Privacy Policy

Effective Date: February 25, 2026

1. Introduction

Prospolabs ("we," "us," or "our") operates a business-to-business (B2B) face swap inference API platform available at prospolabs.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name (optional), and company name (optional). This information is used to manage your account and communicate with you about the Service.

2.2 Payment Information

Payments are processed through our third-party payment provider, Razorpay. We do not store your credit card number, bank account details, or other financial instrument data on our servers. We receive and store transaction records including amounts, dates, and payment status.

2.3 API Usage Data

We automatically collect information about your use of the API, including: API requests and response metadata, timestamps, IP addresses, request parameters (excluding image content), error logs, and rate limit usage. This data is used for billing, security monitoring, and service improvement.

2.4 Device & Browser Information

When you access our website, we may collect browser type, operating system, device identifiers, referring URLs, and pages visited.

3. Face & Image Data Processing

This section specifically addresses how we handle images submitted through our face swap API, as we understand the sensitivity of facial image data.

  • Real-time processing only. Images submitted to our API are processed in real-time to generate the face swap output. We do not permanently store source images or output images after processing is complete.
  • No model training. Your images are never used to train, fine-tune, or improve our AI models or any third-party models. Input images are used solely for the purpose of generating the requested inference output.
  • No third-party sharing. We do not share, sell, license, or distribute your submitted images to any third party for any purpose.
  • Temporary caching. Images may be temporarily cached in server memory during processing. This cache is cleared automatically once the inference is complete and the result is delivered to you.
  • No biometric extraction. We do not extract, store, or create biometric identifiers or biometric templates from submitted images. Our service performs visual transformation only.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process API requests and deliver inference results
  • Process payments and manage your credit balance
  • Send transactional communications (billing receipts, account alerts, API key notifications)
  • Monitor for abuse, fraud, and terms of service violations
  • Enforce rate limits and usage quotas
  • Respond to support requests
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for targeted advertising.

5. Data Sharing & Third-Party Services

We share personal information only with the following categories of service providers, and only to the extent necessary to operate the Service:

  • Authentication: Supabase: manages user accounts and authentication.
  • Payment Processing: Razorpay: processes credit purchases and billing.
  • Cloud Infrastructure: Cloud service providers that host our API and process inference workloads.

Each service provider is contractually obligated to handle your data in accordance with applicable privacy laws. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

  • Account data is retained for as long as your account is active. Upon account deletion, your personal data is removed within 30 days, except where retention is required by law.
  • Images submitted for inference are not retained after processing. See Section 3 for details.
  • API usage logs (excluding image content) are retained for up to 90 days for security and debugging purposes.
  • Transaction records are retained for up to 7 years to comply with financial and tax regulations.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • API key-based authentication for all API access
  • Rate limiting to prevent abuse
  • Regular security reviews and monitoring
  • Access controls limiting employee access to personal data

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

8.1 For Users in the European Economic Area (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten")
  • Port your data to another service in a machine-readable format
  • Object to or restrict certain types of processing
  • Withdraw consent where processing is based on consent

Our legal bases for processing are: performance of a contract (providing the Service), legitimate interests (security, fraud prevention), and compliance with legal obligations.

8.2 For Users in California (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

To exercise any of these rights, contact us at support@prospolabs.com. We will respond within 30 days.

9. International Data Transfers

Your information may be processed on servers located outside your country of residence. When we transfer data internationally, we use appropriate safeguards such as standard contractual clauses to ensure your data is protected in accordance with this policy and applicable law.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Prospolabs
Email: support@prospolabs.com
Website: prospolabs.com