporary API/upload cache data is regularly purged as part of normal service operations.

 

10. Your Privacy Rights

Depending on your location and subject to applicable law, you may have the right to access, correct, delete (Right to be Forgotten), restrict, or request portability of your data. You may also withdraw consent or object to processing.

To exercise your rights, contact us at: aistudio@emilia.digital

 

11. Additional Rights for EEA and UK Users

If you are in the EEA or UK, you may also have the right to lodge a complaint with your local data protection authority. For privacy-related inquiries regarding EU data, you may contact our dedicated privacy team at the email provided above.

 

12. Additional Rights for California Residents

If the CPRA applies, California residents have the right to know, access, delete, correct, and limit the use of sensitive personal information. We do not “sell” your data as defined by California law.

 

13. Children’s Privacy

The Services are not directed to individuals under 16.

 

14. Security

We implement “Privacy by Design” and utilize enterprise-grade technical and organizational security measures, including encryption in transit (TLS) and encryption at rest (AES-256), strict access controls, and network security protocols designed to protect your personal information.

 

15. AI-Specific Disclosures & Enterprise Opt-Out

Our Services involve AI-powered processing. Users retain ownership of their inputs and the generated outputs.

Enterprise and B2B Opt-Out: We understand the importance of corporate data confidentiality. Corporate clients operating under a custom commercial agreement or Data Processing Agreement (DPA) may opt out of having their uploaded Product Images or prompts used by Emilia Digital Ltd. for internal model training or fine-tuning. Please contact us to apply this configuration to your workspace.

 

15A. Discovery and Inspiration Feed Disclosures

The Services may include discovery features that surface publicly available third-party visual material (“Inspiration Feeds”). The Company aggregates publicly available visual material for research purposes only and does not claim ownership. If you are a rights holder and wish to request removal of content, contact aistudio@emilia.digital.

 

16. Third-Party Services

The Services may contain integrations with third-party services, governed by their own privacy practices.

 

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Services or email.

 

18. Contact & Data Protection Officer

If you have any questions regarding this Privacy Policy, wish to exercise your rights, or need to execute a Data Processing Agreement (DPA), please contact our privacy team:

Emilia Digital Ltd.
Israel
Email: aistudio@emilia.digital
Phone: +972 9 796 8531