Back to home
FREN

Sublify

Privacy Policy

Last updated: May 9, 2026

At Sublify, we take your privacy seriously. This policy explains what data we collect, why, how long we keep it, and what your rights are — with full transparency.

1. Data Controller

The data controller for your personal information is:

Company : Gigaflux Studio (Sofiane Ben Ihaddadene)

Address : 34 rue Dauphine, 94370 Sucy-en-Brie, France

French business ID (SIRET) : 103 410 163 00010

DPO / GDPR contact email : contact@sublify.ai

2. Data Collected

Sublify only collects the data necessary to operate the service:

2.1 Account data

  • Email address (used for login and communications)
  • Password (stored encrypted, never in plain text)
  • Account creation date
  • Remaining credits and purchase history

2.2 Transformation data

  • Photographs you upload (originals)
  • Images generated by Sublify
  • Space type, mode (Faithful/Creative), embellishment options selected
  • Date and time of each transformation

2.3 Payment data

Payments are processed directly by Stripe. We do not store any banking data on our servers (card number, CVV, etc.). Stripe only sends us a transaction identifier and payment status.

2.4 Technical data

  • IP address (for security and abuse prevention)
  • Browser type and operating system
  • Pages visited and actions taken (analytics)
  • Cookies (see our Cookie Policy)

3. Purposes and Legal Bases

Your data is processed for the following purposes:

Account creation and managementPerformance of contract (GDPR art. 6.1.b)
Providing image transformation servicePerformance of contract
Payment processingPerformance of contract
Sending transactional emails (confirmation, invoices)Performance of contract
Sending marketing emails (newsletter, updates)Explicit consent (GDPR art. 6.1.a)
Analytics and service improvementLegitimate interest (GDPR art. 6.1.f)
Fraud and abuse preventionLegitimate interest
Compliance with legal obligations (invoices, accounting)Legal obligation

4. Retention Periods

  • User account: as long as the account is active, and up to 12 months after deletion (backups)
  • Uploaded and generated images: 30 days for free users, 90 days for users who have purchased a pack
  • Payment data: 10 years (French legal accounting obligation)
  • Technical logs: 12 months maximum
  • Analytics data: 14 months maximum (anonymized beyond)

Images can be deleted earlier upon explicit user request.

5. Subprocessors and Third-party Services

To operate Sublify, we use the following services. Each is bound by confidentiality commitments compliant with the GDPR:

Vercel Inc. (United States)Website hosting
Supabase (EU — Frankfurt)Database and authentication
Stripe (United States / EU)Payment processing
Resend (United States)Transactional email delivery
Cloudflare R2 (EU)Image storage
Replicate (United States)Third-party AI service for image generation
Google Analytics 4 (United States)Audience analytics (with your consent)

For data transfers outside the EU (Vercel, Stripe, Resend, Replicate, Google), these companies rely on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of protection equivalent to that of the EU.

Regarding images uploaded to Replicate: images transmitted to the generation service are kept by Replicate for a maximum of 1 hour via their API, then automatically deleted. Replicate commits to not using these images for any purpose other than the requested generation.

6. Your Images, Your Property

Sublify does NOT use your photographs to train AI models, create training datasets, or sell your data to third parties.

Your original photographs and generated images belong exclusively to you. Sublify only accesses these images to the extent necessary to provide the service (generation, storage, display in your history).

7. Your Rights (GDPR)

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your data:

  • Right of access — obtain a copy of the data we hold about you
  • Right to rectification — correct inaccurate data
  • Right to erasure (“right to be forgotten”) — delete your account and data
  • Right to restrict processing
  • Right to data portability — receive your data in a structured format
  • Right to object to processing based on legitimate interest
  • Right to withdraw consent at any time (for processing based on consent)
  • Right to lodge a complaint with the CNIL (French Data Protection Authority): cnil.fr

To exercise these rights, contact us at contact@sublify.ai. A response will be provided within 30 days maximum.

8. Security

Sublify implements technical and organizational measures to protect your data:

  • HTTPS encryption across the entire site
  • Passwords stored as cryptographic hashes (never in plain text)
  • Databases and storage hosted on certified infrastructure
  • Restricted access to data on a strict need-to-know basis
  • Regular and encrypted backups

While no system is infallible, we commit to applying industry standards and to notifying you within 72 hours of any data breach, in accordance with the GDPR.

9. Minors

Sublify is not intended for individuals under 16 years of age. We do not knowingly collect data about minors. If you are a parent and believe your child has provided us with information, contact us for its deletion.

10. Modifications

This policy may be updated to reflect service changes, legal requirements, or new features. The last update date is indicated at the top of this page. In the event of substantial changes, you will be notified by email.

11. Contact

For any questions regarding this policy or the processing of your data, you can contact us at contact@sublify.ai. A response will be provided within 48 business hours.