Privacy Policy
Last Updated: November 28, 2025
ShopShot Ltd ("we," "us," or "our") operates www.shopshot.co.uk (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information.
1. Information We Collect
Account Information:
- Email address (for login and communications)
- Encrypted password (hashed, never stored in plain text)
- Name (optional)
Product Images:
- Photos you upload for AI generation
- Generated image variations
- Associated metadata (upload date, session details)
Payment Information:
- Processed by Stripe (we never store full card details)
- Billing address and transaction history
- Subscription status
Usage Data:
- IP address and browser type
- Session cookies for authentication
- Credit usage and generation history
2. How We Use Your Information
Legal Basis (GDPR Article 6):
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account details | Service delivery | Contract performance |
| Images | AI generation | Contract performance |
| Payment data | Billing and tax compliance | Contract performance + Legal obligation |
| Marketing emails | Promotional communications | Consent (opt-in) |
| Usage logs | Security and fraud prevention | Legitimate interest |
We use your information to:
- Generate AI product images
- Process payments and manage subscriptions
- Send service updates and (with consent) marketing emails
- Prevent fraud and ensure platform security
- Comply with legal obligations (tax records, dispute resolution)
3. Third-Party Service Providers
We share your data with trusted partners who help us operate the Service:
Payment Processing:
- Stripe Inc. (payment gateway)
- Processes billing information securely
- Subject to Stripe's privacy policy
AI Image Generation:
- Third-party AI technology providers
- Processes uploaded images to generate variations
- Data transmitted securely via encrypted connections
Email Communications:
- Resend (transactional and marketing emails)
- Stores email addresses for delivery
Infrastructure:
- Cloudflare (hosting, security, database)
- Provides secure data storage and content delivery
International Data Transfers:
Some service providers operate servers outside the UK/EU (including the United States). We ensure appropriate safeguards through Standard Contractual Clauses and privacy shield frameworks.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Product images | 90 days from generation |
| Account information | 30 days after account deletion |
| Payment records | 7 years (UK tax law requirement) |
| Marketing consent | Until you unsubscribe |
| Session logs | 90 days |
You can request immediate deletion of your images at any time via your account settings.
5. Your Rights (GDPR)
You have the right to:
- ✅ Access - Request a copy of your personal data
- ✅ Rectification - Correct inaccurate information
- ✅ Erasure - Delete your account and data (subject to legal retention requirements)
- ✅ Portability - Export your data in machine-readable format
- ✅ Object - Opt out of marketing communications
- ✅ Withdraw Consent - Unsubscribe from marketing emails anytime
To exercise these rights, contact: [email protected]
Right to Complain:
If you believe we've mishandled your data, you can lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
6. Cookies
We use essential cookies for:
- Session authentication (keeps you logged in)
- Security (prevents CSRF attacks)
Third-party cookies may be set by:
- Stripe (payment processing)
- Cloudflare (security and performance)
You can disable cookies in your browser settings, but this may affect Service functionality.
See our Cookie Policy for full details.
7. Marketing Communications
With your consent, we may send promotional emails approximately once every two weeks featuring:
- New features and updates
- Special offers and discounts
- Tips for better product photography
You can unsubscribe anytime by:
- Clicking "Unsubscribe" in any email
- Adjusting preferences in your account settings
- Emailing [email protected]
8. Children's Privacy
The Service is not intended for users under 16 years old. We do not knowingly collect information from children. If you believe a child has created an account, contact us immediately for deletion.
9. Data Security
We protect your information through:
- Encrypted HTTPS connections
- Password hashing (bcrypt)
- Secure database access controls
- Regular security audits
However, no internet transmission is 100% secure. You use the Service at your own risk.
10. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with a revised "Last Updated" date. Continued use of the Service after changes constitutes acceptance.
11. Contact Us
For privacy questions or data requests:
Email: [email protected]
Address: ShopShot Ltd, Burwash, East Sussex, England