Privacy Policy
Last updated: February 25, 2026
1. Overview
beautifi ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our platform, JavaScript plugin, APIs, and portal (the "Service").
2. Data We Collect
Account Data
When you create an account via Auth0, we collect your email address, display name, and authentication provider (Google, GitHub, or email). We store a hashed reference to your Auth0 identity in our database.
Image Processing
When our crawler scans your website, we collect publicly accessible image URLs, associated page URLs, alt text, and image dimensions. We do not download or store copies of your images — we only store metadata (URLs and settings).
Usage Data
We collect aggregate API usage statistics (request counts, response times) for rate limiting and service monitoring. Individual request content is not logged or stored.
Analytics
Our portal tracks anonymized usage events (page views, feature usage) for product improvement. No personally identifiable information is included in analytics data. You can opt out of analytics tracking in your portal settings.
3. How We Use Your Data
- To provide and improve the Service
- To validate API keys and enforce rate limits
- To deliver animation settings to the plugin
- To send service-related notifications (crawler completion, security alerts)
- To generate aggregate usage reports
We do not sell your data to third parties. We do not use your images for AI training.
4. Third-Party Services
We use the following third-party services:
- Auth0 — Authentication (stores login credentials)
- Google Cloud Platform — Infrastructure hosting (Firestore, Cloud Run)
- Google Gemini API — AI video generation (for managed tier users)
- Cloudflare — DNS and CDN
Each third-party service has its own privacy policy. For BYOK users, your Gemini API key is processed entirely in your browser — beautifi servers never see it.
5. Data Retention
Account data is retained while your account is active. Image metadata is retained until you delete it from the portal or close your account. API usage logs are retained for 90 days. Upon account deletion, all associated data is permanently removed within 30 days.
6. Security
- API keys are hashed with bcrypt before storage
- All data in transit is encrypted via TLS 1.3
- Data at rest is encrypted in Google Cloud Platform
- Authentication uses Auth0 with industry-standard security
- Firestore security rules restrict data access to the owning user
7. GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Access — Request a copy of your personal data
- Rectification — Correct inaccurate personal data
- Erasure — Request deletion of your personal data
- Portability — Export your data in a machine-readable format
- Restriction — Request limitation of data processing
- Objection — Object to data processing for specific purposes
To exercise these rights, email privacy@beautifi.uk. We will respond within 30 days.
8. Cookies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| appSession | Auth0 login session | Session |
| bf_analytics_opt_out | Analytics opt-out preference | Persistent |
We do not use tracking or advertising cookies.
9. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us for removal.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or portal notification. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For privacy questions or data requests, contact us at privacy@beautifi.uk.