Privacy Policy

Effective Date: January 5, 2025

Last Updated: June 18, 2025

1. We value your privacy

GoThumbnails is operated by Quick Flip Services, registered in the Netherlands.

For any privacy-related inquiries, data subject requests, or concerns about how we handle your personal information, please contact us at support[at]gothumbnails.com.

2. Introduction

This Privacy Policy explains how GoThumbnails ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our AI-powered thumbnail generation service. We are committed to protecting your privacy and ensuring transparency about our data practices.

By using our service, you agree to the collection and use of information in accordance with this Privacy Policy.

3. Data We Collect

3.1 Account Information

  • Email address (for account creation and communication)
  • Name and profile information
  • Account preferences and settings

3.2 Subscription and Payment Data

  • Subscription plan details
  • Payment method information (processed securely through Stripe)
  • Billing address and information
  • Transaction history and invoices
  • Refund and cancellation records

3.3 User-Generated Content

  • Text prompts and scripts submitted for thumbnail generation
  • Video metadata and descriptions
  • Custom settings and preferences for image generation
  • Uploaded reference images or materials

3.4 Generated Content

  • AI-generated thumbnails and images
  • Processing history and generation parameters
  • Quality ratings and feedback

3.5 Usage Analytics and Tracking Data

  • Service usage patterns and statistics
  • Feature usage and user interactions
  • Performance metrics and error logs
  • A/B testing data

3.6 Technical Data

  • IP addresses and geolocation data
  • Device information (browser type, operating system)
  • Cookies and similar tracking technologies
  • Log files and technical diagnostics

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4.1 Contract Performance

  • Providing and maintaining our service
  • Processing payments and managing subscriptions
  • Customer support and service communications

4.2 Legitimate Interests

  • Improving our service and user experience
  • Analytics and performance monitoring
  • Security and fraud prevention
  • Internal business operations

4.3 Consent

  • Marketing communications (where required)
  • Non-essential cookies and tracking
  • Optional data processing activities

4.4 Legal Obligations

  • Tax record keeping
  • Compliance with applicable laws and regulations
  • Responding to legal requests

5. How We Use Your Data

We use your personal information for the following purposes:

  • Service Provision: Creating and managing your account, processing thumbnail generation requests, and delivering our core services
  • Payment Processing: Managing subscriptions, processing payments, and handling refunds
  • Communication: Sending service-related notifications, updates, and customer support responses
  • Improvement: Analyzing usage patterns to enhance our service and develop new features
  • Security: Protecting against fraud, abuse, and security threats
  • Legal Compliance: Meeting our legal and regulatory obligations

6. Third-Party Services & Data Sharing

We work with trusted third-party service providers to deliver our service. Your data may be shared with:

6.1 Infrastructure Providers

  • Supabase: Database hosting and backend services (data processing and storage)
  • Microsoft Azure: Cloud storage for generated images and backups

6.2 Authentication Services

  • Google: User authentication and login services (when using Google Sign-In)

6.3 Payment Processing

  • Stripe: Secure payment processing and subscription management

6.4 AI Services

  • Replicate: AI-powered image generation and processing

6.5 Analytics

  • Affonso: Usage analytics and service performance monitoring

All third-party providers are carefully selected and required to maintain appropriate data protection standards. We ensure data processing agreements are in place where required by law.

7. Data Retention & Deletion

7.1 Account Data

  • Account information is retained while your account is active
  • After account deletion, most personal data is removed within 30 days
  • Some data may be retained longer for legal or security purposes

7.2 Generated Content

  • Generated thumbnails and images are stored for the duration of your subscription
  • Content may be retained for up to 90 days after subscription cancellation for recovery purposes
  • You can request immediate deletion of your generated content

7.3 Payment Records

  • Payment and billing information is retained for 7 years for tax and accounting purposes
  • Transaction records are kept in accordance with financial regulations

7.4 Analytics Data

  • Aggregated, anonymized analytics data may be retained indefinitely for service improvement
  • Personal identifiers are removed from long-term analytics storage

8. Refund Policy & Subscription Cancellation

8.1 Refund Policy

  • Users may request a full refund within 7 days of their initial subscription purchase
  • Refund requests must be submitted through our customer support
  • Refunds are processed through the original payment method within 5-10 business days

8.2 Subscription Cancellation

  • Subscriptions can be cancelled at any time through your account settings
  • Cancelled subscriptions remain active until the end of the current billing period
  • No automatic renewal occurs after cancellation
  • Access to premium features ends at the subscription expiry date

9. Your Rights (GDPR Compliance)

Under applicable data protection laws, you have the following rights:

9.1 Right to Access

Request a copy of the personal data we hold about you

9.2 Right to Rectification

Request correction of inaccurate or incomplete personal data

9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data under certain circumstances

9.4 Right to Data Portability

Request transfer of your data to another service provider in a structured format

9.5 Right to Object

Object to processing of your personal data for certain purposes

9.6 Right to Restrict Processing

Request limitation of how we process your personal data

9.7 Right to Withdraw Consent

Withdraw consent for processing activities that require consent

To exercise any of these rights, please contact us at privacy@gothumbnails.com. We will respond to your request within 30 days (or as required by applicable law).

10. Security Measures

We implement comprehensive security measures to protect your personal data:

10.1 Technical Safeguards

  • End-to-end encryption for data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Secure API endpoints and authentication
  • Regular security updates and patches

10.2 Access Controls

  • Multi-factor authentication for administrative access
  • Role-based access controls for team members
  • Regular access reviews and permission audits

10.3 Monitoring & Auditing

  • Continuous security monitoring and threat detection
  • Regular security assessments and penetration testing
  • Incident response procedures and breach notification protocols

11. International Data Transfers

As we operate globally and use international service providers, your data may be transferred outside your country of residence:

11.1 EU Data Transfers

  • Data transfers from the EU to third countries are protected by Standard Contractual Clauses (SCCs)
  • We ensure adequacy decisions are in place where applicable
  • Additional safeguards are implemented for transfers to countries without adequacy decisions

11.2 Safeguards

  • All international transfers comply with applicable data protection laws
  • We maintain data processing agreements with all international providers
  • Regular assessments ensure ongoing compliance with transfer requirements

12. Cookies & Tracking Technologies

12.1 Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Core functionality and user preferences

12.2 Analytics Cookies

  • Usage statistics and performance monitoring (Affonso)
  • Service improvement and optimization data
  • Error tracking and debugging information

12.3 Cookie Management

  • You can manage cookie preferences through your browser settings
  • Disabling certain cookies may affect service functionality
  • We provide clear information about cookie usage upon first visit

13. Children's Privacy

13.1 Age Restrictions

  • Our service is not intended for children under 13 years of age (or 16 in the EU)
  • We do not knowingly collect personal information from children
  • Users must confirm they meet the minimum age requirement

13.2 Parental Rights

  • Parents can request access to or deletion of their child's data
  • We will verify parental identity before processing such requests
  • Immediate account termination if we discover underage usage

14. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

14.1 Right to Know

  • Categories and specific pieces of personal information collected
  • Sources of personal information and business purposes
  • Third parties with whom we share personal information

14.2 Right to Delete

Request deletion of personal information we have collected

14.3 Right to Opt-Out

Opt-out of the sale of personal information (we do not sell personal information)

14.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights

15. Updates & Changes to This Policy

15.1 Policy Updates

  • We may update this Privacy Policy to reflect changes in our practices or legal requirements
  • Material changes will be communicated via email or prominent notice on our website
  • Continued use of our service after changes constitutes acceptance of the updated policy

15.2 Notification Process

  • 30 days advance notice for material changes
  • Immediate notification for changes required by law
  • Historical versions available upon request

16. Jurisdiction & Dispute Resolution

16.1 Governing Law

This Privacy Policy is governed by the laws of the Netherlands and applicable EU regulations.

16.2 Supervisory Authority

EU residents have the right to lodge complaints with their local data protection authority:

  • Netherlands: Autoriteit Persoonsgegevens (AP)
  • Website: autoriteitpersoonsgegevens.nl
  • Email: info@autoriteitpersoonsgegevens.nl

16.3 Dispute Resolution

  • Good faith efforts to resolve privacy disputes directly
  • Mediation services available for unresolved disputes
  • Legal proceedings in Dutch courts as a last resort

17. Data Breach Notification

In the event of a data breach that poses a risk to your personal data:

  • We will notify the relevant supervisory authority within 72 hours
  • Affected users will be notified without undue delay
  • We will provide clear information about the breach and remedial actions

18. Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • User data may be transferred as part of the business transaction
  • Users will be notified of any ownership changes
  • Privacy protections will continue under the new ownership

19. Contact Information for Privacy Matters

For all privacy-related inquiries:

Email: support@gothumbnails.com