Last updated: March 11, 2026
We collect information necessary to provide and improve the Service. The types of information we collect include: Account Information: • Google OAuth: name, email address, and profile picture • Email sign-up: email address Usage Data: • Generation types selected, AI models used, and style configurations • Credit transactions and billing history • Prompts and text content submitted for image generation • Timestamps, device type, browser type, and IP addresses Generated Content: • AI-generated images are stored on Cloudflare R2 • Generation metadata (prompts, settings, model used) is stored for your gallery and history Payment Information: • Payment transactions are processed by Lemon Squeezy. We do not store full payment card details. We receive transaction confirmation data including order IDs, amounts, and subscription status.
We process your personal data based on the following legal grounds under applicable data protection laws (including GDPR): • Contract Performance: Processing necessary to provide the Service, manage your account, and fulfill credit purchases and subscriptions. • Legitimate Interest: Processing for service improvement, security, fraud prevention, and analytics. • Consent: Where you have given explicit consent, such as for marketing communications. • Legal Obligation: Processing required to comply with applicable laws and regulations. You may withdraw consent at any time where processing is based on consent. This does not affect the lawfulness of processing prior to withdrawal.
We use your information for the following purposes: • Authentication and account management • Processing credit purchases and subscription billing • Sending your prompts and settings to Google Gemini API for image generation • Displaying your generation history and gallery • Service improvement, troubleshooting, and performance analytics • Sending service-related communications (order confirmations, important updates) • Ensuring security and preventing fraud We do not use your content to train AI models. Your prompts and generated images are processed through Google's Gemini API under a paid plan, which means Google does not use your inputs or outputs for model training. We do not sell your personal information. We do not use your data for targeted advertising.
Your data is stored on Cloudflare infrastructure: • Cloudflare D1 (SQLite): Account data, transactions, generation metadata • Cloudflare R2: Generated images • Cloudflare KV: Session data, rate limits, caching Data Retention: • Account data: Retained while your account is active and for 30 days after deletion request • Generation history and images: Retained while your account is active; deleted within 30 days of account deletion • Transaction records: Retained for up to 7 years as required for tax and legal compliance • Server logs: Retained for up to 90 days for security and debugging purposes You may request deletion of your account and associated data at any time by contacting support@powerfultinytool.org.
We share data only as necessary to operate the Service. Our third-party processors include: • Google (Gemini API): Receives your prompts and style settings to generate images. Under our paid plan, Google does not use your data for model training. Subject to Google's Privacy Policy and Generative AI Terms. • Lemon Squeezy: Processes payment transactions as the Merchant of Record. Receives billing information necessary to complete purchases. Subject to Lemon Squeezy's Privacy Policy (https://www.lemonsqueezy.com/privacy). • Cloudflare: Provides hosting, storage, and CDN services. Subject to Cloudflare's Privacy Policy. • Resend: Processes email delivery for verification codes and service communications. We do not sell your personal information. We may disclose information if required by law, to protect our rights, to prevent fraud, or in connection with a merger or acquisition. We do not share your data with advertisers or third parties for marketing purposes.
Your data may be processed and stored in jurisdictions outside your country of residence. Cloudflare operates a global network, and data may be processed in regions selected for performance optimization. When data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other mechanisms recognized under applicable data protection laws. By using the Service, you acknowledge that your data may be transferred to jurisdictions that may have different data protection standards than your country of residence.
We use the following cookies: • pm_token: Authentication session cookie (HTTP-only, secure, SameSite=Lax, 7-day expiry). Essential for maintaining your logged-in session. • Locale preference: Stores your language selection to personalize your experience. These cookies are strictly necessary for the Service to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can configure your browser to limit or block cookies, but this may prevent you from using the Service, as authentication requires the session cookie.
Depending on your jurisdiction, you may have the following rights regarding your personal data: • Right of Access: Request a copy of the personal data we hold about you • Right to Rectification: Correct inaccurate or incomplete personal data • Right to Erasure: Request deletion of your personal data • Right to Data Portability: Receive your data in a structured, machine-readable format • Right to Restrict Processing: Request limitation of processing in certain circumstances • Right to Object: Object to processing based on legitimate interest • Right to Withdraw Consent: Withdraw previously given consent at any time For users in the European Economic Area (EEA), these rights are guaranteed under the General Data Protection Regulation (GDPR). For California residents, the California Consumer Privacy Act (CCPA) provides similar rights including the right to know, delete, and opt-out of sale of personal information (we do not sell personal information). To exercise any of these rights, contact us at support@powerfultinytool.org. We will respond within 30 days of receiving your request.
We implement appropriate technical and organizational measures to protect your data: • Encryption in transit (TLS/HTTPS) for all data transmission • HTTP-only, secure cookies to prevent cross-site scripting attacks • JWT-based authentication with secure token management • Rate limiting to prevent abuse • Access to personal data restricted to authorized systems only • Cloudflare's enterprise-grade security infrastructure While we strive to protect your information, no system is completely secure. You are responsible for safeguarding your account credentials. Please notify us immediately at support@powerfultinytool.org if you suspect unauthorized access to your account.
The Service is not intended for users under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at support@powerfultinytool.org and we will take steps to delete such information promptly. If you are between 13 and 18 years of age, you should have a parent or guardian review these terms and supervise your use of the Service.
We may update this Privacy Policy from time to time. We will notify you of material changes by: • Posting the updated policy on the Service • Updating the "Last updated" date • Sending an email notification for significant changes Changes take effect 14 days after posting unless otherwise stated. We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance.
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about our data practices, please contact us: PowerfulTinyTool Email: support@powerfultinytool.org Website: https://postermaster.powerfultinytool.org For payment-related privacy inquiries, you may also contact Lemon Squeezy at https://www.lemonsqueezy.com/privacy. We will respond to your inquiry within 5 business days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.