Privacy Policy
Оновлено: May 14, 2026
General
This Privacy Policy describes how CrushFrame (referred to as «we») collects, uses, and protects your personal data when you use our AI image generation service.
By using CrushFrame, you confirm that you have read this Policy.
Contact
For questions about the processing of personal data, contact us at contact@crushframe.com.
Data we process
We process the following categories of data:
- Account data — email, username, password (stored securely using industry standards).
- Uploaded photos — selfies you submit for generation.
- Generated images — the results of AI processing.
- Technical data — IP address, device and browser type; processed by our infrastructure provider as part of service security.
- Payment history — type, amount, and date of transactions. Payment details are handled exclusively by our payment partner and are not stored on our side.
Legal basis for processing
In line with GDPR (Art. 6), we rely on:
- Performance of a contract (Art. 6(1)(b)) — to deliver the service: account creation, generation, payment processing.
- Legitimate interest (Art. 6(1)(f)) — to keep the service secure, prevent abuse, and handle refund requests.
- Legal obligation (Art. 6(1)(c)) — to retain transaction records where the law requires it.
How we use your data
We use your data solely to:
- create and maintain your account;
- run AI processing on your photos to generate new images;
- process payments and manage your credit balance;
- send service messages (email verification, password reset);
- keep the service secure and prevent abuse.
Uploaded photos contain biometric features (facial traits) that are used solely to generate the images you request. We do not use your data for marketing, behavioural profiling, or AI model training.
Sharing with third parties
To deliver the service, we work with a limited set of data processors:
| Partner | Data received | Purpose |
|---|---|---|
| Uploaded photos | AI image generation | |
| Cloudflare | Uploaded photos, IP, technical data | AI generation, hosting, attack protection |
| Resend | Email address | Service emails |
| Telegram | Billing data | Payment processing |
All partners act as data processors under contract. Our AI providers (Google and Cloudflare) do not use the data we send them to train their models — this is guaranteed by the terms of their paid API tiers. Uploaded photos are sent to AI providers only for the duration of generation and are not retained by them after the request is complete.
Some partners may process data outside your country of residence; in such cases, appropriate safeguards apply in accordance with the law.
We do not sell your data and do not share it for advertising or marketing purposes.
Data retention
| Category | Retention period |
|---|---|
| Account data | Until account deletion or after 12 months of complete inactivity |
| Uploaded photos (selfies) | Up to 24 hours after generation completes — or earlier if you delete them in your account |
| Images flagged as a violation by automated moderation | Up to 30 days — to allow appeals and support security audits |
| Generated images | Up to 30 days — or earlier if you delete them in your account |
Before deleting an account for inactivity, we send a warning to the registered email; details are in the «Termination» section of the Terms of Service. Images rejected by automated moderation are stored separately from regular user data so that you can dispute an incorrect decision within 30 days. Both uploaded selfies and generated images can be deleted manually from your account at any time (GDPR Art. 17); otherwise they are removed automatically after the periods above. Technical logs kept by our security partners (IP addresses, security events) may be retained by them for up to 12 months under their own anti-abuse policies, which we cannot directly control.
Data security
We apply industry standards for data protection at rest and in transit (HTTPS/TLS). Access to data is limited to backend services; passwords are stored in secure form.
Account deletion
To delete your account, send a request to contact@crushframe.com from the email address registered on the account. We will process the request within 30 days and delete your data, except where the law requires us to retain certain records (for example, transaction history).
Your rights
You have all the rights granted to data subjects by the GDPR — including access, rectification, erasure, restriction, portability, and objection. To exercise any of them, contact contact@crushframe.com; we will respond within 30 days. You may also lodge a complaint with your local data protection authority.
Children
The service is not intended for individuals under 16 years of age. We do not knowingly collect data from children. If you believe data of a minor has been provided to us, let us know so we can remove it.
Changes to this Policy
We may update this Policy. We will notify you of material changes by email or via a notice on the site. The date of the last update is shown at the top of the page.