doubao.photos

Legal

Privacy Policy

Effective date: May 1, 2026

Last updated: May 1, 2026

1. Introduction

Lustermount LLC ("we", "us", "our") operates doubao.photos ("Service"), an AI image generation tool powered by ByteDance Doubao Seedream models via Volcengine Ark. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Data We Collect

2.1 Account Data

When you sign in with Google, we receive and store your name, email address, and profile picture from your Google account via Supabase Auth. We also store your user ID, plan code, credit balance, and credit purchase history.

2.2 Generation Data

When you use the image generation features, we collect and process:

  • Text prompts you submit
  • Images you upload as references or for editing
  • Generated output images
  • Model settings (model tier, aspect ratio, style preset)
  • Generation job metadata (status, timestamps, credit cost)

2.3 Payment Data

Payments are processed by Creem (Armitage Labs OU), which acts as our Merchant of Record. Creem collects your payment information (card details, billing address) directly. We do not store your payment card information. We store your user ID, plan code, credit balance, and transaction history in our credit ledger.

2.4 Usage Data

We collect usage data through Vercel Analytics, including page views, feature usage events (such as sign-in events), browser type, and general location data. For guest users, we generate one-way hashed identifiers from IP addresses to enforce daily usage limits. We do not store raw IP addresses.

2.5 Cookies and Similar Technologies

We use cookies and similar technologies as described in Section 7 of this policy. You can manage your cookie preferences through our cookie consent banner.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Service
  • Process your image generation requests by transmitting prompts and images to the Volcengine Ark API
  • Manage your account, credits, and purchases
  • Process payments through Creem
  • Enforce usage limits and prevent abuse
  • Improve the Service and develop new features
  • Communicate with you about your account or the Service
  • Comply with legal obligations

4. Data Sharing and Third Parties

We share your data with the following third-party service providers as necessary to operate the Service:

4.1 Volcengine Ark (ByteDance)

Your text prompts and uploaded images are transmitted to the Volcengine Ark API for AI image generation. Volcengine processes this data according to their own policies: Service Terms | Privacy Policy

4.2 Creem (Armitage Labs OU)

Payment and billing data is processed by Creem as our Merchant of Record: Merchant Terms | Privacy Notice

4.3 Supabase

Account data, generation records, and uploaded files are stored in Supabase (database, authentication, and object storage). Supabase acts as our infrastructure provider and data processor.

4.4 Vercel

The Service is hosted on Vercel. Vercel Analytics collects anonymized usage data when you have consented to analytics cookies. Vercel acts as our hosting and analytics infrastructure provider.

4.5 Law Enforcement

We may disclose your data if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not sell your personal information to third parties.

5. Data Retention

  • Guest uploads and outputs: Automatically deleted within 24 to 72 hours.
  • Signed-in generation history: Retained until you delete it or your account is terminated.
  • Account data: Retained until you request account deletion.
  • Payment and transaction records: Retained for 7 years as required by applicable accounting and tax laws.
  • Analytics data: Retained according to Vercel Analytics' standard retention policy.
  • Cookie consent preferences: Stored locally in your browser until you clear your cookies or change your preferences.

6. Your Rights

6.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit how we use your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to our processing of your data for certain purposes.
  • Withdraw consent: Withdraw consent at any time where processing is based on consent (e.g., analytics cookies).

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know: Request information about the categories and specific pieces of personal data we collect.
  • Delete: Request deletion of your personal data.
  • Opt-out of sale: We do not sell personal information. No opt-out is necessary.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

6.3 Exercising Your Rights

To exercise any of these rights, contact us at support@doubao.photos. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

7. Cookies and Tracking

We use the following categories of cookies:

7.1 Necessary Cookies

These cookies are required for the Service to function and cannot be disabled. They include:

  • Authentication session: Supabase auth cookies that maintain your signed-in state.
  • Cookie consent preference: Stores your cookie consent choice so we do not ask again on every visit.

7.2 Analytics Cookies

With your consent, we use Vercel Analytics to collect anonymized usage data such as page views and feature usage. Analytics cookies are only activated after you provide consent through our cookie banner. You can change your preference at any time through the "Cookie Settings" link in the page footer.

7.3 No Advertising Cookies

We do not use advertising, marketing, or tracking cookies. We do not serve ads or participate in ad networks.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will take steps to delete that information promptly.

Users between 13 and 18 must have parental or guardian consent. Parents or guardians who believe their child is using the Service without proper consent should contact us at support@doubao.photos.

We comply with the Children's Online Privacy Protection Act (COPPA) and the age-related provisions of the General Data Protection Regulation (GDPR).

9. International Data Transfers

Your data may be processed in the following locations:

  • United States: Vercel hosting infrastructure and Supabase services.
  • China: Volcengine Ark API processes prompts and images for generation in Beijing-region servers.
  • European Union: Creem (Armitage Labs OU, Estonia) processes payment data.

Where data is transferred outside your jurisdiction, we rely on appropriate safeguards such as standard contractual clauses or the service provider's compliance certifications to protect your data.

10. Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data transmissions
  • Row-level security (RLS) policies on our database to isolate user data
  • Access controls limiting data access to authorized services
  • Hashed guest identifiers (we do not store raw IP addresses)
  • Webhook signature verification for payment events

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice by posting the updated policy on this page with a new effective date.

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: support@doubao.photos

Lustermount LLC
Email: support@doubao.photos