Full Renovo Privacy Policy

Using the Service is voluntary. By deciding to use our services (including uploading a Photo), the User fully accepts the rules described in this document.

1. The joint controllers of your personal data (the "Joint Controllers") are: a) Maciej Fiłonowicz, 58-100 Świdnica, Poland. b) Krystian Flisak, 58-100 Świdnica, Poland.

2. The Joint Controllers have concluded an agreement under Art. 26 GDPR and appointed a shared contact point for all privacy matters.

3. Joint contact point: for any questions about data processing or the exercise of your rights, contact prospectcode@gmail.com.

Service: The Renovo website (https://www.renovophoto.cloud).

User: Any natural person who actively uses the Service (e.g. uploads a Photo).

GDPR: Regulation (EU) 2016/679.

Photo: A graphic file uploaded by the User.

1. Rendering the photo restoration service (contract performance) • Purpose: Processing the Photo with AI, handling the payment (Stripe) and delivering the download link. • Data scope: Email address, uploaded Photos, transaction data. • Legal basis: Art. 6(1)(b) GDPR (necessary to perform the contract).

2. Processing Photos (explicit consent) • Important: Photos may contain special-category data (biometric data, likeness). • Purpose: Automated processing solely to deliver the restoration service. • Legal basis: Art. 9(2)(a) GDPR (your explicit, informed and voluntary consent). • Key user statement: By uploading a Photo you represent that you have all required rights and consents (including from third parties visible in the Photo). You bear full responsibility for the legality of the material and indemnify the Joint Controllers from any third-party claims related to the Photo.

3. Fulfilling legal obligations • Purpose: Meeting tax or accounting duties. • Data scope: Transaction data. • Legal basis: Art. 6(1)(c) GDPR.

4. Establishing, pursuing or defending claims (legitimate interest) • Purpose: Protecting against or pursuing claims. • Data scope: Transaction data, email address, correspondence content. • Legal basis: Art. 6(1)(f) GDPR.

1. The restoration service relies on technology provided by Google LLC (Gemini API).

2. The User acknowledges and accepts that their Photo is temporarily transferred to Google infrastructure solely for processing.

3. Under the API terms, Google does not use these Photos to train its AI models.

4. The User understands that the process is fully automated and depends on a third-party "artificial intelligence" model. The Joint Controllers do not influence the final aesthetic outcome.

Only entities supporting us in delivering the Service gain access to your data:

1. Google LLC (or Google Ireland Limited): (a) to process the Photo via Gemini API; (b) to store Photos on Google Storage infrastructure for the period defined in § 7.

2. OVH SAS: To host the Service.

3. Stripe, Inc.: To handle payments.

4. Competent public authorities.

1. Because we use Google (USA) and Stripe (USA), your personal data (including Photos) is transferred to third countries, mainly the United States.

2. Transfers rely on Standard Contractual Clauses (SCCs) or other GDPR-compliant safeguards.

3. By using the Service, you acknowledge and accept that your data (including Photos) will be transferred to jurisdictions (USA) where data protection standards may differ from those in the EU and enforcing your rights may be more difficult.

1. Original and restored Photos are stored for 30 days from upload to let you download the file and handle complaints.

2. After 30 days both files (original and restored) are permanently deleted.

3. Transaction data and the billing email address are stored for the period required by tax law (typically five years).

You enjoy the following GDPR rights:

1. Access (Art. 15 GDPR).

2. Rectification (Art. 16 GDPR).

3. Erasure (Art. 17 GDPR) — e.g. you may ask us to delete Photos before the 30-day period ends.

4. Restriction of processing (Art. 18 GDPR).

5. Data portability (Art. 20 GDPR).

6. Objection (Art. 21 GDPR).

7. Withdrawal of consent to process the Photo (Art. 7(3) GDPR).

8. Complaint to a supervisory authority (the Polish DPA – PUODO).

To exercise your rights, contact prospectcode@gmail.com.

1. We implement technical and organisational measures such as SSL encryption to protect your data.

2. However, no Internet transmission or storage system is 100% secure.

3. You upload Photos being aware of this risk. The Joint Controllers are not liable for interceptions caused by third parties (e.g. hacking) or security gaps on the User's side (e.g. infected device, unsecured Wi-Fi).

1. The Service uses only strictly necessary (technical) cookies required for proper operation, session handling and payments.

2. We do not use analytics or marketing cookies. We do not track or profile Users.

We reserve the right to amend this Policy. The new version applies from the date it is published on the Service.

1. We apply GDPR standards as the primary framework.

2. We do not sell or "share" personal data within the meaning of the California CCPA/CPRA.