Privacy Policy

soralab is an AI image processing tool. To run that service we store the minimum personal data needed: your account email, your uploaded image while a job is processing, and the resulting output for a short window so you can download it.

• We don't sell your data. Ever.
• We don't train models on your uploads. Your images go to our AI providers only to process the job you asked for.
• Inputs are deleted within ~1 hour; outputs remain until you delete the job from your history.

Account data. Email address, password hash, full name (optional), and OAuth identifier if you sign in with Google.

Job data. The original image you upload, the service you asked for (Upscale / Remove BG / etc.), and the resulting image. We also keep usage metadata: timestamp, credit cost, status, and the AI provider that handled the job.

Billing data. If you subscribe, our payment processor (Lemon Squeezy) handles your card details — soralab never sees them. We store the subscription status, plan, and invoice IDs.

Operational logs. Standard server logs (IP address, user agent, request path) kept for 30 days for abuse prevention and debugging.

• To run the AI image processing you requested.
• To bill your subscription and grant credits.
• To send transactional emails (sign-up confirmation, password reset, billing receipts). We only send marketing emails if you explicitly opt in.
• To investigate abuse, fraud, or violations of our Terms.
• To improve product quality through aggregated, anonymized analytics.

We use trusted infrastructure providers. Each one only receives the data strictly required to do its job:

• Supabase — database, authentication, file storage. Hosted in EU/US regions.
• NanoBanana — AI provider for Upscale and AI Enhance. Receives the input image only while the job runs.
• Bria.ai — AI provider for Remove Background and Colorize. Same usage pattern.
• Lemon Squeezy — payments processor and merchant of record. They handle card data; we don't.
• Vercel / Cloudflare — hosting and CDN. Standard server logs.

• Input images: deleted from temporary storage within approximately 1 hour after a job completes or fails.
• Output images: kept until you delete them from your history, or 90 days after account deletion.
• Account data: kept while your account is active. Deleted within 30 days of account deletion (some billing records retained per legal/tax obligations).
• Server logs: 30 days, then purged.

Wherever you live, you can ask us to:

• Export the data we hold about you.
• Correct anything that's wrong.
• Delete your account and associated data.
• Object to specific processing activities or restrict them.

Email support@soralab.xyz from your registered email and we'll handle the request within 30 days. Most actions (delete account, change email, export data) are also available directly in Settings.

We use only the cookies needed to keep you signed in (Supabase auth session) and remember your theme preference. We don't use third-party tracking, advertising, or behavioural-analytics cookies.

When we make material changes we'll update the "Last updated" date above and, if the change is significant, email registered users at least 14 days before it takes effect.