Back home
Legal

Privacy Policy

Last updated: May 16, 2026 Effective: May 16, 2026

This Privacy Policy describes how Shhots AI (“Shhots,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you access or use the website located at https://shhots.ai and any related services, applications, tools, APIs, or features offered by Shhots (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not access or use the Service.

Notice to Users in the European Economic Area, United Kingdom, and California: Additional rights and disclosures applicable to you are set forth in Sections 9 and 10 below.

1. Who We Are

Shhots AI is an artificial intelligence platform that enables users to generate product photography, marketing images, and video content. For the purposes of applicable data protection laws (including the EU General Data Protection Regulation and the UK General Data Protection Regulation, collectively “GDPR”), Shhots AI is the “data controller” of the personal information described in this Privacy Policy.

Shhots AI is a service offered by an entity organized under the laws of the State of Delaware, United States. Where a registered legal entity name is required, the operator of the Service may be referred to as “Shhots AI” or its corporate successor.

Contact: [email protected]

2. Information We Collect

We collect information in three ways: information you provide to us directly, information collected automatically through your use of the Service, and information we receive from third parties.

2.1 Information You Provide to Us

Account Information. When you create an account, we collect:

  • Your full name and email address (if you register directly with Shhots)
  • Your name, email address, and basic profile information (such as your Google profile picture) if you register using Google Sign-In through Google OAuth. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Payment Information. When you purchase a subscription, credits, or other paid features, payment is processed by our third-party payment processor, Razorpay Software Private Limited (“Razorpay”). Razorpay collects your payment card details, billing address, and other payment information directly. Shhots does not store, view, or have access to your full card number, CVV, or banking credentials. We receive only limited transaction data such as transaction ID, payment status, amount, currency, and the last four digits of your card or a masked identifier. Razorpay’s processing of your payment information is governed by Razorpay’s privacy policy, available at https://razorpay.com/privacy/.

Communications. If you contact us by email, through a support form, or via any other channel, we collect the contents of your communication, your email address, and any other information you choose to provide.

Inputs and Outputs. When you use the Service, you may submit text prompts, reference images, product images, brand assets, or other content (“Inputs”), and the Service generates images, videos, or other outputs (“Outputs”). Inputs and Outputs are processed transiently by Shhots and by our third-party AI service providers solely to deliver the Service to you. Shhots does not retain Inputs or Outputs after they have been delivered to your account, except (i) where you choose to save Outputs to your account or workspace, (ii) for short-term operational caching, (iii) for fraud prevention and safety enforcement, or (iv) where required to comply with legal obligations. We do not use your Inputs or Outputs to train or improve any artificial intelligence model.

2.2 Information Collected Automatically

When you access or use the Service, we and our service providers may automatically collect:

  • Device and connection data, including IP address, browser type and version, operating system, device type, screen resolution, language preferences, and approximate geographic location derived from your IP address.
  • Usage data, including pages or screens viewed, links clicked, time spent on pages, navigation paths, referring URLs, and timestamps.
  • Session interaction data, including mouse movements, clicks, scrolls, taps, and other interactions with our website, collected via session-analytics tools.
  • Cookies and similar technologies. See Section 6.

We collect this information using analytics and product-improvement tools, including:

  • Google Analytics (provided by Google LLC), to understand traffic sources, user demographics, and feature usage.
  • Microsoft Clarity (provided by Microsoft Corporation), to record and analyze anonymized session interactions for the purpose of improving the Service.

These third parties may collect information about your online activities over time and across websites in accordance with their own privacy practices. For more information, see https://policies.google.com/privacy and https://privacy.microsoft.com/.

2.3 Information From Third Parties

We may receive information about you from third-party authentication providers (such as Google), payment processors (such as Razorpay), service providers, fraud-prevention partners, and publicly available sources, in each case in accordance with the privacy practices of those third parties and applicable law.

2.4 What We Do Not Collect

We do not knowingly collect sensitive personal information such as government identifiers (passport, social security, Aadhaar, or similar), precise geolocation, biometric data, health information, racial or ethnic origin, political opinions, religious beliefs, or information about minors. Please do not submit any such information through the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and deliver the Service to you, including generating images, videos, and other Outputs in response to your Inputs.
  • Create, authenticate, and manage your account.
  • Process payments, issue invoices and receipts, and manage subscriptions and credits.
  • Respond to your inquiries, provide customer support, and send service-related communications such as transactional emails, security alerts, and administrative notices.
  • Analyze how users interact with the Service, measure performance, debug errors, and improve features, user experience, and reliability.
  • Detect, investigate, and prevent fraud, abuse, security incidents, illegal activity, and violations of our Terms of Service or applicable law.
  • Comply with legal obligations, respond to lawful requests from public authorities, and establish, exercise, or defend legal claims.
  • Send marketing communications about features, promotions, or offers, subject to your right to opt out at any time.
  • Aggregate or de-identify information so that it no longer identifies you, and use such aggregated or de-identified data for any lawful purpose, including business analytics and reporting.

We do not sell your personal information. We do not use your Inputs or Outputs to train artificial intelligence models.

4. How We Share Your Information

We share information only as described in this Privacy Policy. We do not sell, rent, or trade your personal information.

We may share information with:

  • Service Providers. Vendors, contractors, and service providers that perform services on our behalf, including cloud hosting, infrastructure, content delivery, analytics, customer support tooling, email delivery, fraud prevention, and artificial intelligence model providers that process Inputs and return Outputs. These providers are bound by contractual obligations to handle information consistent with this Privacy Policy and applicable law.
  • Payment Processor. Razorpay, to process payments and handle billing.
  • Authentication Providers. Google, where you use Google Sign-In.
  • Analytics Providers. Google (Google Analytics) and Microsoft (Microsoft Clarity), as described in Section 2.2.
  • Legal and Safety. Government authorities, law enforcement, regulators, courts, or other third parties where we believe in good faith that disclosure is necessary to (i) comply with a legal obligation, subpoena, court order, or other lawful request, (ii) protect the rights, property, or safety of Shhots, our users, or any other person, (iii) detect, investigate, prevent, or address fraud, security, or technical issues, or (iv) enforce our Terms of Service or other agreements.
  • Business Transfers. A successor entity in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, in which case information may be transferred as part of that transaction. We will use reasonable efforts to ensure that the recipient honors this Privacy Policy.
  • Professional Advisors. Our lawyers, accountants, auditors, insurers, and other professional advisors, where reasonably necessary.
  • With Your Consent. Any other party with your direction or consent.

We do not disclose the specific identities or commercial arrangements of our third-party artificial intelligence and infrastructure providers, which we consider confidential business information.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.

  • Account data is retained for the duration of your account and for a reasonable period thereafter for legal, accounting, fraud-prevention, and dispute-resolution purposes.
  • Inputs and Outputs are not retained after generation, except as described in Section 2.1.
  • Transactional and payment records are retained as required by applicable tax, accounting, and anti-money-laundering laws.
  • Analytics data is retained in accordance with the retention settings of the applicable analytics tools.
  • Communications (such as support emails) are retained for a reasonable period to support our business operations.

When we no longer have a lawful basis to retain your personal information, we will delete, anonymize, or aggregate it.

6. Cookies and Similar Technologies

We and our service providers use cookies, web beacons, pixels, local storage, and similar technologies (collectively, “Cookies”) to operate the Service, remember your preferences, authenticate sessions, measure usage, and improve the Service.

The categories of Cookies we use include:

  • Strictly necessary Cookies, which are essential to provide the Service (for example, to authenticate you and maintain your session).
  • Functional Cookies, which remember your preferences and settings.
  • Analytics Cookies, set by Google Analytics and Microsoft Clarity, to help us understand how the Service is used.

You can manage Cookies through your browser settings. Disabling certain Cookies may affect the functionality of the Service. Where required by law, we will obtain your consent before placing non-essential Cookies and provide a cookie consent mechanism on the Service.

We do not currently respond to “Do Not Track” browser signals, as no industry standard for such signals has been finalized.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit, access controls, and routine review of our security practices.

No system is fully secure. We cannot guarantee the absolute security of any information transmitted to or stored by us. You are responsible for safeguarding your account credentials and for any activity that occurs under your account. Notify us immediately at [email protected] if you suspect any unauthorized access.

8. International Data Transfers

The Service is operated from the United States, and we and our service providers may process information in the United States, the European Economic Area, the United Kingdom, India, and other countries. Data protection laws in these countries may differ from those in your country of residence.

Where required by law (including the GDPR), we rely on appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, or other lawful transfer mechanisms. You may contact us at [email protected] to obtain further information about the safeguards we have in place.

9. Notice to Users in the European Economic Area and United Kingdom

If you are located in the EEA, the United Kingdom, or Switzerland, the GDPR provides you with the following rights regarding your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Rectification. Request correction of inaccurate or incomplete information.
  • Erasure. Request deletion of your personal information, subject to certain exceptions.
  • Restriction. Request that we restrict processing of your personal information.
  • Objection. Object to our processing where we rely on legitimate interests, including for direct marketing.
  • Portability. Request that we transfer certain personal information to you or another controller in a structured, commonly used, machine-readable format.
  • Withdraw Consent. Withdraw your consent at any time where we rely on consent as the legal basis for processing.
  • Lodge a Complaint with your local supervisory authority. A list of authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en (EEA) and https://ico.org.uk/ (UK).

Legal bases for processing. Depending on the purpose, we rely on one or more of the following legal bases: performance of a contract with you, our legitimate interests (including operating, securing, and improving the Service), compliance with a legal obligation, or your consent.

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before responding.

10. Notice to California Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides you with the following rights regarding your personal information:

  • Right to Know. Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete. Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct. Request correction of inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale or Sharing. We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA.
  • Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes that would trigger this right under the CCPA.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the CCPA.

The categories of personal information we have collected in the past twelve months and the categories of sources, purposes, and recipients are described in Sections 2, 3, and 4 of this Privacy Policy.

To exercise any of these rights, contact us at [email protected]. We may verify your request by asking for information that matches information we already hold about you. You may designate an authorized agent to make a request on your behalf in accordance with applicable law.

11. Children’s Privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have collected personal information from a person under 18 without verified parental consent, we will take steps to delete that information. If you believe a child under 18 has provided us with personal information, contact us at [email protected].

The Service may contain links to or integrations with third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any information to them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top and, where appropriate, by other means such as email or a notice on the Service. Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

Email: [email protected] Website: https://shhots.ai