Privacy Policy

This Privacy Policy explains how galx.ai (“galx.ai”, “we”, “us”, or “our”) collects, uses, and shares information about you when you use our website, applications, and services (collectively, the “Service”). By using the Service you agree to the terms below.

1. Information we collect

We collect information you provide directly, information we get from your use of the Service, and limited information from third parties such as authentication providers.

1.1 Account data

• Email address, display name, and avatar URL when you sign up.
• Authentication identifiers from Firebase Authentication or social login providers you choose to connect.
• Billing details (plan tier, credit balance, Stripe customer ID). Card numbers are never stored on our servers — Stripe is the merchant of record.

1.2 Content data

• Prompts, trait selections, generated images, and remix seeds you create or save inside the forge.
• Community posts, comments, likes, and saves when you participate in the public gallery.

1.3 Usage and device data

• IP address, user agent, referrer, and approximate location (city / country) for security and rate-limiting.
• Anonymous analytics events (page views, button presses) via a privacy-respecting analytics provider.

2. How we use information

• Provide the Service — generate avatars, store your library, render the community feed, and process billing.
• Improve the Service — aggregate usage trends, detect abuse, and tune generation models.
• Communicate — send transactional emails (receipts, security alerts) and, with your consent, product updates.
• Comply with law — respond to valid legal requests and enforce our Terms.

3. Sharing and disclosure

We do not sell your personal information. We share data only with:

• Service providers — Firebase / Google Cloud (auth, database, storage), OpenRouter (image generation), Stripe (payments), and our email provider. Each is bound by a data-processing agreement.
• The public gallery — anything you post to the community gallery is public by design. Remove a post to take it down.
• Legal — when we believe in good faith that disclosure is necessary to comply with a law, court order, or to protect our rights or the safety of others.

4. Cookies and local storage

We use a small number of first-party cookies and browser storage for session management, theme preference, and the remix-seed handoff. See our Cookie Policy for details.

5. Data retention

Account data is retained for the life of your account and deleted within 30 days of closure. Generated content is retained until you delete it. Backups may persist for up to 90 additional days before being overwritten.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Email privacy@galx.ai to exercise these rights. We respond within 30 days.

7. Security

We encrypt data in transit (TLS 1.2+) and at rest, require Firebase App Check on sensitive endpoints, and run periodic dependency audits. No system is perfectly secure; if we discover a breach affecting you, we will notify you in accordance with applicable law.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has created an account, contact us and we will delete it.

9. International transfers

We are based in the United States and use providers in the US, EU, and globally. Where required, we rely on Standard Contractual Clauses for cross-border transfers.

10. Changes to this policy

We will post any material changes here and, for significant changes, notify you by email at least 14 days before they take effect.

11. Contact

galx.ai · privacy@galx.ai