Privacy Policy

1. Information We Collect

When you create an account, we collect your email address and authentication details through our identity provider, Clerk. When you use the service, we store the text prompts you submit, any reference images you upload, and the images or videos the service generates on your behalf. We also keep a record of credit transactions associated with your account.

Connection and Device Information

When you sign up, we automatically record a snapshot of the request that created your account, including your IP address, browser type and settings, network and Internet Service Provider information, approximate country derived from your IP address, and the page on Maejik you arrived on. If you reached us through a referring website or marketing link, we also record the referring page and any associated campaign information.

2. How We Use Your Information

We use your information to provide and improve the Maejik service, process credit purchases via Stripe, generate images and videos from your prompts, maintain an accurate credit balance, and communicate with you about your account. We do not sell your personal data, and we do not use your prompts, reference images, or generations to train our own models.

We use the connection and device information described in section 1 to operate Maejik securely, detect and prevent fraudulent account creation and abuse of trial credits, and understand which sources and channels users discover Maejik through. We rely on our legitimate interests in running a secure service and understanding how it is used as the legal basis for this processing.

3. Third-Party Services (Sub-processors)

We rely on the following sub-processors to operate Maejik. Each operates under its own privacy policy, and we only share the minimum information required for the service to function:

• Clerk — authentication and account management (receives your email and sign-in details)
• Stripe — payment processing (receives payment details directly; we never see your card data)
• Cloudflare — application hosting and content delivery
• BytePlus — AI image and video generation (receives your prompt and any selected reference images)
• Google Vertex AI — AI image generation (receives your prompt and any selected reference images when a Vertex model is chosen)

When you submit a generation, your prompt and reference images are transmitted to the AI provider you select for that request. We will update this list before introducing new sub-processors.

4. Data Storage and Retention

Your account data, prompts, and credit records are stored in our managed database, and uploaded reference images and generated images or videos are stored in our managed object storage, both hosted on Cloudflare. You can delete individual generations, assets, and conversations at any time through the application, which removes them from our storage. If you close your account, we will delete or anonymise your associated content within a reasonable period, except where retention is required for legal, tax, or fraud-prevention purposes (for example, Stripe transaction records). We may retain opaque authentication identifiers (such as the Clerk user ID linked to your former account) in anonymised form so that retained financial records remain internally consistent; these identifiers cannot be used to identify you once your Clerk account has been removed.

The connection and device information described in section 1 is retained for the lifetime of your account and used as described in section 2. When you close your account, this information is cleared from our database as part of the account-deletion process described above.

5. Security

We take the security of your account seriously:

• All traffic to Maejik is served over HTTPS, and data is encrypted at rest on Cloudflare infrastructure.
• Authentication is handled by Clerk — we never see or store your password.
• Payments are handled directly by Stripe — we never see or store your card details.
• Our API has rate limiting and abuse protections to reduce the impact of misuse or a compromised account.

No service can guarantee absolute security. If you believe you have found a security issue, please email support@maejik.com.

6. Your Rights

Depending on where you live, you may have the following rights in respect of your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal data, subject to the retention exceptions in section 4.
• Portability — receive a machine-readable copy of the data you provided to us.
• Objection and restriction — object to, or ask us to restrict, certain processing.
• Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect prior processing).
• Opt out of sale or sharing — we do not sell your personal data and do not share it for cross-context behavioural advertising, so there is nothing to opt out of.

We rely on the following legal bases for processing your data: performance of our contract with you (to provide the service you requested), our legitimate interests (to operate, secure, and improve Maejik), consent (where required, e.g. optional communications), and compliance with legal obligations (e.g. tax and fraud-prevention records).

You can delete your generated content and reference images directly through the application. For any other request, contact us at support@maejik.com and we will respond within a reasonable period. If you are in the EU, UK, or Australia and believe we have not handled your data appropriately, you also have the right to lodge a complaint with your local supervisory authority (in Australia, the Office of the Australian Information Commissioner).

7. International Data Transfers

Maejik is operated from Australia and our sub-processors are located in a range of countries including the United States, the European Union, and Singapore. This means your personal data may be transferred to, processed in, and stored in countries other than the one you live in, which may have different data-protection laws to your home country. Where a transfer is subject to the GDPR or UK data-protection law, we rely on Standard Contractual Clauses (or equivalent safeguards) published by our sub-processors, together with any adequacy decisions that apply, to protect your data during those transfers.

8. Cookies

Maejik uses essential cookies required for authentication and session management. We do not use third-party advertising cookies, and we do not share information with ad networks for cross-site tracking.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated revision date.

10. Contact

If you have questions about this privacy policy, please contact us at support@maejik.com.