This Privacy Policy explains how [DesignXDM legal entity name] ("DesignXDM", "we", "us" or "our") collects, uses, shares, stores, and protects personal data when you use our website, applications, creative tools, AI-assisted features, integrations, and related services (together, the "Service").

This Policy also explains your choices and rights. By accessing or using the Service, you acknowledge that your information will be handled as described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Scope of this Policy

This Privacy Policy applies to personal data we collect from:

• Visitors to our website and landing pages;
• Users who create an account or sign in to the Service;
• People who communicate with us by email, support channels, forms, or social media;
• Individuals whose information is included in projects, workspaces, or collaborations on the Service; and
• Recipients of our marketing, event, or product communications.

Capitalized terms not defined here may have the meaning given in our Terms of Service. This Policy does not apply to third-party services, websites, software, or integrations that are governed by their own privacy notices.

2. The Information We Collect

2.1 Information you provide directly

We may collect information you provide when you register, sign in, subscribe, purchase, contact us, collaborate, or otherwise use the Service. Depending on how you use DesignXDM, this may include:

• Identity and account information, such as your name, email address, username, profile image, company name, job title, billing contact details, and account preferences;
• Authentication information supplied via third-party sign-in providers such as Google Sign-In;
• Payment and transaction information, such as plan type, subscription status, invoices, billing country, and limited payment metadata provided by our payment processors;
• Content you upload, create, save, organize, or share, including prompts, mood boards, images, creative briefs, references, comments, annotations, metadata, and other materials you choose to use in the Service;
• Communications and support messages, such as emails, customer support requests, feedback, survey responses, bug reports, and event registrations; and
• Any other information you choose to submit to us.

2.2 Information from Google Sign-In and other third-party login providers

If you choose to sign in through Google or another authentication provider, we may receive basic profile and account information associated with that provider, such as your name, email address, profile image, account identifier, and any other information you authorize that provider to share with us.

We use this information to authenticate you, create and manage your account, maintain account security, and support the features you request. We do not access your Google data beyond what is necessary for login and account management unless you separately connect another Google service and authorize additional access.

2.3 Information from other third parties

We may receive information from service providers, analytics partners, payment processors, fraud-prevention vendors, business partners, public sources, and integrations that you connect to the Service. This may include device signals, usage analytics, payment status, organization affiliation, or information needed to enable a requested workflow.

If you are invited into a shared project, team, or workspace, we may receive your email address, name, role, and related collaboration data from the inviting user or organization.

2.4 Information we collect automatically

When you use the Service, we and our service providers may automatically collect or generate certain information, including:

• Device and browser information, such as IP address, browser type, operating system, language, device identifiers, and approximate location derived from IP;
• Usage information, such as pages viewed, clicks, time spent, referring URLs, feature use, crash reports, session activity, and interaction logs;
• Log and diagnostic data, including timestamps, request details, error reports, and performance telemetry; and
• Cookie, pixel, local storage, and similar technology data as described further below.

2.5 Cookies and similar technologies

We use cookies, SDKs, local storage, pixels, tags, and similar technologies to operate the Service, remember preferences, keep users signed in, understand usage, improve performance, prevent fraud, measure campaigns, and where permitted, support marketing and remarketing.

You can control some cookies and similar technologies through your browser settings, device settings, cookie banner, or other consent tools we provide. Some features of the Service may not function properly if essential cookies are disabled.

2.6 Sensitive data and user responsibility

Please do not upload sensitive personal data to the Service unless you have a clear lawful basis to do so and DesignXDM expressly supports that use case. Depending on your jurisdiction, sensitive data may include information such as health data, biometric data, government identifiers, or special-category data.

If you provide personal data relating to another person, you must ensure you have the right to do so and that this Privacy Policy may be made available to them as required.

3. How We Use Information

We use personal data for the following purposes:

• To provide, operate, maintain, and secure the Service;
• To create and manage accounts, authenticate users, and administer subscriptions and billing;
• To process prompts, uploads, references, and instructions in order to generate outputs and enable creative workflows;
• To personalize the user experience, such as by remembering preferences and surfacing relevant features or content;
• To communicate with you about service-related matters, including onboarding, security notices, account updates, invoices, and support;
• To send product news, insights, invitations, and marketing communications where we have your consent or another lawful basis;
• To analyze usage, troubleshoot issues, monitor quality, develop new features, and improve the Service;
• To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms or policies;
• To comply with legal obligations, enforce our rights, protect users and others, and respond to lawful requests; and
• For other purposes disclosed at the time of collection or with your consent.

4. AI, Creative Data, and Model Use

DesignXDM includes AI-assisted features that help users generate, organize, refine, and evaluate creative material. Because this is a core part of the Service, we may process prompts, uploads, references, instructions, selections, and related usage data in order to provide the requested outputs and related functionality.

Unless we clearly tell you otherwise and obtain any permissions required by law, we do not use your private customer content to train foundation models for general-purpose public model improvement.

We may, however, use service data and permitted customer data for the following limited purposes:

• To deliver the output or workflow you requested;
• To perform safety, moderation, abuse prevention, and policy enforcement;
• To debug, maintain, and improve the reliability and performance of the Service;
• To generate aggregate statistics and service insights that do not identify you personally; and
• To improve narrow internal systems, ranking, retrieval, quality assurance, or product analytics where permitted by law and consistent with your settings, contract terms, or separate disclosures.

If we offer settings that allow you to opt in or opt out of specific AI training or product-improvement uses, those settings will apply as described in the Service.

You remain responsible for reviewing AI-generated outputs before using or sharing them. AI outputs may be incomplete, inaccurate, or similar to outputs generated for other users.

Ownership, license, and intellectual property terms for inputs and outputs are governed by our Terms of Service and any applicable enterprise agreement.

5. Legal Bases for Processing

If you are in the United Kingdom, European Economic Area, or another jurisdiction that requires a legal basis for processing, we rely on one or more of the following:

• Contractual necessity: where processing is required to provide the Service, manage your account, process payments, or fulfill our contractual obligations;
• Legitimate interests: where processing is reasonably necessary for our legitimate interests, such as securing and improving the Service, understanding product usage, preventing fraud, supporting users, or conducting proportionate direct marketing;
• Consent: where required, such as for certain marketing communications, optional cookies, or specific data uses that require consent; and
• Legal obligation: where processing is required to comply with laws, regulations, court orders, or lawful requests.

Where we rely on consent, you may withdraw that consent at any time. Withdrawal does not affect processing that occurred before withdrawal.

6. How We Share Information

6.1 Service providers and subprocessors

We share personal data with trusted service providers that help us operate the Service. Depending on our setup, these may include providers for hosting, cloud storage, authentication, analytics, customer support, billing, payment processing, email delivery, security, AI infrastructure, monitoring, and collaboration.

These providers are authorized to access personal data only as needed to perform services for us and are subject to contractual or legal obligations to protect it.

Insert your real provider list here, for example: [AWS / GCP / Azure], [Supabase / Firebase / Auth0], [Stripe], [Resend / Postmark / Mailgun], [OpenAI or other model providers], [Sentry], [Plausible / PostHog / GA4], [HubSpot / Customer.io], and any other vendor that processes personal data for DesignXDM.

6.2 Team, workspace, and collaboration sharing

If the Service allows collaboration, information associated with your account or content may be visible to other users in the same workspace, team, project, or shared environment. For example, collaborators may see your name, profile image, comments, edits, prompts, versions, activity timestamps, or workspace role, depending on the product settings.

If you use an account provided by or associated with an employer, client, school, or other organization, that organization may control your account and access information associated with it, subject to applicable law and contract terms.

6.3 Integrations and third-party apps

If you connect a third-party integration or export content to an external service, we may share the data necessary to complete that action with the relevant third party. Their use of your information is governed by their own terms and privacy policies.

You should review the privacy practices of any third-party service before connecting it to DesignXDM.

6.4 Legal and safety disclosures

We may disclose information where we reasonably believe it is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request;
• Enforce our Terms of Service or other agreements;
• Detect, prevent, or investigate fraud, abuse, security incidents, or illegal activity;
• Protect the rights, property, safety, or security of DesignXDM, our users, or others; or
• Establish, exercise, or defend legal claims.

6.5 Business transfers

If DesignXDM is involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal data may be disclosed to counterparties and advisors as part of due diligence and may be transferred as part of that transaction, subject to applicable confidentiality and legal requirements.

6.6 Aggregated and de-identified data

We may create and use aggregated, anonymized, or de-identified information for analytics, benchmarking, research, safety, and product improvement purposes, provided that it does not identify you personally.

7. Marketing, Analytics, and Advertising

We may send you newsletters, product updates, event invitations, and other promotional communications if you have opted in, if such communications are otherwise permitted by law, or if you are an existing customer and the law allows limited soft opt-in marketing.

You can opt out of marketing emails at any time by clicking the unsubscribe link in the message, updating your account settings, or contacting us at [privacy email address].

We may use analytics and measurement tools to understand how users discover and use the Service. If you use optional marketing or advertising cookies, these tools may also help us measure campaigns, understand conversions, or tailor messaging. If you do not run advertising, delete or narrow this section before publishing.

8. International Data Transfers

DesignXDM may process personal data in the United Kingdom, European Economic Area, United States, and other countries where we or our service providers operate.

Where we transfer personal data internationally, we take steps designed to ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, the UK international data transfer addendum, or other recognized transfer mechanisms where required.

You should list the principal countries or regions in which your providers process data if you want this policy to be more specific.

9. Data Retention

We retain personal data for as long as necessary for the purposes described in this Policy, including to provide the Service, maintain business and financial records, resolve disputes, enforce agreements, and comply with legal obligations.

Retention periods depend on the type of information and the context in which it was collected. For example:

• Account information is generally retained while your account remains active and for a reasonable period thereafter;
• Billing and transaction records may be retained for tax, accounting, and audit purposes;
• Support records may be retained to improve support quality and for legal or operational reasons;
• Backups and logs may persist for a limited period before deletion or overwriting; and
• Where you request deletion, we will delete or anonymize applicable data unless we need to retain it for a lawful reason.

10. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. These measures may include access controls, encryption in transit, logging, vendor due diligence, and role-based permissions.

No system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and for notifying us promptly if you believe your account has been compromised.

11. Your Choices and Rights

11.1 Account and communication controls

You may be able to access, update, or delete certain account information from within your account settings. You can also opt out of marketing communications at any time.

11.2 Privacy rights

Depending on where you live, you may have rights to:

• Request access to the personal data we hold about you;
• Request correction of inaccurate or incomplete personal data;
• Request deletion of your personal data;
• Request restriction of processing;
• Object to certain processing, including certain direct marketing;
• Request portability of certain personal data in a structured, commonly used format;
• Withdraw consent where processing is based on consent; and
• Lodge a complaint with a supervisory authority or regulator.

To exercise your rights, contact us at [privacy email address]. We may need to verify your identity before completing your request. We may also deny or limit requests where permitted by law.

11.3 UK and EEA users

If you are in the UK or EEA, you also have the right to complain to your local data protection authority. In the UK, this is generally the Information Commissioner's Office.

11.4 U.S. state privacy notices

If you are a resident of a U.S. state with applicable privacy rights, you may have additional rights such as the right to know, delete, correct, opt out of certain profiling, or opt out of the sale or sharing of personal data for cross-context behavioral advertising, subject to applicable exceptions.

If DesignXDM does not sell or share personal data in a way those laws define, say so clearly in your final version. If it does, include the required opt-out disclosures and mechanisms.

12. Children

The Service is not directed to children and is not intended for individuals under [13/16 depending on your chosen threshold and jurisdictions] without appropriate authorization.

We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, contact us at [privacy email address] and we will investigate and take appropriate action.

If you offer educational products or accounts for minors, you will need a substantially more detailed children's privacy section and, depending on geography, additional compliance steps.

13. Third-Party Websites and Services

The Service may contain links to third-party websites, tools, plug-ins, and services. We are not responsible for the privacy practices of those third parties. Your use of third-party services is governed by their own terms and privacy policies.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the Service.

When we make material changes, we will revise the "Last updated" date and, where required, provide additional notice such as by email, in-product notice, or website banner.

15. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, please contact:

contact@designxdm.com
DesignXDM
Stansfeld Park Quarry Road, Headington, Oxford, England, OX3 8SB