1. Who we are and who this applies to
This policy describes how Salven ("we", the "Service") collects, uses, and stores data from users of salven.ai and related services. It applies to anyone who visits the site, signs up, or makes a purchase.
2. What we collect
We collect the minimum that's technically required to run the Service:
- Account: email, display name, handle, avatar. If you sign in via Google or Telegram, we receive the corresponding identifier and public profile.
- Content: prompt text, uploaded source images, generation outputs, likes, community publication flags.
- Payments: transaction amounts, status, and the payment processor's reference. We never see or store your card details — those go directly to the processor.
- Technical data: IP address, browser type, language, time zone, event logs (sign-in/out, errors, API calls).
- Cookies and similar technologies: only functional ones (session, language/theme preference). No analytics or ad trackers on the site today.
3. Why we use it
- To provide the Service: render your generations, count credits, process payments.
- To protect users: detect abuse, block spam, enforce policy violations.
- To improve the product: triage errors, understand bottlenecks, fix bugs.
- To comply with the law: respond to lawful requests and retain records for legally required periods.
4. Who we share it with
We use independent processors to run the Service. They receive only what's needed for their specific function:
- OpenAI and fal.ai — prompt processing and model inference. They receive your prompts and source images, never your email or payment data.
- Cloudflare — CDN, DDoS protection, R2 storage for generation outputs and source uploads.
- Payment processor — handles top-ups. Card details flow directly to them; we never see them.
- Email provider — sends transactional emails (e.g. payment receipts).
We do not sell or rent your data to third parties for marketing.
5. How long we keep it
We aim to keep as little as possible:
- Account and content: while your account exists. After you delete your account, the data is removed within 30 days (except for what we're legally required to retain longer — e.g. tax records).
- Payment records: 4 years, per tax law.
- Logs and events: up to 90 days.
6. Where the servers are
Core infrastructure (web, queue, DB) runs in EU data centers. Generated assets are stored on Cloudflare R2's distributed network.
7. Your rights
- Get a copy of your data.
- Correct inaccuracies.
- Delete your account and all associated data.
- Withdraw consent for processing (this closes your account).
8. Children
The Service is not intended for anyone under 16. If we learn that an account belongs to a child, we remove it.
9. Changes to this policy
We may update this policy. Material changes are published here and, if you've given us an email, we send a notice. The last-updated date is at the top of the document.
10. Privacy contact
For any data-related questions, write to support@salven.ai.