Privacy Policy
Last updated: February 2026
1. Introduction
Apex Studio ("we", "us", "our") is operated by Neodym.io. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Apex Studio service at apex-studio.neodym.io.
By using Apex Studio you agree to the practices described in this policy. If you do not agree, please do not use the service.
2. Data We Collect
2.1 Account Data
When you sign in with Google, we receive your name, email address, and profile photo from your Google account. We store this information to create and manage your Apex Studio account.
2.2 Photos and Uploaded Content
You upload racing photos, team logos, and event logos to generate posters. These files are processed by our AI pipeline and stored temporarily for poster generation. All uploaded photos are automatically deleted within 24 hours of upload in compliance with our data minimization policy.
2.3 Generated Posters
Posters you generate are stored in your account so you can download them. You may delete your posters at any time from your profile.
2.4 Payment Data
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. We receive a payment confirmation, transaction ID, and the last four digits of your card for receipt purposes.
2.5 Usage Data
We collect basic usage data such as pages visited, poster generation events, and error logs to improve the service. This data is not linked to your identity unless you are signed in.
3. How We Use Your Data
- To provide and operate the poster generation service
- To process payments via Stripe
- To send transactional emails (receipts, order confirmations)
- To detect and prevent abuse and fraud
- To improve the quality of AI-generated posters
- To provide customer support
We do not sell your personal data to third parties. We do not use your photos to train AI models.
4. AI Processing of Photos
Your uploaded photos are processed using AI image generation technology to create poster designs. During this process:
- Photos are sent to secure, enterprise-grade AI services for image generation
- Our AI providers process images under strict data processing agreements and do not use your photos for model training
- Photos are processed in real-time and are not stored by our AI providers beyond the duration of the generation request
- Original uploads are deleted from our servers within 24 hours
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded photos | 24 hours |
| Generated posters | Until you delete them or close your account |
| Account data | Until account deletion |
| Payment records | 7 years (legal obligation) |
| Usage logs | 90 days |
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access — request a copy of all personal data we hold about you
- Right to rectification — correct inaccurate personal data
- Right to erasure — request deletion of your account and all associated data
- Right to data portability — receive your data in a machine-readable format
- Right to restrict processing — limit how we use your data
- Right to object — object to data processing based on legitimate interest
To exercise any of these rights, contact us at neodym.cloud@gmail.com. We will respond within 30 days.
You can also export or delete your data directly from your profile settings.
7. Cookies
Apex Studio uses the following cookies and local storage:
- Authentication cookies — Firebase Auth session tokens to keep you signed in
- Local storage — draft form data so you do not lose progress if you navigate away
We do not use third-party advertising or tracking cookies. If we add analytics in the future, we will update this policy and request your consent.
8. Third-Party Services
- Google Firebase — Authentication and database
- AI Image Services — Poster generation and image processing (enterprise API tiers with data processing agreements)
- Stripe — Payment processing
Each of these services has their own privacy policy. We encourage you to review them.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data in transit
- Firebase Security Rules to restrict database access
- Automatic deletion of uploaded photos within 24 hours
- Access controls limiting data access to authorized services only
10. Children's Privacy
Apex Studio is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at neodym.cloud@gmail.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or an in-app notice. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: neodym.cloud@gmail.com
- Company: Neodym.io
- Location: European Union (Spain)