Privacy Policy
Last Updated: 02.07.2025
This Privacy Policy explains how Itmex Solutions LTD (“we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use Imaginella.ai (“the Platform”).
We respect your privacy and are committed to safeguarding your information in compliance with the UK GDPR, EU GDPR, and other applicable data protection laws.
What Data We Collect
We collect the following types of personal data:
Information You Provide Directly:
• Email address and contact details
• Account registration data
• Prompts or uploads submitted via the platform
• Customer support messages or inquiries
Information Collected Automatically:
• IP address, device type, browser
• Timezone, language settings
• Usage activity and interaction logs
• Cookies and similar technologies
Payment Information:
Payments are securely processed by third-party providers. We do not store full payment card details on our servers.
How We Use Your Data
We collect and process your personal data solely for legitimate and clearly defined purposes.
These include, but are not limited to, the following:
To Operate and Maintain the Platform:
We use your data to provide core functionality, deliver AI image generation services, manage your account, and ensure that features and tools perform as expected.
To Deliver Features and Fulfill Requests:
Your data allows us to process prompt submissions, handle image generations, allocate Pixels (token credits), and provide access to specific tools and functionality you request or purchase.
To Provide Support and Resolve Issues:
We use your data, such as email, prompts, or usage logs, to respond to support tickets, diagnose technical issues, troubleshoot performance problems, and resolve billing or account concerns efficiently.
To Communicate with You:
We may contact you:
• To inform you of changes to our terms, policies, or services;
• To confirm actions you’ve taken (e.g., purchases or password resets);
• To notify you about critical updates, platform disruptions, or security events;
• To respond to questions or inquiries you initiate.
We do not send marketing communications without your prior consent.
To Monitor Usage and Prevent Abuse:
We analyze usage patterns and system behavior to:
• Detect fraudulent activity, bot usage, or attempts to bypass moderation;
• Enforce our Content Policy and Pixel Usage Policy;
• Maintain the fairness, integrity, and security of the platform for all users.
To Improve and Develop the Platform:
We may aggregate and anonymize usage data to analyze feature popularity, identify areas for improvement, and enhance platform performance, stability, and user experience.
To Comply with Legal Obligations:
We may process your data as required by applicable laws and regulations, including those related to taxation, fraud prevention, regulatory reporting, or enforcement of legal rights.
We Do Not:
• Sell your personal data to third parties;
• Share your personal information with advertisers or ad networks;
• Use your data for unsolicited marketing without consent.
Your privacy and trust are critical to us. Data is only used for the purposes described above, in alignment with the lawful bases outlined in the next section.
Legal Bases for Processing
Under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, we must have a valid legal basis to collect, store, and process your personal data.
The legal bases we rely on include:
Consent:
We will request your explicit, informed consent before processing your personal data in situations where it is required by law, such as:
• Sending you optional marketing emails or newsletters
• Setting non-essential cookies (e.g., analytics or personalization cookies)
• Processing sensitive user-submitted content (if applicable)
You can withdraw your consent at any time by contacting assist@imaginella.ai or adjusting your privacy settings where available.
Performance of a Contract:
We process your data when it is necessary to fulfill our contractual obligations to you. This includes:
• Providing access to the Platform
• Allocating and managing your Pixel token balance
• Delivering AI-generated content based on your prompts
• Processing transactions or responding to purchase-related inquiries
Legal Obligation:
We may process your data if we are legally required to do so, such as:
• Maintaining records for tax or accounting purposes
• Responding to court orders, investigations, or regulatory requests
• Enforcing anti-abuse and fraud-prevention measures required by law
Legitimate Interests:
We process certain data where we have a legitimate business interest that is not overridden by your rights or freedoms. These interests include:
• Maintaining platform stability, security, and performance
• Detecting and preventing fraud or misuse
• Enhancing product development and user experience
• Providing basic analytics to improve services
• Sending transactional communications related to your account (e.g., service notices or receipts)
We always balance our interests against your privacy rights and offer opt-outs where appropriate.
Vital Interests:
In rare cases, we may process personal data to protect someone’s life, safety, or physical integrity, such as when addressing a reported threat, harmful behavior, or legal escalation involving individual wellbeing.
We assess our legal bases regularly to ensure they remain appropriate and justified for each category of data we process.
Sharing Your Data
We do not sell your personal data. However, we may share certain information with carefully selected third parties in order to operate the Platform, fulfill legal requirements, and provide a secure, high-quality user experience.
We only share data under lawful bases, and where appropriate safeguards are in place.
Service Providers and Processors:
We use trusted third-party vendors (“processors”) to help us operate the Platform. These partners may process your personal data on our behalf, under strict data protection agreements.
Examples include:
• Hosting providers (for infrastructure and uptime)
• Email delivery services (for system notifications and account-related emails)
• Analytics tools (to understand feature usage and performance)
• Payment processors (to securely handle financial transactions)
• Cloud storage platforms (for temporary or persistent file management)
All service providers are contractually obligated to protect your data and may only use it for the specific tasks assigned by Itmex Solutions LTD.
Legal and Regulatory Authorities:
We may disclose your personal data to public authorities, courts, or regulators:
• To comply with legal obligations, subpoenas, or lawful process
• To enforce our Terms & Conditions orother Policies
• To prevent fraud, abuse, or harm to individuals or the public
• To respond to data protection supervisory authorities when required
Corporate Transactions:
In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to a successor entity. In such cases:
• We will ensure the acquiring party adheres to this Privacy Policy (or a policy with equivalent protections)
• You will be notified if a transfer materially changes how your data is handled
Aggregated or Anonymized Data:
We may share aggregated, anonymized, or pseudonymized data with third parties (e.g., usage statistics or performance metrics) that cannot reasonably be used to identify you. This may be used for product improvement, reporting, or research purposes.
We regularly review all vendors and sharing arrangements to ensure continued compliance with applicable data protection regulations.
International Data Transfers
While Itmex Solutions LTD is based in the United Kingdom, some of our service providers, partners, or infrastructure tools may be located, or may process personal data, in countries outside the UK or the European Economic Area (EEA).
Whenever we transfer your personal data internationally, we do so in full compliance with applicable data protection laws, and we ensure that appropriate safeguards are in place to protect your privacy.
Transfers to Adequate Jurisdictions:
When possible, we only transfer data to countries or territories that the UK Secretary of State or the European Commission has deemed to provide an “adequate level of data protection”. This means these countries have legal protections that are broadly equivalent to those required under UK/EU law.
Transfers to Other Countries (Standard Safeguards):
If data is transferred to a country without an adequacy decision (such as the United States), we ensure your information is still protected by implementing one or more of the following:
Standard Contractual Clauses (SCCs):
Legally binding clauses adopted by the UK and EU that require third parties to protect personal data in line with GDPR standards.
International Data Transfer Agreement (IDTA):
For UK-specific transfers, we may rely on the IDTA approved by the UK Information Commissioner’s Office (ICO).
Supplementary measures (technical, contractual, or organizational):
Such as encryption, access controls, and limiting data exposure where necessary.
Your Rights in Relation to Transfers:
You have the right to request further information about:
• Whether your data has been transferred internationally
• The legal mechanisms and safeguards in place for such transfers
• Copies of any relevant agreements (subject to redaction for confidentiality)
To make such a request, contact us at assist@imaginella.ai.
Cookies and Tracking Technologies
We use cookies and similar technologies on Imaginella.ai to ensure the proper functioning of the Platform, enhance your experience, and improve our services.
This section explains what these technologies are, how we use them, and how you can control them.
What Are Cookies:
Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They allow websites to remember your actions and preferences over time, and can also help identify your browser or device on future visits.
We may also use related technologies, such as:
• Local storage
• Pixel tags / tracking pixels
• Web beacons
• Session storage
These tools serve similar functions and are treated as cookies under applicable data protection law.
Types of Cookies We Use:
We categorize the cookies used on Imaginella.ai as follows:
We do not use cookies for third-party advertising or behavioral tracking.
Legal Basis for Cookies:
Strictly Necessary Cookies are set without requiring consent, as they are essential to provide the services you request.
For all non-essential cookies (e.g., analytics), we request your prior explicit consent via our cookie banner or settings panel, in accordance with the UK Privacy and Electronic Communications Regulations (PECR) and Article 5(3) of the ePrivacy Directive.
Managing Your Cookie Preferences:
When you first visit the Platform, you will be presented with a cookie banner that allows you to:
• Accept all cookies
• Reject non-essential cookies
• Customize your cookie settings
You can also change your cookie preferences at any time via our Cookie Settings link available in the website footer.
In addition, you can manage cookies through your browser settings:
• Block or delete cookies
• Set up cookie warnings
• Restrict third-party cookie use
Note: Disabling certain cookies may affect the functionality and user experience of the Platform.
Third-Party Cookies:
Some cookies on our site may be set by trusted third-party providers that help us analyze usage or deliver support tools. These providers are bound by contractual obligations to handle your data securely and in compliance with data protection laws.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
The duration for which we retain specific categories of data depends on several factors, including legal requirements, business needs, and user activity.
Retention Periods by Data Type:
User-Initiated Deletion:
You may request the deletion of your personal data at any time by contacting assist@imaginella.ai.
Upon verification, we will:
• Remove your account and associated identifiable information;
• Retain only data necessary to comply with legal obligations (e.g., billing records, fraud prevention logs);
• Anonymize or aggregate remaining usage data wherever possible.
Inactive Accounts:
We may automatically delete or anonymize accounts that remain inactive for 24 consecutive months.
We will attempt to notify you in advance, using your registered email address.
Retention for Legal, Security, and Abuse Prevention:
We may retain certain personal data beyond the usual retention window where:
• Required to meet legal, regulatory, or tax obligations;
• Necessary to resolve disputes or enforce our Terms of Use;
• Needed to investigate fraud, misuse, or system abuse.
Retention in such cases is limited to the minimum duration necessary and always governed by strict access controls.
Your Rights Under UK/EU GDPR
As a data subject under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, you have a number of important rights in relation to your personal data.
These rights ensure transparency, fairness, and control over how your information is used.
You can exercise any of these rights by contacting us at assist@imaginella.ai.
Right to Access:
You have the right to request:
• Confirmation of whether we process your personal data;
• A copy of the personal data we hold about you;
• Information about how and why we process your data.
We will provide this free of charge unless requests are excessive or repetitive.
Right to Rectification:
You have the right to correct or update any inaccurate or incomplete personal data we hold about you.
You may also update account-related information directly in your account settings, where applicable.
Right to Erasure (“Right to Be Forgotten”):
You can request that we delete your personal data under certain circumstances, such as:
• When the data is no longer necessary for the purposes collected;
• If you withdraw consent (where consent was the legal basis);
• If the data was processed unlawfully.
Please note: We may retain certain data to comply with legal obligations (e.g., transaction records).
Right to Restrict Processing:
You may request that we temporarily restrict the processing of your personal data if:
• You contest its accuracy;
• Processing is unlawful but you oppose erasure;
• You need the data for legal claims;
• We’re verifying an objection to processing.
Right to Object:
You can object to the processing of your personal data where:
• The processing is based on our legitimate interests;
• The data is being used for direct marketing.
In such cases, we will stop processing unless we can demonstrate compelling legitimate grounds.
Right to Data Portability:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where:
• The processing is based on consent or contract; and
• The processing is carried out by automated means.
Right to Withdraw Consent:
If we process your data based on your consent (e.g., non-essential cookies, email marketing), you may withdraw that consent at any time. This will not affect any processing already carried out before withdrawal.
Right to Lodge a Complaint:
You have the right to file a complaint with a data protection authority if you believe your rights have been violated or your personal data is being processed unlawfully.
In the UK:
Information Commissioner’s Office (ICO)
https://ico.org.uk/
In the EU:
Contact your national data protection authority.
Children’s Privacy
Imaginella.ai is intended for use only by individuals who are 18 years of age or older. We do not knowingly collect, store, or process personal data from anyone under the age of 18.
No Use by Minors:
By using the Platform, you confirm that you are at least 18 years old and legally permitted to access and use our services in your jurisdiction. If we learn that we have inadvertently collected personal data from a minor under 18, we will take immediate steps to:
• Delete the data from our systems;
• Terminate the associated account (if applicable);
• Block further access from the associated user credentials or IP.
Parental Notification:
If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us at assist@imaginella.ai.
We will act promptly to remove the information and prevent further contact or use.
No Age-Gated Content:
Imaginella.ai does not offer content specifically aimed at children, nor do we knowingly target individuals under 18 with our features, advertising (if any), or services.
We take children’s privacy seriously and adhere to the requirements of the UK GDPR, EU GDPR, and applicable child data protection laws in other jurisdictions.
Data Security
We take the security of your personal data seriously and implement appropriate technical, organizational, and administrative safeguards to protect it from unauthorized access, disclosure, loss, alteration, or destruction.
We apply a layered security approach, which includes but is not limited to:
Encryption:
• All data is encrypted in transit using HTTPS (TLS 1.2 or higher).
• Sensitive information stored in our databases is encrypted at rest using industry-standard protocols.
Access Controls:
• Role-based access and least-privilege principles govern who can access your data.
• Administrative access is restricted to authorized personnel only and secured with multi-factor authentication (MFA).
Infrastructure Protection:
• Our servers are hosted with trusted providers that maintain robust physical and digital security standards (e.g., ISO 27001, SOC 2 compliance).
• We implement firewalls, automated threat detection, and intrusion prevention systems.
Monitoring and Logging:
• We log access to systems and monitor for suspicious activity.
• Alerts are configured for unusual access patterns or abuse attempts.
Data Minimization and Retention:
• We collect only what we need and retain it only for as long as necessary.
Your Role in Security:
While we take every reasonable step to protect your data, security is a shared responsibility.
You can help by:
• Choosing a strong and unique password
• Keeping your login credentials confidential
• Not sharing your account with others
• Reporting any suspected breaches or suspicious activity to assist@imaginella.ai
Incident Response:
In the event of a data breach that poses a risk to your rights and freedoms, we will:
• Notify affected users without undue delay
• Report the incident to the ICO (or other applicable supervisory authority) within 72 hours where required
• Provide guidance on protective steps you can take
We regularly review and update our security practices to adapt to evolving threats and stay aligned with regulatory and industry standards.
Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect:
• Changes in our services or features
• Updates in legal requirements or data protection laws
• Adjustments to our data processing practices
• Improvements to clarity, transparency, or formatting
We encourage you to review this policy periodically to stay informed about how we protect your personal data.
Notification of Changes:
When we make material changes to this Privacy Policy, we will:
• Update the “Last Updated” date at the top of this page
• Notify you through a notice on the Platform, via email (if applicable), or through your account dashboard
• Provide you with a clear summary of the changes when required by law
Continued Use Constitutes Acceptance:
By continuing to use Imaginella.ai after changes to this Privacy Policy are posted, you acknowledge and agree to the updated terms. If you do not agree with any revised terms, you should stop using the Platform and may request account deletion at any time.
Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or how your personal data is handled, please don’t hesitate to reach out.
We’re here to help and respond to all inquiries in a timely and respectful manner.
Email (Privacy & Data Requests):
connect@imaginella.ai
Postal Address:
Itmex Solutions LTD
Office 15249, 182-184 High Street, North East Ham, London, United Kingdom, E6 2JA
This Privacy Policy explains how Itmex Solutions LTD (“we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use Imaginella.ai (“the Platform”).
We respect your privacy and are committed to safeguarding your information in compliance with the UK GDPR, EU GDPR, and other applicable data protection laws.
What Data We Collect
We collect the following types of personal data:
Information You Provide Directly:
• Email address and contact details
• Account registration data
• Prompts or uploads submitted via the platform
• Customer support messages or inquiries
Information Collected Automatically:
• IP address, device type, browser
• Timezone, language settings
• Usage activity and interaction logs
• Cookies and similar technologies
Payment Information:
Payments are securely processed by third-party providers. We do not store full payment card details on our servers.
How We Use Your Data
We collect and process your personal data solely for legitimate and clearly defined purposes.
These include, but are not limited to, the following:
To Operate and Maintain the Platform:
We use your data to provide core functionality, deliver AI image generation services, manage your account, and ensure that features and tools perform as expected.
To Deliver Features and Fulfill Requests:
Your data allows us to process prompt submissions, handle image generations, allocate Pixels (token credits), and provide access to specific tools and functionality you request or purchase.
To Provide Support and Resolve Issues:
We use your data, such as email, prompts, or usage logs, to respond to support tickets, diagnose technical issues, troubleshoot performance problems, and resolve billing or account concerns efficiently.
To Communicate with You:
We may contact you:
• To inform you of changes to our terms, policies, or services;
• To confirm actions you’ve taken (e.g., purchases or password resets);
• To notify you about critical updates, platform disruptions, or security events;
• To respond to questions or inquiries you initiate.
We do not send marketing communications without your prior consent.
To Monitor Usage and Prevent Abuse:
We analyze usage patterns and system behavior to:
• Detect fraudulent activity, bot usage, or attempts to bypass moderation;
• Enforce our Content Policy and Pixel Usage Policy;
• Maintain the fairness, integrity, and security of the platform for all users.
To Improve and Develop the Platform:
We may aggregate and anonymize usage data to analyze feature popularity, identify areas for improvement, and enhance platform performance, stability, and user experience.
To Comply with Legal Obligations:
We may process your data as required by applicable laws and regulations, including those related to taxation, fraud prevention, regulatory reporting, or enforcement of legal rights.
We Do Not:
• Sell your personal data to third parties;
• Share your personal information with advertisers or ad networks;
• Use your data for unsolicited marketing without consent.
Your privacy and trust are critical to us. Data is only used for the purposes described above, in alignment with the lawful bases outlined in the next section.
Legal Bases for Processing
Under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, we must have a valid legal basis to collect, store, and process your personal data.
The legal bases we rely on include:
Consent:
We will request your explicit, informed consent before processing your personal data in situations where it is required by law, such as:
• Sending you optional marketing emails or newsletters
• Setting non-essential cookies (e.g., analytics or personalization cookies)
• Processing sensitive user-submitted content (if applicable)
You can withdraw your consent at any time by contacting assist@imaginella.ai or adjusting your privacy settings where available.
Performance of a Contract:
We process your data when it is necessary to fulfill our contractual obligations to you. This includes:
• Providing access to the Platform
• Allocating and managing your Pixel token balance
• Delivering AI-generated content based on your prompts
• Processing transactions or responding to purchase-related inquiries
Legal Obligation:
We may process your data if we are legally required to do so, such as:
• Maintaining records for tax or accounting purposes
• Responding to court orders, investigations, or regulatory requests
• Enforcing anti-abuse and fraud-prevention measures required by law
Legitimate Interests:
We process certain data where we have a legitimate business interest that is not overridden by your rights or freedoms. These interests include:
• Maintaining platform stability, security, and performance
• Detecting and preventing fraud or misuse
• Enhancing product development and user experience
• Providing basic analytics to improve services
• Sending transactional communications related to your account (e.g., service notices or receipts)
We always balance our interests against your privacy rights and offer opt-outs where appropriate.
Vital Interests:
In rare cases, we may process personal data to protect someone’s life, safety, or physical integrity, such as when addressing a reported threat, harmful behavior, or legal escalation involving individual wellbeing.
We assess our legal bases regularly to ensure they remain appropriate and justified for each category of data we process.
Sharing Your Data
We do not sell your personal data. However, we may share certain information with carefully selected third parties in order to operate the Platform, fulfill legal requirements, and provide a secure, high-quality user experience.
We only share data under lawful bases, and where appropriate safeguards are in place.
Service Providers and Processors:
We use trusted third-party vendors (“processors”) to help us operate the Platform. These partners may process your personal data on our behalf, under strict data protection agreements.
Examples include:
• Hosting providers (for infrastructure and uptime)
• Email delivery services (for system notifications and account-related emails)
• Analytics tools (to understand feature usage and performance)
• Payment processors (to securely handle financial transactions)
• Cloud storage platforms (for temporary or persistent file management)
All service providers are contractually obligated to protect your data and may only use it for the specific tasks assigned by Itmex Solutions LTD.
Legal and Regulatory Authorities:
We may disclose your personal data to public authorities, courts, or regulators:
• To comply with legal obligations, subpoenas, or lawful process
• To enforce our Terms & Conditions orother Policies
• To prevent fraud, abuse, or harm to individuals or the public
• To respond to data protection supervisory authorities when required
Corporate Transactions:
In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to a successor entity. In such cases:
• We will ensure the acquiring party adheres to this Privacy Policy (or a policy with equivalent protections)
• You will be notified if a transfer materially changes how your data is handled
Aggregated or Anonymized Data:
We may share aggregated, anonymized, or pseudonymized data with third parties (e.g., usage statistics or performance metrics) that cannot reasonably be used to identify you. This may be used for product improvement, reporting, or research purposes.
We regularly review all vendors and sharing arrangements to ensure continued compliance with applicable data protection regulations.
International Data Transfers
While Itmex Solutions LTD is based in the United Kingdom, some of our service providers, partners, or infrastructure tools may be located, or may process personal data, in countries outside the UK or the European Economic Area (EEA).
Whenever we transfer your personal data internationally, we do so in full compliance with applicable data protection laws, and we ensure that appropriate safeguards are in place to protect your privacy.
Transfers to Adequate Jurisdictions:
When possible, we only transfer data to countries or territories that the UK Secretary of State or the European Commission has deemed to provide an “adequate level of data protection”. This means these countries have legal protections that are broadly equivalent to those required under UK/EU law.
Transfers to Other Countries (Standard Safeguards):
If data is transferred to a country without an adequacy decision (such as the United States), we ensure your information is still protected by implementing one or more of the following:
Standard Contractual Clauses (SCCs):
Legally binding clauses adopted by the UK and EU that require third parties to protect personal data in line with GDPR standards.
International Data Transfer Agreement (IDTA):
For UK-specific transfers, we may rely on the IDTA approved by the UK Information Commissioner’s Office (ICO).
Supplementary measures (technical, contractual, or organizational):
Such as encryption, access controls, and limiting data exposure where necessary.
Your Rights in Relation to Transfers:
You have the right to request further information about:
• Whether your data has been transferred internationally
• The legal mechanisms and safeguards in place for such transfers
• Copies of any relevant agreements (subject to redaction for confidentiality)
To make such a request, contact us at assist@imaginella.ai.
Cookies and Tracking Technologies
We use cookies and similar technologies on Imaginella.ai to ensure the proper functioning of the Platform, enhance your experience, and improve our services.
This section explains what these technologies are, how we use them, and how you can control them.
What Are Cookies:
Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They allow websites to remember your actions and preferences over time, and can also help identify your browser or device on future visits.
We may also use related technologies, such as:
• Local storage
• Pixel tags / tracking pixels
• Web beacons
• Session storage
These tools serve similar functions and are treated as cookies under applicable data protection law.
Types of Cookies We Use:
We categorize the cookies used on Imaginella.ai as follows:
| Category | Purpose |
| Strictly Necessary | Required for core functionality, such as login, token usage, and security. |
| Performance & Analytics | Help us understand how users interact with the site and identify areas for improvement. |
| Functionality | Enhance your experience by remembering preferences or user settings. |
| Consent Management | Store your cookie choices and privacy preferences. |
We do not use cookies for third-party advertising or behavioral tracking.
Legal Basis for Cookies:
Strictly Necessary Cookies are set without requiring consent, as they are essential to provide the services you request.
For all non-essential cookies (e.g., analytics), we request your prior explicit consent via our cookie banner or settings panel, in accordance with the UK Privacy and Electronic Communications Regulations (PECR) and Article 5(3) of the ePrivacy Directive.
Managing Your Cookie Preferences:
When you first visit the Platform, you will be presented with a cookie banner that allows you to:
• Accept all cookies
• Reject non-essential cookies
• Customize your cookie settings
You can also change your cookie preferences at any time via our Cookie Settings link available in the website footer.
In addition, you can manage cookies through your browser settings:
• Block or delete cookies
• Set up cookie warnings
• Restrict third-party cookie use
Note: Disabling certain cookies may affect the functionality and user experience of the Platform.
Third-Party Cookies:
Some cookies on our site may be set by trusted third-party providers that help us analyze usage or deliver support tools. These providers are bound by contractual obligations to handle your data securely and in compliance with data protection laws.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
The duration for which we retain specific categories of data depends on several factors, including legal requirements, business needs, and user activity.
Retention Periods by Data Type:
| Data Type | Typical Retention Period |
| Account information (email, profile settings) | For the life of your account + up to 12 months after closure |
| Prompt input & generated outputs (if stored) | Up to 30 days, unless otherwise retained for moderation or debugging |
| Support requests and communications | 2 years from last interaction |
| Billing & payment records | 6 years (to comply with tax/accounting regulations) |
| Cookie preferences | 6 months or until you change your selection |
| Logs and analytics (anonymized/aggregated) | Up to 24 months |
User-Initiated Deletion:
You may request the deletion of your personal data at any time by contacting assist@imaginella.ai.
Upon verification, we will:
• Remove your account and associated identifiable information;
• Retain only data necessary to comply with legal obligations (e.g., billing records, fraud prevention logs);
• Anonymize or aggregate remaining usage data wherever possible.
Inactive Accounts:
We may automatically delete or anonymize accounts that remain inactive for 24 consecutive months.
We will attempt to notify you in advance, using your registered email address.
Retention for Legal, Security, and Abuse Prevention:
We may retain certain personal data beyond the usual retention window where:
• Required to meet legal, regulatory, or tax obligations;
• Necessary to resolve disputes or enforce our Terms of Use;
• Needed to investigate fraud, misuse, or system abuse.
Retention in such cases is limited to the minimum duration necessary and always governed by strict access controls.
Your Rights Under UK/EU GDPR
As a data subject under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, you have a number of important rights in relation to your personal data.
These rights ensure transparency, fairness, and control over how your information is used.
You can exercise any of these rights by contacting us at assist@imaginella.ai.
Right to Access:
You have the right to request:
• Confirmation of whether we process your personal data;
• A copy of the personal data we hold about you;
• Information about how and why we process your data.
We will provide this free of charge unless requests are excessive or repetitive.
Right to Rectification:
You have the right to correct or update any inaccurate or incomplete personal data we hold about you.
You may also update account-related information directly in your account settings, where applicable.
Right to Erasure (“Right to Be Forgotten”):
You can request that we delete your personal data under certain circumstances, such as:
• When the data is no longer necessary for the purposes collected;
• If you withdraw consent (where consent was the legal basis);
• If the data was processed unlawfully.
Please note: We may retain certain data to comply with legal obligations (e.g., transaction records).
Right to Restrict Processing:
You may request that we temporarily restrict the processing of your personal data if:
• You contest its accuracy;
• Processing is unlawful but you oppose erasure;
• You need the data for legal claims;
• We’re verifying an objection to processing.
Right to Object:
You can object to the processing of your personal data where:
• The processing is based on our legitimate interests;
• The data is being used for direct marketing.
In such cases, we will stop processing unless we can demonstrate compelling legitimate grounds.
Right to Data Portability:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where:
• The processing is based on consent or contract; and
• The processing is carried out by automated means.
Right to Withdraw Consent:
If we process your data based on your consent (e.g., non-essential cookies, email marketing), you may withdraw that consent at any time. This will not affect any processing already carried out before withdrawal.
Right to Lodge a Complaint:
You have the right to file a complaint with a data protection authority if you believe your rights have been violated or your personal data is being processed unlawfully.
In the UK:
Information Commissioner’s Office (ICO)
https://ico.org.uk/
In the EU:
Contact your national data protection authority.
Children’s Privacy
Imaginella.ai is intended for use only by individuals who are 18 years of age or older. We do not knowingly collect, store, or process personal data from anyone under the age of 18.
No Use by Minors:
By using the Platform, you confirm that you are at least 18 years old and legally permitted to access and use our services in your jurisdiction. If we learn that we have inadvertently collected personal data from a minor under 18, we will take immediate steps to:
• Delete the data from our systems;
• Terminate the associated account (if applicable);
• Block further access from the associated user credentials or IP.
Parental Notification:
If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us at assist@imaginella.ai.
We will act promptly to remove the information and prevent further contact or use.
No Age-Gated Content:
Imaginella.ai does not offer content specifically aimed at children, nor do we knowingly target individuals under 18 with our features, advertising (if any), or services.
We take children’s privacy seriously and adhere to the requirements of the UK GDPR, EU GDPR, and applicable child data protection laws in other jurisdictions.
Data Security
We take the security of your personal data seriously and implement appropriate technical, organizational, and administrative safeguards to protect it from unauthorized access, disclosure, loss, alteration, or destruction.
We apply a layered security approach, which includes but is not limited to:
Encryption:
• All data is encrypted in transit using HTTPS (TLS 1.2 or higher).
• Sensitive information stored in our databases is encrypted at rest using industry-standard protocols.
Access Controls:
• Role-based access and least-privilege principles govern who can access your data.
• Administrative access is restricted to authorized personnel only and secured with multi-factor authentication (MFA).
Infrastructure Protection:
• Our servers are hosted with trusted providers that maintain robust physical and digital security standards (e.g., ISO 27001, SOC 2 compliance).
• We implement firewalls, automated threat detection, and intrusion prevention systems.
Monitoring and Logging:
• We log access to systems and monitor for suspicious activity.
• Alerts are configured for unusual access patterns or abuse attempts.
Data Minimization and Retention:
• We collect only what we need and retain it only for as long as necessary.
Your Role in Security:
While we take every reasonable step to protect your data, security is a shared responsibility.
You can help by:
• Choosing a strong and unique password
• Keeping your login credentials confidential
• Not sharing your account with others
• Reporting any suspected breaches or suspicious activity to assist@imaginella.ai
Incident Response:
In the event of a data breach that poses a risk to your rights and freedoms, we will:
• Notify affected users without undue delay
• Report the incident to the ICO (or other applicable supervisory authority) within 72 hours where required
• Provide guidance on protective steps you can take
We regularly review and update our security practices to adapt to evolving threats and stay aligned with regulatory and industry standards.
Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect:
• Changes in our services or features
• Updates in legal requirements or data protection laws
• Adjustments to our data processing practices
• Improvements to clarity, transparency, or formatting
We encourage you to review this policy periodically to stay informed about how we protect your personal data.
Notification of Changes:
When we make material changes to this Privacy Policy, we will:
• Update the “Last Updated” date at the top of this page
• Notify you through a notice on the Platform, via email (if applicable), or through your account dashboard
• Provide you with a clear summary of the changes when required by law
Continued Use Constitutes Acceptance:
By continuing to use Imaginella.ai after changes to this Privacy Policy are posted, you acknowledge and agree to the updated terms. If you do not agree with any revised terms, you should stop using the Platform and may request account deletion at any time.
Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or how your personal data is handled, please don’t hesitate to reach out.
We’re here to help and respond to all inquiries in a timely and respectful manner.
Email (Privacy & Data Requests):
connect@imaginella.ai
Postal Address:
Itmex Solutions LTD
Office 15249, 182-184 High Street, North East Ham, London, United Kingdom, E6 2JA