Privacy Policy

IronEagle ("we", "us", "our") operates the IronEagle platform at ironeagle.ai and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use our Service. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you register, we collect your name, email address, username, and password. If you sign in via third-party providers (Google, GitHub, Discord), we receive your public profile information from those services.
• Payment Information: When you purchase credits or subscriptions, our payment processor (Stripe) collects your billing details. We do not store your full credit card number on our servers.
• Content & Prompts: Text prompts, uploaded images, videos, audio files, and any other content you submit to generate or edit media using our AI tools.
• Profile Information: Optional details such as your bio, avatar, social links, and portfolio content you choose to make public.
• Communications: Messages you send to our support team, feedback, survey responses, and community forum posts.

1.2 Information Collected Automatically

• Device & Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Usage Data: Pages visited, features used, generation history, timestamps, click patterns, and session duration.
• Cookies & Similar Technologies: We use cookies, local storage, and pixel tags to maintain sessions, remember preferences, and analyze usage. See our Cookie Policy for details.
• Log Data: Server logs recording requests, referral URLs, error reports, and performance metrics.

1.3 Information from Third Parties

• OAuth Providers: Public profile data from Google, GitHub, or Discord when you link accounts.
• Analytics Partners: Aggregated and anonymized usage data from analytics services we employ.
• AI Model Providers: We send your prompts and uploaded reference media to third-party AI model providers to generate content. These providers may process data according to their own privacy policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To operate, maintain, and improve the platform, process AI generations, manage your account, and deliver support.
• Personalization: To customize your experience, recommend content, and remember your preferences and workspace settings.
• Billing & Transactions: To process payments, manage subscriptions, issue invoices, and prevent fraud.
• Communication: To send transactional emails (account verification, billing receipts, security alerts), and with your consent, marketing communications about new features, promotions, and content.
• Safety & Security: To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
• Analytics & Improvement: To understand usage patterns, diagnose technical issues, and improve our AI models, UX, and infrastructure.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Contractual Necessity: Processing required to perform our contract with you (e.g., providing the Service, managing your account).
• Legitimate Interests: Processing for our legitimate business interests (e.g., analytics, security, fraud prevention), balanced against your data protection rights.
• Consent: Where you have given explicit consent (e.g., marketing emails, optional cookies). You may withdraw consent at any time.
• Legal Obligation: Processing required to comply with EU/UK law.

4. Data Sharing & Third Parties

We do not sell your personal data. We share information only in the following circumstances:

• AI Model Providers: Your prompts and reference images/videos are sent to third-party AI providers (e.g., Google Veo, Nano Banana) to generate content. These providers act as data processors under our instructions.
• Payment Processors: Stripe processes your payment information under their own privacy policy and PCI DSS compliance.
• Cloud Infrastructure: We use cloud hosting providers (e.g., Vercel, Cloudflare R2) to store and serve your content securely.
• Analytics Services: Anonymized and aggregated usage data may be shared with analytics partners to help us understand and improve the Service.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or to protect our rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

5. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
• Generated Content: AI-generated images and videos are stored in your workspace for as long as your account is active. Deleted content is purged from our servers within 30 days.
• Usage Logs: Anonymized server logs are retained for up to 12 months for analytics and security purposes.
• Billing Records: Transaction records are retained for 7 years as required by financial regulations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Rights Under GDPR (EEA/UK)

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Automated Decision-Making: Right not to be subject to decisions based solely on automated processing.

6.2 Rights Under CCPA (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at privacy@ironeagle.ai. We will respond within 30 days (or as required by applicable law).

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our infrastructure providers operate. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data Processing Agreements (DPAs) with all sub-processors.
• Encryption in transit (TLS 1.3) and at rest (AES-256).

8. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Secure authentication with bcrypt password hashing and optional two-factor authentication.
• Regular security audits and vulnerability assessments.
• Role-based access control and principle of least privilege for internal systems.
• DDoS protection and WAF (Web Application Firewall) via Cloudflare.
• Automated monitoring and incident response procedures.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@ironeagle.ai.

9. Children's Privacy

The Service is not intended for users under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@ironeagle.ai.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate the Service and collect usage data. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. AI-Generated Content

• Prompt Processing: Your text prompts and uploaded reference media are transmitted to third-party AI model providers to generate content. We do not use your prompts or generated content to train our own AI models without your explicit consent.
• Content Ownership: Subject to our Terms of Service, you retain rights to your original prompts and uploaded content. Ownership of AI-generated outputs is governed by applicable law and our Terms.
• Content Moderation: We may review generated content to enforce our content policies and prevent misuse (e.g., CSAM, deepfakes of real persons without consent, violent extremism).
• Third-Party AI Providers: Each AI model provider has their own data processing practices. We select providers with strong data protection commitments and establish DPAs where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending you an email notification or displaying an in-app notice. Your continued use of the Service after such changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us: