NeoLuxe Studio
← Back to NeoLuxe Studio

Privacy Policy

Last updated: 29 June 2026

This Privacy Policy explains how TBD Ltd(“NeoLuxe Studio”, “we”, “us”) collects and uses your personal data when you use NeoLuxe Studio at neoluxe.studio. We are the “controller” of your personal data and process it in line with the UK GDPR and the Data Protection Act 2018.

1. Data we collect

  • Account data — your name and email address, and (if you sign in with Google) the basic profile information Google shares.
  • Content you provide — the images you upload and the output images we generate for you, plus related details (for example the chosen look or aspect ratio, and automatically-detected attributes such as garment type and colour).
  • Transaction data — records of credits, plans and purchases. Card payments are handled by our payment provider; we do not receive or store your full card number.
  • Technical and usage data — information such as your IP address, device and browser type, and logs of how you interact with the Service, collected to keep it secure and working.

2. How we use your data and our legal bases

PurposeLegal basis (UK GDPR)
Create and manage your account; generate, store and let you download your imagesPerformance of our contract with you
Take payment and manage credits/plansPerformance of a contract; legal obligation (record-keeping)
Keep the Service secure, prevent abuse and debug problemsOur legitimate interests in running a safe, reliable service
Send service messages (e.g. account or security notices)Performance of a contract; legitimate interests
Send marketing emails (if we offer them)Your consent, which you can withdraw at any time
Comply with legal obligations and handle disputesLegal obligation; legitimate interests

3. AI image processing

To generate your studio images, the photos you upload are sent to our third-party AI provider (Google, via the Gemini API) for processing, which may also include automated analysis and quality checks of the image. We send only what is needed to perform the generation you request. The resulting output images are stored in your account until you delete them or close your account.

4. Who we share data with

We do not sell your personal data. We share it only with service providers (“processors”) who help us run the Service, under contracts that require them to protect it:

ProviderWhat they do
SupabaseAuthentication, database and image storage hosting
GoogleAI image generation/analysis (Gemini API) and Google Sign-In
StripePayment processing (when paid plans are enabled)
Our hosting/infrastructure providersRunning and serving the website and application

We may also disclose data if required by law, to enforce our terms, or in connection with a business sale or reorganisation.

5. International transfers

Some of our providers process data outside the UK, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as UK adequacy regulations or the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses.

6. How long we keep data

  • Uploaded photos are processed to generate your output and are not retained as separate files after processing.
  • Output images and account data are kept while your account is active and deleted (or anonymised) after you delete them or close your account, unless we must keep them longer by law.
  • Transaction records are kept as long as needed for tax and accounting obligations.
  • Logs are kept for a limited period for security and troubleshooting.

7. Your rights

Under UK data protection law you have the right to:

  • access a copy of your personal data;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability; and
  • withdraw consent at any time where we rely on it.

To exercise any of these, email privacy@neoluxe.studio. You can also complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, though we’d appreciate the chance to help first.

8. Security

We use appropriate technical and organisational measures to protect your data, including access controls and encryption in transit. Your stored images are held in private storage and served via expiring, signed links. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Children

The Service is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Cookies

We use a small number of essential cookies and similar technologies. See our Cookie Policy for details.

11. Changes to this policy

We may update this policy from time to time. If changes are material we will take reasonable steps to notify you, and we will always post the current version here with an updated date.

12. Contact

TBD Ltd (trading as NeoLuxe Studio), company number [company number], registered office [registered office address], United Kingdom. For any privacy question or request, email privacy@neoluxe.studio.

These policies are provided for transparency about how NeoLuxe Studio works. If anything is unclear, email privacy@neoluxe.studio.