LEGAL

Privacy Policy

Last updated 3 July 2026

This policy explains how ioli collects, uses, and protects your personal data, and the rights you have under the EU General Data Protection Regulation (GDPR). We have written it to be read, not hidden behind. If anything here is unclear, contact us at muhannadalhallak@outlook.com.

01 — Who we are

ioli is operated by Muhannad Al Hallak, a sole trader based in Göttingen, 37077, Germany. For the purposes of the GDPR, Muhannad Al Hallak is the data controller responsible for your personal data. The contact address in section 11 reaches us directly for any privacy question or request.

02 — The data we collect

We collect only what the Service needs to work, in four categories.

Account data: your email address and, if you use Google sign-in, the basic profile information Google returns. You may optionally add a display name and avatar colour. Authentication is handled by Supabase Auth.

Brand data: if you create a brand brief, we store the details you enter — brand name, voice and tone, colour palette, tagline, industry, website, and any logo you upload. If you use the read-from-URL feature, we fetch the public page at the address you provide to draft these fields for your review; we read only what is publicly served at that URL.

Usage and billing data: your credit balance, your plan, and — if you subscribe — the customer and subscription identifiers needed to manage billing. Card details are handled entirely by Stripe; we never see or store your full card number.

Uploaded product photos: when you upload a photo to generate, we process it to produce your result and do not retain it (see section 05).

We do not knowingly collect special-category data. The Service is for photographing products and objects, not people: uploads containing a person or face are refused before anything else happens.

03 — How we use your data, and our lawful basis

To provide the Service (performance of a contract): managing your account, storing your brand briefs, generating and adapting briefs from your inputs, running your credit balance, and delivering your results.

To keep the Service safe (legitimate interests): screening uploads for prohibited content, preventing abuse and fraud, debugging, and securing the platform — limited to what is necessary and never overriding your rights.

To take payment (contract / legal obligation): processing subscriptions and credit purchases through Stripe, and keeping the billing records tax law requires.

With your consent, where it applies: any optional product email is sent on the basis of consent, which you can withdraw at any time.

We do not use your uploaded images, brand briefs, or generated results to train AI models.

04 — AI processing and sub-processors

The Service runs on trusted third-party providers who process data on our behalf, under contract and only on our instructions. Some are AI providers that process your inputs to produce your outputs; they do not train their models on your inputs on our account. Our primary database is hosted in the EU (Frankfurt). Where a provider is outside the EU/EEA, transfers are protected by appropriate GDPR safeguards (Standard Contractual Clauses or an adequacy decision). Our current sub-processors are: Supabase (database, authentication, storage — EU/Frankfurt); Cloudflare R2 (image and video storage); Vercel (hosting); Stripe (payments); Anthropic (Claude — brief writing, upload moderation, brand reading); Google (Vertex/Gemini — image rendering, and optional Google sign-in); Replicate (rendering and video); and OpenAI (text embeddings for recipe matching). If we add or change a sub-processor that handles personal data, we update this page.

05 — How long we keep your data

Uploaded product photos are not retained. This is a core commitment. Each upload is screened the moment it arrives, before it is used or stored; an image that fails is stopped there and never stored in any form. An image that passes is used to produce your result and then discarded. A daily automated purge deletes any transient upload older than 24 hours across every storage location, as a backstop. The one exception is a before-and-after example you deliberately submit to be displayed in ioli — because display is the reason you submitted it — and you can ask us to delete that at any time.

Screening records hold a fingerprint only. We keep a short internal record that each upload was screened, so we can show the check ran on every upload. That record holds only a one-way fingerprint of the image (a SHA-256 hash), never the image itself.

Account and brand data are kept while your account is active. Delete your account and we remove them, subject to the billing exception below.

Billing records are retained for the period German and EU tax law requires (generally up to ten years), even after account deletion.

06 — Your rights

Under the GDPR you have the right to access your data, rectify inaccurate data, erase your data (subject to the billing-retention exception), restrict or object to certain processing, receive your data in a portable format, and withdraw consent where processing is based on it. To exercise any of these, email muhannadalhallak@outlook.com; we respond within one month. Deleting your account from account settings also erases your account and brand data directly. You may also lodge a complaint with a supervisory authority — in Germany, the data protection authority of Lower Saxony (Landesbeauftragte für den Datenschutz Niedersachsen).

07 — Cookies

We use only the essential cookies needed to keep you signed in and operate the Service. We do not run third-party advertising or analytics trackers, and we do not build advertising profiles. Because we use only strictly necessary cookies, no consent banner is required for them.

08 — Security

We protect your data with encryption in transit (HTTPS), access controls, row-level security on our EU-hosted database, and encryption of sensitive stored tokens. No system is perfectly secure, but we design for data minimisation — the less we keep, the less is ever at risk, which is why uploads are not retained.

09 — Children

The Service is intended for business users and is not directed to children. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

10 — Changes

We may update this policy as the Service evolves or the law requires. We will change the date above and, for material changes, take reasonable steps to notify you.

11 — Contact

Muhannad Al Hallak, Göttingen, 37077, Germany. muhannadalhallak@outlook.com.

Privacy Policy — ioli | ioli