Privacy Policy

Last updated: February 2026

Data controller

The data controller for your personal data is VIRTUASHIELD SL, NIF B87143467, domiciled in Spain. You can contact us regarding any data protection matter at hello@ailbum.com.

Data we collect

We collect the following categories of personal data:

  • Account information: When you sign in through GitHub OAuth, we receive your GitHub username, email address, and avatar URL. This information is used to create and maintain your AiLBUM profile.
  • Profile information: Any additional information you choose to add to your profile, such as a display name, bio, or links.
  • Creations: The content you upload and publish on AiLBUM, including images, descriptions, tags, and associated metadata.
  • Usage data: Basic analytics information such as page views, interactions (boosts, questions), and timestamps. We do not use third-party tracking cookies or advertising trackers.
  • Payment data: If you purchase the Supporter tier, payment is handled by Stripe. We do not store your credit card details. Stripe may share with us your name, email, and transaction ID for record-keeping purposes.

Why we process your data

We process your personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve the AiLBUM platform, including account management, content hosting, and feature access.
  • Content moderation: To review creations submitted to the platform and enforce our content guidelines.
  • Analytics: To understand how users interact with the platform and improve the experience. We use aggregate, anonymised data wherever possible.
  • Communication: To send you important service-related notifications (e.g., creation approval, account updates). We do not send marketing emails without your explicit consent.
  • Payment processing: To process Supporter tier purchases and maintain financial records as required by law.

Legal basis (GDPR)

We process your data under the following legal bases as defined by the General Data Protection Regulation:

  • Contract: Processing necessary to provide you with the AiLBUM service you signed up for (account creation, content hosting, Supporter tier delivery).
  • Legitimate interest: Processing necessary for platform security, fraud prevention, content moderation, and aggregate analytics to improve the service.
  • Consent: Where applicable, such as for optional marketing communications. You can withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable laws, such as financial record-keeping for transactions.

Third-party services

We rely on the following third-party services to operate AiLBUM. Each processes data in accordance with their own privacy policies:

  • Supabase: Authentication, database, and file storage. Your account data, profile, and creations are stored in Supabase infrastructure. Supabase Privacy Policy.
  • Vercel: Website hosting and edge delivery. Vercel processes server logs that may include IP addresses and user agent strings. Vercel Privacy Policy.
  • Stripe: Payment processing for the Supporter tier. Stripe handles all credit card information directly and is PCI-DSS compliant. Stripe Privacy Policy.

We do not sell your personal data to any third party.

Data retention

We retain your personal data for as long as your account is active or as needed to provide you with the service. Specifically:

  • Account data: Retained until you delete your account.
  • Creations: Retained until you delete them or your account. Deleted creations are removed from our storage within 30 days.
  • Payment records: Retained for a minimum of 5 years as required by Spanish tax law.
  • Server logs: Automatically deleted after 90 days.

When you delete your account, we will erase your personal data within 30 days, except where retention is required by law.

Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can update or correct your personal data at any time through your profile settings or by contacting us.
  • Erasure: You can request the deletion of your personal data. We will comply unless retention is required by law.
  • Portability: You can request your data in a structured, commonly used, machine-readable format.
  • Restriction: You can request that we restrict processing of your data in certain circumstances.
  • Objection: You can object to processing based on legitimate interest.

To exercise any of these rights, contact us at hello@ailbum.com. We will respond within 30 days.

Cookies

AiLBUM uses a minimal number of cookies, all of which are strictly necessary for the platform to function:

  • Session cookies: Used by Supabase Auth to keep you signed in. These are essential for authentication and expire when your session ends.
  • Theme preference: We store your dark/light mode preference in localStorage (not a cookie). This stays on your device and is never sent to our servers.

We do not use advertising cookies, social media tracking pixels, or any third-party analytics cookies.

International data transfers

Some of our third-party service providers (Supabase, Vercel, Stripe) may process data outside the European Economic Area. These providers offer appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission.

Contact and complaints

For any questions, concerns, or requests related to your personal data, contact us at hello@ailbum.com.

If you believe that your data protection rights have been violated and we have not adequately addressed your concern, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Espanola de Proteccion de Datos, AEPD) at www.aepd.es.

Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. Your continued use of AiLBUM after changes are posted constitutes your acceptance of the revised policy.