Last updated: March 17, 2026
1. Information We Collect
Account Data: When you register, we collect your email address and a securely hashed
version of your password. If you use Google Sign-In, we receive your email and Google profile ID.
Usage Data: We collect data about your interactions with the Service, including
generation prompts, token usage, and feature usage to improve the platform.
Generated Content: Thumbnails you generate are temporarily stored on our servers
(Amazon S3) and are subject to the gallery expiration policy.
2. Cookies & Local Storage
ThumbGen.pro uses minimal browser storage:
- Authentication Token (localStorage): A JWT token stored in your browser's
localStorage to keep you signed in. This is not a cookie and is not sent to third parties.
- Session Data (localStorage): Your email, token balance, and account status are
cached locally for a smooth experience.
- Google OAuth Cookie: If you use Google Sign-In, a temporary session cookie is
used during the authentication handshake (required by the OAuth protocol).
We do NOT use: Third-party tracking cookies, advertising cookies, analytics cookies
(e.g., Google Analytics), or any fingerprinting technologies.
3. How We Use Your Data
Your data is used solely to: (a) provide and maintain the Service, (b) process AI generation
requests, (c) manage your account and token balance, (d) send password reset emails when requested,
(e) communicate service updates.
4. Third-Party Services
We use the following third-party services that may process your data:
- Amazon Web Services (AWS): For data storage (DynamoDB, S3) and hosting (App
Runner). Data is stored in the us-east-1 region.
- AI Providers: Your prompts and reference images are sent to third-party AI
services for image generation and editing. See OpenAI's Privacy Policy and Google's Privacy Policy.
- Amazon WorkMail: For sending transactional emails (password resets).
5. Data Retention
Account data is retained as long as your account is active. Generated images are retained according
to the gallery expiration policy (currently displayed on each gallery item), after which they are
permanently deleted from our servers.
6. Your Rights
You have the right to: (a) access the personal data we hold about you, (b) request deletion of your
account and data, (c) export your generated images before they expire, (d) opt out of non-essential
communications.
To exercise these rights, email us at support@edgewaysoft.com.
7. Data Security
We use industry-standard security measures including encrypted passwords (bcrypt), JWT
authentication, HTTPS encryption in transit, and AWS security infrastructure. However, no system is
perfectly secure.
8. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect data from children
under 13.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or
in-app notice.
10. Contact
For privacy-related inquiries, contact us at support@edgewaysoft.com.
