Privacy Policy Fotovyn (Pvt) Ltd.
Version: v1.0
Date: May 14, 2026
Note: Privacy Policy
1. Introduction Welcome to FotoVyn (“FotoVyn”, “we”, “our”, or “us”). FotoVyn is an AI-powered photoshoot and visual content platform that helps users generate commercial-style visual outputs, including AI model photoshoots, virtual try-ons, and professional headshots. This Privacy Policy explains how we collect, use, store, process, disclose, transfer, and protect information when you use our website, web application, beta platform, related services, customer support channels, social pages, and any future API or integrations that refer to this Privacy Policy (collectively, the “Services”). Because FotoVyn processes images that may contain people, faces, products, garments, logos, brands, and other potentially sensitive visual material, we apply special care to image uploads, generated outputs, account data, payments, security, AI processing, and user rights. By accessing or using FotoVyn, you confirm that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.
2. Quick Summary We collect account, contact, uploaded image, prompt, AI generation, payment-status, support, device, and usage data needed to provide FotoVyn. Uploaded images and generated outputs may include personal data, including faces, likenesses, and business or brand assets. We use uploaded content primarily to provide the requested AI generation, quality control, support, security, abuse prevention, and service improvement. We do not sell users’ personal data. We do not directly store full card numbers. Payments should be handled by approved payment providers or manual payment methods where necessary. We may use trusted service providers for hosting, storage, AI processing, analytics, security, payments, email, and support. We will provide privacy request channels so users can ask to access, correct, delete, export, or restrict certain data, subject to legal and operational limits. We recommend that users upload only images they have the right and permission to use, especially when an image contains another person.
3. Scope of this Policy This Privacy Policy applies to information processed in connection with FotoVyn’s Services, including: Website visits and landing page interactions. User registration, login, account management, credits, billing, and customer support. Uploaded product images, garment images, person images, selfies, portraits, headshots, brand images, prompts, preferences, and generation settings. Generated AI outputs, job progress, result galleries, downloads, and history. Beta testing, demos, sample image submissions, feedback, testimonials, social media communications, and launch outreach. This Policy does not apply to third-party websites, payment processors, social platforms, AI model providers, hosting providers, or other services that have their own privacy policies, except where we explain how FotoVyn works with them.
4. Key Definitions “Personal Data” means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable person. “Uploaded Content” means any image, file, prompt, instruction, reference material, text, or other content submitted by a user to FotoVyn. “Generated Output” means AI-generated image or visual result created through FotoVyn using Uploaded Content, prompts, settings, or selected workflows. “AI Processing” means the automated or assisted processing of Uploaded Content to produce Generated Outputs or support image generation workflows. “Credits” means trial or paid generation units used to access FotoVyn generation workflows. “User” means any person or business accessing or using FotoVyn. “Beta” means early release versions of FotoVyn that may include experimental features, limited support, evolving workflows, and manual payment or onboarding processes.
5. Information We Collect 5.1 Account and Profile Information When you create or manage an account, we may collect: Full name or display name. Email address. Username or account ID. Encrypted password and authentication information. Business name, brand name, or organization name. Role, industry, or business category if provided. Account preferences, credit balance, billing status, and plan information.
5.2 Uploaded Images and Files To generate AI visuals, users may upload content such as: Product images. Fashion or garment images. Images of people wearing clothing. Selfies, portraits, and headshot images. Brand imagery, product packaging, logos, campaign materials, and commercial visual references. Uploaded images may contain personal data, including faces, body features, personal likenesses, clothing, uniforms, identity cues, location background, metadata, or other identifiable information.
5.3 Prompts, Workflow Choices, and Generation Settings We may collect information about how you use AI workflows, including: Selected workflow: Model Photoshoot, Virtual Try-On, Professional Headshot, or other future workflows. Prompts, instructions, style selections, presets, aspect ratios, reference settings, or generation options. Credit cost shown, credit usage, generation attempts, and retry information. Job status such as queued, processing, failed, completed, downloaded, or deleted.
5.4 Generated Outputs and Job Metadata We may store generated outputs and job-related information, including: Final images generated through FotoVyn. Preview images, thumbnails, and download links. Timestamps, job IDs, user IDs, input/output associations, error logs, and model/provider routing metadata. Quality-control notes, user feedback, flags, and support references where relevant.
5.5 Payment, Billing, and Credit Information When you purchase credits, upgrade, request billing support, or make manual payments, we may process: Billing name and contact details. Transaction reference, order number, invoice number, receipt, payment confirmation, payment method type, and payment status. Credit package, price, currency, tax or settlement details where applicable. Manual bank transfer confirmation or screenshot if voluntarily sent by the user. FotoVyn should not directly store full payment card numbers, CVV codes, or bank login credentials. Payment details are expected to be processed by payment gateways, banks, or other payment service providers subject to their own privacy and security practices.
5.6 Communications and Support Information When you contact FotoVyn through email, WhatsApp, Instagram, Facebook, LinkedIn, website forms, calls, or other channels, we may collect: Name, contact details, social media handle, business name, and message content. Uploaded sample images sent for beta testing or demo purposes. Feedback, support requests, complaints, bug reports, testimonials, consent confirmations, and permission to use samples in marketing.
5.7 Technical, Device, and Usage Information When you use the Services, we may automatically collect: IP address, approximate location derived from IP, browser type, operating system, device type, referral URLs, pages viewed, session times, feature usage, error events, and log data. Cookie IDs, analytics identifiers, authentication tokens, anti-fraud indicators, and security events. Information about uploads, generation attempts, downloads, and account activity needed to operate and secure the platform.
5.8 Information from Third Parties We may receive limited information from: Payment processors confirming payment status or transaction identifiers. Authentication providers if social login is later enabled. Analytics, hosting, storage, email, AI model, content moderation, or customer support providers. Social media platforms where users interact with FotoVyn pages or send sample content.
6. How We Use Information We may use information for the following purposes: To provide, operate, maintain, and improve FotoVyn. To register users, authenticate login, manage sessions, and secure accounts. To process image uploads, prompts, workflow selections, and AI generation jobs. To display job progress, store outputs, enable downloads, and maintain generation history. To allocate trial credits, deduct credits for successful generations, prevent incorrect charging for failed jobs, and show credit balances. To process payments, verify manual payments, issue receipts, manage invoices, and support billing queries. To communicate with users about onboarding, support, demos, service updates, policy updates, account issues, and launch information. To test, troubleshoot, debug, monitor, and improve AI workflow quality, platform reliability, latency, failure handling, and user experience. To prevent fraud, abuse, spam, unauthorized access, illegal content, misuse of likeness, infringement, or other harmful activity. To comply with legal obligations, enforce terms, resolve disputes, and protect the rights, safety, and property of FotoVyn, users, and others. To create aggregated or de-identified analytics about product performance, feature adoption, generation success rates, and launch metrics.
7. Uploaded Images, Faces, Likeness, and Consent 7.1 User Responsibility for Uploads Users must only upload images and content that they have the right, authorization, and consent to use. This is especially important where Uploaded Content includes another person’s face, body, likeness, private image, workplace image, minor, customer, model, employee, influencer, photographer’s work, or third-party brand asset. By uploading content, you represent that: You own the content or have permission to use it with FotoVyn. You have obtained any necessary consent from identifiable people appearing in the image. Your upload and requested output will not violate privacy, publicity, copyright, trademark, employment, contractual, platform, or advertising rules. You will not use FotoVyn to impersonate, harass, exploit, defame, mislead, discriminate against, or harm any person.
7.2 Sensitive Visual Content FotoVyn may process images containing faces and likenesses. We do not intend to use uploaded face images to identify users through biometric recognition, verify identity, build biometric profiles, or infer sensitive personal traits. However, images of faces and people may be considered sensitive in some jurisdictions or circumstances. Users should avoid uploading unnecessary sensitive material.
7.3 Minors FotoVyn is intended for business and professional use and is not directed to children. Users must not upload images of minors unless they have appropriate parental/guardian consent and a lawful, non-exploitative purpose. FotoVyn may remove or refuse to process images involving minors where safety or consent concerns arise.
7.4 Commercial Use of Generated Outputs Privacy and commercial-use rights are not the same thing. Even if FotoVyn allows a user to download a generated output, the user remains responsible for ensuring that the image can be lawfully used in advertising, ecommerce, social media, packaging, client work, or other commercial contexts. This may require rights or permissions from models, photographers, brands, trademark owners, employers, clients, or other third parties.
8. AI Processing and Model Providers FotoVyn may use internal systems and third-party AI models or infrastructure providers to process Uploaded Content and generate outputs. These providers may process image files, prompts, metadata, and job information strictly as needed to deliver the requested Services, maintain reliability, improve safety, and detect abuse. Where possible, FotoVyn should select providers that offer appropriate confidentiality, security, data processing, retention, and deletion controls. Where a provider’s terms permit training or service improvement using submitted content, FotoVyn should assess the risk and configure available opt-outs or enterprise settings where practical. FotoVyn should maintain an internal provider register documenting: provider name, purpose, data processed, location, retention period, training/usage settings, security controls, and deletion process.
8.1 Training and Service Improvement Position For beta launch, the recommended privacy-safe position is: FotoVyn will not intentionally use private user Uploaded Content or Generated Outputs to train FotoVyn-owned foundational AI models without user permission. FotoVyn may use limited content, metadata, and feedback to debug, test, evaluate, and improve the Services, and may use de-identified, aggregated, or permission-based examples for quality improvement, marketing, or product development. If FotoVyn later wants to use user content for AI training, model fine-tuning, public showcases, case studies, marketing, or dataset building, it should obtain clear consent or provide an explicit opt-in/opt-out mechanism before doing so.
8.2 Human Review FotoVyn personnel or authorized service providers may review Uploaded Content, prompts, and Generated Outputs in limited circumstances, such as: User support or troubleshooting. Quality-control review during beta testing. Abuse, fraud, safety, content-policy, or legal investigation. System testing where users have voluntarily provided sample images. User-approved marketing, testimonial, or demo preparation. Access should be limited to authorized team members who need it for their role and should be logged or controlled where practical.
9. Legal Bases and Lawful Processing Depending on the user’s location and the applicable law, FotoVyn may rely on one or more lawful bases for processing personal data, including: Contractual necessity: to create accounts, provide AI generation, deliver outputs, manage credits, provide support, and process payments. Consent: where users voluntarily provide optional information, upload images requiring consent, approve marketing use, subscribe to communications, or request beta demos. Legitimate interests: to secure the platform, prevent abuse, improve reliability, analyze usage, communicate with business users, and develop the Services in a privacy-conscious manner. Legal obligation: to keep records, comply with tax, payment, regulatory, fraud prevention, data protection, or court requirements. Vital or public interest grounds may apply in rare safety or legal situations, but are not expected to be common for FotoVyn. For Sri Lankan operations, FotoVyn should align its practices with the Personal Data Protection Act framework, including transparency, purpose limitation, proportionality, security safeguards, rights handling, and cross-border transfer considerations.
10. How We Share Information We may share information only where reasonably necessary for the purposes described in this Privacy Policy.
10.1 Service Providers We may share data with vendors that help us operate FotoVyn, such as: Cloud hosting and infrastructure providers. Object storage providers for images and generated outputs. AI model, image generation, image enhancement, and moderation providers. Database, queue, monitoring, logging, analytics, and error-tracking providers. Payment gateways, banks, and manual payment processors. Email, messaging, CRM, support, and notification tools. Security, fraud prevention, legal, accounting, and compliance advisors.
10.2 Business Users and Team Accounts If FotoVyn later supports team accounts, admins may be able to view account members, generation usage, billing status, uploaded assets, and outputs associated with that team, depending on the account settings and plan.
10.3 Legal, Safety, and Enforcement We may disclose information where we reasonably believe it is necessary to comply with law, court orders, government requests, law enforcement, regulatory requirements, enforce terms, investigate abuse, protect users, or prevent harm.
10.4 Business Transfers If FotoVyn is involved in a merger, acquisition, financing, restructuring, sale of assets, or similar corporate transaction, information may be transferred as part of that transaction, subject to appropriate confidentiality and privacy safeguards.
10.5 With User Permission We may share or publish before/after images, testimonials, case studies, demo outputs, brand names, or customer examples only where we have obtained permission or where the content has been expressly provided for public use.
11. International Data Transfers FotoVyn may process and store information in Sri Lanka and in other countries where our hosting, storage, AI, analytics, payment, or support providers operate. These countries may have data protection laws different from the user’s country. Where required, FotoVyn should use appropriate transfer mechanisms, contractual safeguards, provider due diligence, data processing agreements, security commitments, and transfer risk assessments. FotoVyn should also monitor Sri Lankan cross-border transfer requirements and any future rules issued by the Data Protection Authority of Sri Lanka.
12. Data Retention We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. Recommended beta retention approach: Account information: retained while the account is active and for a reasonable period afterward for legal, security, tax, billing, dispute, and audit purposes. Uploaded images: retained while needed to provide generation, support, history, quality control, user access, and troubleshooting; users should be offered deletion controls where practical. Generated outputs: retained in the user’s gallery/history until deleted by the user, account closure, expiry of retention period, or storage policy change. Payment and invoice records: retained according to tax, accounting, audit, banking, chargeback, and legal requirements. Logs and security records: retained for a limited period needed for security, diagnostics, abuse prevention, and operational monitoring. Marketing consents and testimonials: retained until withdrawn or no longer needed. Deleted content may remain temporarily in backups, logs, cache, or provider systems until normal deletion cycles complete. We may also retain limited information where necessary to comply with legal obligations, resolve disputes, prevent abuse, enforce terms, or protect rights.
13. Security Measures We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. Security measures may include: Encryption in transit using HTTPS/TLS. Secure storage practices for account credentials, including password hashing. Access controls and role-based access for internal team members. Separate storage for user assets where possible. Logging, monitoring, backups, and incident response procedures. Restricted admin access and forced password change for seed/admin accounts where enabled. Provider due diligence for hosting, storage, AI processing, payment, and support vendors. Regular review of failed jobs, credit charging behavior, logs, and production health checks. No internet-based service is completely secure. Users are responsible for using strong passwords, protecting login credentials, and ensuring they upload content only through official FotoVyn channels.
14. Cookies, Analytics, and Tracking FotoVyn may use cookies, local storage, pixels, session tokens, or similar technologies to: Keep users logged in and maintain secure sessions. Remember preferences. Analyze website and product usage. Detects abuse, fraud, bots, or suspicious activity. Measure campaign performance and improve launch marketing. Where required by law, FotoVyn should provide cookie notices and consent controls, especially for non-essential analytics, advertising, or remarketing technologies.
15. Marketing Communications FotoVyn may contact users and leads about beta access, launch updates, demos, product announcements, offers, support, and service information. Users may opt out of promotional emails or messages by using unsubscribe instructions, replying with an opt-out request, or contacting support. Transactional or service-related messages may still be sent where necessary. For outreach through Instagram, WhatsApp, email, LinkedIn, or other channels, FotoVyn should avoid spam, respect platform rules, honor opt-out requests, and maintain a record of consent or legitimate business context where appropriate.
16. User Rights and Choices Depending on applicable law, users may have rights to: Access personal data we hold about them. Correct inaccurate or incomplete information. Delete personal data, uploaded images, or generated outputs, subject to legal and technical limits. Withdraw consent where processing is based on consent. Object to or restrict certain processing. Request portability or export of certain data. Opt out of marketing communications. Ask questions or complain about our privacy practices. To make a privacy request, users may contact us using the contact details in this Policy. We may need to verify the requester’s identity before acting on a request. We may refuse, limit, or delay requests where permitted by law, such as where retention is needed for security, legal compliance, payment records, disputes, abuse prevention, or the rights of others.
17. Deletion of Uploaded Content and Outputs Users should be given a clear way to delete images and generated outputs from their account where technically feasible. Deletion should remove the content from active user-facing systems, although residual copies may remain for a limited time in backups, logs, cache, provider systems, or audit records. If an uploaded image contains another person and that person requests removal, FotoVyn may ask for enough information to locate the relevant content and verify the request. FotoVyn may remove or restrict content where there are credible consent, safety, copyright, privacy, or abuse concerns.
18. Content Rules Connected to Privacy To protect users and third parties, FotoVyn may prohibit or restrict content involving: Non-consensual use of another person’s face, body, likeness, or private images. Impersonation or misleading identity representation. Sexual, exploitative, abusive, hateful, harassing, or discriminatory content. Images of minors without lawful authorization and safe purpose. Content that violates copyright, trademark, publicity rights, privacy rights, employment contracts, customer confidentiality, or platform rules. False, deceptive, or harmful advertising outputs. FotoVyn may refuse generation, remove content, suspend accounts, or report unlawful activity where appropriate.
19. Data of Business Customers, Employees, Models, and Clients Many FotoVyn users may be businesses using images of employees, customers, founders, models, influencers, photographers, clients, or agency customers. Business users are responsible for ensuring that they have proper internal permissions and notices before uploading such images. Businesses should consider written consent or model release forms for commercial use, especially for headshots, brand campaigns, product promotions, fashion lookbooks, ecommerce listings, influencer content, employee profiles, and ad creatives.
20. Testimonials, Before/After Images, and Public Examples FotoVyn may request permission to use before/after examples, customer names, brand names, generated outputs, quotes, testimonials, or case studies in marketing. We will not intentionally publish private beta examples without permission. Users who provide permission may later request removal, although previous shares, reposts, cached versions, or third-party copies may not be fully removable.
21. Payments and Manual Payment Fallback During beta, FotoVyn may support payment gateway payments, bank transfers, or manual credit assignment. If users send payment confirmations, bank transfer slips, screenshots, or personal billing information, FotoVyn will use that information only to verify payment, issue credits, provide support, keep records, and comply with legal obligations. Users should not send unnecessary sensitive financial information, full card details, banking passwords, national ID numbers, or unrelated personal documents unless specifically required through a secure and approved process.
22. Data Breach and Incident Handling If FotoVyn becomes aware of a security incident involving personal data, we will investigate and take appropriate steps to contain, assess, mitigate, and remediate the incident. Where required by applicable law, we will notify affected users, regulators, or other parties within required timelines and provide relevant information about the incident and recommended protective steps. FotoVyn should maintain an internal incident log and escalation process covering unauthorized access, leaked images, payment issues, provider breaches, compromised admin accounts, exposed storage buckets, and accidental publication of private beta samples.
23. Third-Party Services and Links FotoVyn may link to or integrate with third-party websites, payment processors, storage providers, AI model providers, social media platforms, analytics tools, and communication channels. These third parties have their own privacy policies and practices. FotoVyn is not responsible for the independent privacy practices of third parties, but will aim to work with reputable providers and review their practices where relevant.
24. Regional Privacy Notes 24.1 Sri Lanka FotoVyn should prepare for and align with Sri Lanka’s Personal Data Protection Act framework, including the role of the Data Protection Authority of Sri Lanka, data subject rights, lawful processing, controller/processor obligations, security measures, breach handling, and cross-border data transfer requirements. Because implementation may evolve through regulations, rules, directives, and guidance, FotoVyn should periodically review official DPA updates.
24.2 European Economic Area, United Kingdom, and Similar Frameworks If FotoVyn offers Services to users in the EEA, UK, or other regions with GDPR-style laws, additional requirements may apply, including more detailed lawful bases, processor/controller roles, data transfer safeguards, data protection impact assessments, retention controls, and representative or DPO obligations where applicable.
24.3 Other Countries If FotoVyn expands beyond Sri Lanka, it should review privacy, consumer, advertising, biometric, image rights, AI, and ecommerce rules in each market before targeted launch campaigns.
25. Changes to this Privacy Policy We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and may provide additional notice through the website, app, email, or other communication channels. Continued use of FotoVyn after changes means the updated Policy applies, unless additional consent is required by law.
26. Contact Us For privacy questions, data requests, deletion requests, complaints, or support, contact: Company/Product: FotoVyn Support email: fotovynstudios@gmail.com Privacy contact: fotovynstudios@gmail.com Business address: Dehiwela, Sri Lanka Response window: We aim to respond within a reasonable period and within any timeline required by applicable law.