Privacy Policy

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Personal Information:
- Name and email address
- Payment information (processed securely by our payment providers)
- Profile information you choose to provide

Usage Information:
- Images and designs you upload for processing
- Tool usage patterns and preferences
- Device information and IP addresses
- Cookies and similar tracking technologies

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience

We do not sell, trade, or otherwise transfer your personal information to outside parties except in the following circumstances:

• Service Providers: We share information with third-party service providers who perform services on our behalf. Named providers:
• Razorpay — payment processing (cards, UPI, netbanking, wallets). Razorpay receives your billing details for invoice generation and fraud prevention.
• Cloudflare R2 — encrypted object storage for your uploaded images and AI-generated results.
• Google Analytics 4 — aggregated, anonymized usage analytics (page views, click events). Set to anonymize IP addresses; no personal identifiers transmitted.
• Microsoft Clarity — anonymous session-replay heatmaps for UX improvement. Configured with input masking so form fields, payment forms, and authentication screens are never recorded. Sessions are aggregated; no individual user is identified.
• Resend — transactional email delivery (sign-in links, payment receipts, refund notifications). Recipient addresses only; no body content stored.
• Fal.ai, Replicate, Google Gemini — AI inference providers for AI tools. They receive only the input image required to generate your result and are contractually forbidden from training on your data.
• You can disable Google Analytics and Microsoft Clarity entirely via the cookie consent banner on first visit.
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us explicit permission

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

• All data transmission is encrypted using SSL/TLS
• Images are processed securely and deleted after processing (unless saved to your project)
• We regularly review and update our security practices
• Access to personal data is limited to employees who need it

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Objection: Object to processing of your personal data
• Withdrawal: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

We use cookies and similar tracking technologies to:

• Keep you logged in
• Remember your preferences
• Understand how you use our services
• Improve our services based on this information

You can control cookies through your device settings. Note that disabling cookies may affect the functionality of our services.

Different categories of data are kept for different periods. The table below is the source of truth — when this conflicts with other text on this page, this table wins.

| Category | Retention | Why |
| --- | --- | --- |
| Account profile (email, name, phone) | While account active; anonymised within 30 days of deletion request | Account-delete grace period in case of accidental deletion |
| Generated result images (cloud storage) | 24 hours (Starter) → 7 days (Pro) → 14 days (Studio) → 30 days (Enterprise) | Plan-tiered retention — see [/refund-policy](/refund-policy) |
| Uploaded inputs | Same as the result they produced — purged with that result | We don't keep your uploads beyond the job that processed them |
| Payment records (invoices, transactions) | 7 years | Indian tax law; can't shorten |
| Audit logs (admin actions, security events) | 1 year | Forensic investigations + dispute resolution |
| Usage logs (which tool you ran, when) | 90 days | Capacity planning + per-account analytics on /user → Overview |
| Support tickets and replies | 3 years from last activity | Reference for repeat issues + audit |
| Support email digest send timestamps | 30 days | Just enough to throttle the weekly cap |
| Newsletter subscription state | Until unsubscribed; record kept 30 days post-unsub | GDPR grace period to handle re-subscribe / dispute |
| Cookie consent decision | 13 months (per GDPR guidance) | Asks again after one year |

When you self-delete via account settings, we run an anonymisation pass within 30 days — your row stays for aggregate analytics, but every PII column (email, name, phone, image) is replaced with a one-way hash.

Texloom Studio does not use your inputs or outputs to train any AI model — neither ours, nor our third-party AI inference providers', nor any other party's.

• Inputs you upload are sent to the inference provider for the single purpose of returning your result
• Outputs are stored only for the retention window your plan provides (see Data Retention above) so you can re-download them
• No content is set aside for model improvement, fine-tuning, or evaluation
• Our agreements with inference providers explicitly forbid them from training on your data

Enterprise procurement reviews can request the relevant contract clauses by emailing [email protected] — we'll share them under NDA.

If you are an Indian resident, the Digital Personal Data Protection Act 2023 (DPDPA) gives you specific rights as a Data Principal.

Your rights:

• Information: Know what personal data we hold about you and how we process it
• Correction: Have inaccurate or outdated data corrected
• Erasure: Request deletion when the purpose for processing is over (subject to lawful retention requirements above)
• Grievance redressal: Raise a complaint with our Grievance Officer
• Nominate: Designate another person to exercise these rights if you become unable to

Grievance Officer:

• Name: Texloom Support Team
• Email: [[email protected]](mailto:[email protected])
• Response time: Acknowledgement within 7 days; substantive response within 30 days

If you are not satisfied with our response, you may approach the Data Protection Board of India under DPDPA Section 27.

For users in the EU/EEA, UK, and California: the rights listed in the "Your Rights" section above (GDPR Articles 15–22, UK GDPR equivalents, CCPA/CPRA Sections 1798.100 et seq.) continue to apply. To exercise any right, email [[email protected]](mailto:[email protected]) — we don't gatekeep behind a separate compliance form.

Your uploaded images and generated designs are handled separately from account data, with retention based on how you use our tools:

Free tools on /free-tools (signed-out users):
- Browser-based tools — including Format Converter, Vectorize Studio, AI Color Extractor, Color Converter, Pantone Color Finder, Print Calculator, Fabric Yield, Seamless Checker, Image Diff, EXIF Metadata Viewer, Color Blindness Simulator, and similar utilities — process your image entirely in the browser. Your image is never uploaded to our servers, never stored, never copied, and never used to train AI models.
- AI tools that require our servers — including AI Image Upscaler, AI Image Sharpener, Background Remover, Watermark Remover, AI Texture Remover, AI Style Transfer, AI Color Transfer, AI Print Studio, AI Generative Fill, Inpaint Studio, Pattern Generator, Image-to-Image Editor, and any other tool that calls a cloud AI provider — accept your image only as long as needed to return a result. Images are automatically wiped after processing, with a maximum retention of 24 hours for in-flight job recovery and download history.
- The exact list of browser-only versus AI-server tools may change as we add or migrate tools; the rule is constant: if the tool runs entirely on your device, your image never leaves it.

Studio (signed-in users):
- Free plan: generated results stored 24 hours, then automatically deleted.
- Pro plan: generated results stored 7 days, then automatically deleted.
- Business / Enterprise: generated results stored 30 days, with the option to export to your own storage before deletion.
- Source uploads in all tiers are discarded as soon as processing completes — only the result is retained per the schedule above.

Across all tiers:
- We never use your images or designs to train AI models.
- We never share your images with third parties beyond the AI processor required to generate your result.
- You can manually delete any stored result from your account dashboard at any time.
- Account deletion triggers immediate deletion of all stored results.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

We encourage you to review this privacy policy periodically for any changes.

If you have any questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Address: Batala, Punjab, India

For data protection inquiries in the EU, you may also contact your local data protection authority.