Privacy Policy

Last updated: February 4, 2026

Effective date: February 4, 2026

This Privacy Policy describes how Varimuse ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our AI-powered creative generation platform at varimuse.ai (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information: When you create an account, we collect your email address. You may optionally provide a display name.
User Content: We collect the prompts, text inputs, and configuration settings you submit to generate content through our Service ("User Prompts").
Payment Information: When you purchase credits, payment processing is handled by our third-party payment processor. We do not directly store your full credit card number, but we may receive and store transaction IDs, purchase amounts, and billing addresses associated with your purchases.
Communications: If you contact us for support or feedback, we collect the contents of those communications.

1.2 Information Generated Through the Service

Generated Content: Images and other content generated using our Service based on your prompts ("Generated Content").
Usage Data: Information about how you interact with our Service, including the features you use, actions you take (such as saving Picks, creating generations, publishing content), and timestamps of your activities.
Credit Transactions: Records of credit purchases, usage, and balance history.

1.3 Information Collected Automatically

Device Information: Browser type and version, operating system, device type, and screen resolution.
Log Data: IP address, access times, pages viewed, and referring URLs.
Cookies and Similar Technologies: We use essential cookies for authentication and session management. See Section 6 for more details.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

To create and manage your account
To authenticate your identity via magic link emails
To process your prompts and generate content using AI models
To store and display your generated content, Picks, and collections
To process credit purchases and track your balance
To provide customer support
To analyze usage patterns and improve our Service
To develop new features and services

2.2 Safety and Security

To detect and prevent fraud, abuse, and security incidents
To enforce our Terms of Service and acceptable use policies
To filter and block prohibited content (including NSFW material)
To investigate and respond to content reports

2.3 Communications

To send you authentication emails (magic links)
To send transactional notifications about your account and purchases
To respond to your inquiries and support requests
To send service announcements and updates (you may opt out of non-essential communications)

2.4 Legal Compliance

To comply with applicable laws, regulations, and legal processes
To respond to lawful requests from public authorities
To protect our rights, privacy, safety, or property

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

AI Generation Providers (Replicate, OpenAI, and similar): We transmit your prompts to these providers to generate content. These providers process your prompts according to their own privacy policies and terms. We do not control how they use data for their own purposes, including model training.
Cloud Infrastructure (Cloudflare, Railway): We use these services for hosting, content delivery, and storage of generated content.
Email Services (Resend): We use email providers to send authentication and transactional emails.
Payment Processing: Payment processors handle credit card transactions and are subject to PCI-DSS compliance requirements.
Analytics: We may use analytics providers to understand Service usage.

3.2 Public Content

If you choose to publish your Picks or collections to our Explore gallery, the associated Generated Content, your display name (if set), and any descriptions you provide will be publicly visible to all users of the Service. You can unpublish content at any time.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (subpoenas, court orders, legal requests)
Requests from law enforcement or government authorities
Situations where disclosure is necessary to protect our rights, your safety, or the safety of others
Investigations of potential violations of our Terms of Service

3.4 Business Transfers

If Varimuse is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

4. Data Retention

4.1 Account Data

We retain your account information for as long as your account is active. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or fraud prevention purposes.

4.2 Generated Content

Your Generated Content and Picks are retained until you delete them or close your account. Published content remains available until you unpublish it. We may retain backups for a limited period for disaster recovery purposes.

4.3 Transaction Records

Credit purchase and usage records are retained for a minimum of 7 years for tax and accounting purposes, or longer if required by applicable law.

4.4 Log Data

Server logs and security-related data are typically retained for 90 days, unless longer retention is required for ongoing investigations or legal compliance.

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 Access and Portability

You can access your account information, prompts, and generated content through the Service. You may request a copy of your personal data in a machine-readable format.

5.2 Correction

You can update your display name and other account information through your profile settings.

5.3 Deletion

You can delete individual Generated Content and Picks through the Service. You may also request complete account deletion by contacting us at [email protected]. Note that some information may be retained as described in Section 4.

5.4 Withdraw Consent

Where we rely on your consent to process personal information, you may withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

5.5 Opt-Out of Marketing

You can opt out of marketing communications by following the unsubscribe instructions in our emails or contacting us directly.

5.6 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

Right to know what personal information we collect, use, and disclose
Right to delete your personal information (subject to certain exceptions)
Right to opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights
Right to correct inaccurate personal information
Right to limit use and disclosure of sensitive personal information

To exercise these rights, contact us at [email protected]. We may verify your identity before processing your request.

5.7 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing based on legitimate interests
Right to lodge a complaint with a supervisory authority

Our legal bases for processing include: performance of our contract with you, legitimate interests (such as security and service improvement), compliance with legal obligations, and where applicable, your consent.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

We use essential cookies that are necessary for the Service to function, including authentication cookies that keep you logged in. These cannot be disabled.

6.2 Analytics

We may use analytics tools to understand how users interact with our Service. These may set cookies to track sessions and page views.

6.3 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. However, we do not track users across third-party websites.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

Encryption of data in transit using TLS/HTTPS
Secure authentication via time-limited magic links
Access controls and authentication for internal systems
Regular security assessments and monitoring
Secure cloud infrastructure with reputable providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our service providers are located. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequate data protection determinations.

9. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

10. Third-Party AI Provider Notice

Important: When you use our Service to generate content, your prompts are transmitted to third-party AI providers (such as Replicate and their underlying model providers). These providers have their own privacy policies and terms of service that govern how they handle your data.

We recommend reviewing the privacy policies of these providers. Key points to be aware of:

Your prompts may be logged by AI providers for their own purposes
Some providers may use inputs and outputs to improve their models unless you opt out through their services directly
We do not control the data practices of these third-party providers

By using our Service, you acknowledge and accept that your prompts will be shared with these third-party AI providers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

For significant changes, we will provide additional notice, such as an email notification or a prominent notice within the Service. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes acceptance of the changes.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Subject Line: Privacy Inquiry

For data subject rights requests (access, deletion, correction), please include sufficient information to verify your identity and specify the rights you wish to exercise.

We will respond to privacy inquiries within 30 days, or within the timeframe required by applicable law.