GPTImage2

Privacy Policy

Privacy policy for GPTImage2 — how we handle your account, prompts, and generated images.
Apr 17, 2026

Last updated: April 17, 2026

GPTImage2 ("we", "our", "us") operates the website at gpt-image-2-ai.app and the related GPT Image 2 image-generation service (the "Service"). This policy explains what personal data we collect, why we collect it, how we use it, and the choices you have.

By using GPTImage2 you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Data We Collect

We collect only what we need to run the Service:

Account data

  • Email address, display name, and avatar (when you sign in with Google, these come from your Google profile).
  • A hashed password (only if you sign in with email/password rather than Google).
  • Preferred language and theme.

Usage data

  • The prompts you submit and the reference images you upload.
  • The images the Service generates for you and any metadata (size, quality tier, model version, timestamp).
  • Credits spent, task IDs, success / failure status.
  • IP address, browser user-agent, referrer URL, and approximate geolocation derived from IP (country / region only).
  • Basic device information (screen size, operating system) reported by the browser.

Billing data

  • We do not store full credit card numbers. When you subscribe or buy a credits pack, Stripe collects and stores payment details directly on their servers. We keep only the transaction ID, the last four digits of the card (as supplied by Stripe), the billing country, and the subscription status.

Cookies and local storage

  • Strictly necessary cookies for sign-in sessions.
  • Preference cookies for theme and locale.
  • Analytics cookies (Google Analytics 4) — anonymized, used to understand aggregate usage.

You can block non-essential cookies in your browser without breaking the core sign-in and image-generation flows.

2. How We Use Your Data

We use the data above to:

  • Provide the Service — generate images, save your gallery, process payments, show your usage and credit balance.
  • Secure the Service — detect abuse, rate-limit generation, prevent fraud.
  • Communicate with you — transactional emails (sign-in verification, receipts, subscription changes). We do not send marketing email unless you explicitly opt in.
  • Improve the Service — aggregate analytics on which features are used, where users drop off, and how long generation takes.
  • Comply with legal obligations — respond to valid legal process, enforce our Terms of Service, protect rights and safety.

We do not use your prompts or generated images to train any AI model. We do not sell your personal data to third parties.

3. Third-Party Services

GPTImage2 is built on a small set of trusted infrastructure providers. Each one only receives the data they need to perform their function:

ServicePurposeData shared
Evolink AIRuns the GPT Image 2 model that generates your imagesPrompt text, reference image URLs, generation parameters
Supabase (PostgreSQL)Primary databaseAccount + usage data
Cloudflare R2Stores uploaded reference images and generated resultsImage files
StripeProcesses subscription and one-time paymentsName, email, billing country, payment method, transaction data
Google OAuthSign-in with GoogleEmail, name, avatar (only after you authorize)
ResendSends transactional email (verification, receipts)Email address, email content
Google Analytics 4Aggregate usage analyticsAnonymized pageviews, IP masked, device type
VercelHosts the web applicationServer logs, request metadata

Each of these providers has its own privacy policy, and we choose them partly because they are GDPR- and SOC 2-compliant where applicable.

4. Data Retention

  • Account data is retained while your account is active, and deleted within 30 days after you delete the account.
  • Generated images are mirrored to our private R2 storage so upstream links don't expire. They remain available in your Activity tab until you delete them or your account is removed.
  • Payment records are retained for 7 years or as required by applicable tax law.
  • Server logs and analytics are retained for up to 90 days, then aggregated.

You can delete any generated image from the Activity tab at any time. Account deletion is available from Settings → Profile.

5. Your Rights

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to fix inaccurate information.
  • Deletion — ask us to delete your account and associated data.
  • Portability — request an export of your generated images and prompts.
  • Objection / restriction — ask us to stop or limit certain processing.
  • Withdraw consent — for any processing based on consent, you can withdraw it at any time.

To exercise any of these rights, email privacy@gpt-image-2-ai.app. We respond within 30 days. If you believe your rights have been violated, you can also lodge a complaint with your local data-protection authority.

6. International Transfers

We are hosted on servers in the United States and Asia-Pacific (for database replication). When you use the Service, your data is transferred to and processed in those regions. We rely on Standard Contractual Clauses (SCCs) with our processors where required.

7. Children

GPTImage2 is not directed at children under 13 (or the minimum age in your jurisdiction, whichever is higher). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Security

We take reasonable technical and organizational measures to protect your data — TLS for every request, encryption at rest for stored files and database, scoped API keys, least-privilege access, and regular backups. No system is perfectly secure; please use a strong, unique password and enable 2FA on your Google account.

9. Changes to This Policy

We may update this policy as the Service evolves. When we make material changes we will update the "Last updated" date at the top and, for significant changes, notify signed-in users by email. Continued use of the Service after an update constitutes acceptance of the revised policy.

10. Contact

Questions, requests, or concerns: