Privacy Policy

The controller responsible for your personal data is Insight Photo, a Dutch general partnership (vennootschap onder firma), KvK number 85236942, VAT number NL863556449B01, registered at Spoorlaan 29, 3645 EK Vinkeveen, Netherlands. For any privacy-related questions, contact us at hello@we-edit.app. We have not appointed a Data Protection Officer as we are not required to do so under Article 37 GDPR; privacy requests are handled directly by the partners.

Account data (name and email address from our authentication provider, organization membership); uploaded images and associated project metadata (titles, tags, edit selections); processed images and exports generated by our AI pipeline; payment metadata from our payment provider (transaction ID, amount, status — we never see card numbers); technical data (IP address, browser, timestamps) in server and error logs used for security and diagnostics.

We process your personal data on the following Article 6 GDPR bases: (a) performance of a contract — to provide the editing service you signed up for; (b) legal obligation — to retain invoices and transaction records for tax and accounting purposes; (c) legitimate interests — to secure and improve the service, prevent abuse, and communicate about your projects.

We use your data to deliver and operate the editing pipeline, bill for credits and issue invoices, provide customer support, send service notifications (project completion, payment receipts), detect abuse and fraud, and produce aggregated, non-identifying usage statistics. We do not sell your personal data and we do not use it for advertising profiling.

Your uploaded images, prompts, and generated outputs are NOT used to train AI models — ours or anyone else's. Our AI providers are bound by their enterprise API terms not to use customer content for training. Images are sent to these providers solely to perform the specific edit you requested and are not retained by them beyond the processing window permitted by their terms.

Real estate photos occasionally capture identifiable individuals (neighbours, passers-by, staff), vehicle number plates, or personal belongings. The organization uploading the photos is the controller for this incidental personal data and must ensure an appropriate legal basis (e.g., consent, legitimate interest) for its processing. If you appear in a photo processed through WeEdit and want it removed, contact us at hello@we-edit.app and we will work with the uploading organization to resolve the request.

Our image editing is automated, but it does not produce legal or similarly significant effects on you within the meaning of Article 22 GDPR. You always choose which edits to apply, and you can re-process, reject, or delete any output.

Account and organization records, uploaded images, and processed outputs are retained for as long as your account is active, and are permanently deleted 30 days after account closure (this grace period allows account restoration and accidental-deletion recovery). Invoices and transaction records are retained for 7 years to comply with Dutch tax law. Server logs are retained for up to 90 days. You can request earlier deletion at any time, subject only to legal retention obligations.

We rely on a small number of carefully selected processors to operate the service: an authentication provider, a payment provider (EU-based), a cloud hosting and storage provider (with our image storage pinned to the EU), and AI processing providers for the editing pipeline. Each acts as a processor on our behalf under a Data Processing Agreement.

Your data is shared only with the categories of processors described above. A current subprocessor list — including company name, role, and processing location — is available on request at hello@we-edit.app. We will update this policy before onboarding any new subprocessor that materially changes how your data flows.

We only use strictly necessary cookies — for authentication, session management, and security. These are required for the service to work and do not require consent under Article 5(3) of the ePrivacy Directive. We do not use analytics, advertising, or cross-site tracking cookies, and we do not run any third-party tags that profile you.

You have the right to access your personal data, rectify inaccurate data, erase your data ('right to be forgotten'), receive your data in a portable format, restrict or object to processing, and withdraw any consent you have given. You also have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. To exercise any of these rights, contact hello@we-edit.app — we respond within one month as required by Article 12 GDPR.

If you believe we have mishandled your personal data, you can lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with the supervisory authority in the EU Member State where you live or work. We would appreciate the chance to address your concern first — please reach out to hello@we-edit.app.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including TLS in transit, encryption at rest on Cloudflare R2, least-privilege access controls, and logged administrative actions. No system is perfectly secure; we will notify you and the supervisory authority of any breach that affects your data as required by Articles 33 and 34 GDPR.

Your uploaded images and project data are stored in the European Union. Some subprocessors — notably the authentication provider and the AI processing providers — are based in the United States or operate globally. Those transfers rely on the EU–US Data Privacy Framework (for certified providers) and/or the European Commission's Standard Contractual Clauses, together with any additional safeguards required by the Schrems II judgment.

We may update this Privacy Policy to reflect changes in our service, our subprocessors, or the law. When we make material changes, we will update the effective date at the top of this document and notify you by email or through an in-app notice before the change takes effect.

For privacy questions or to exercise your rights, contact us at hello@we-edit.app. Postal mail can be sent to Insight Photo, Spoorlaan 29, 3645 EK Vinkeveen, Netherlands.