Privacy Policy

GHapp is a web service for AI-powered image and video generation through a unified interface.

For support, privacy, abuse, and legal requests, you may contact us at: support@ghapp.co.

If applicable law requires publication of additional legal or registration details about the service operator, such information may be published on the GHapp website or provided upon a reasonable request.

This Policy applies to personal data that we process in connection with visits to the GHapp website, creation and use of an account, image or video generation, storage and display of outputs in the private gallery, operation of the billing interface, support communications, security, abuse investigations, and enforcement of our rules.

This Policy does not apply to third-party websites, third-party payment pages, or other external services that are governed by their own terms and privacy policies.

3.1 Data You Provide Directly

• email address;
• password, which is stored in hashed form and not in plain text;
• prompts, text instructions, and other input that you submit through the Service;
• uploaded images, videos, files, and other materials that you provide for generation;
• support messages and other correspondence you send to us.

3.2 Data Generated Through Use of the Service

• generated images and videos;
• generation history;
• metadata related to generation and display of results;
• records regarding account status and available features;
• records regarding bonus, test, promo, or other non-financial balance, if such mechanisms are used.

3.3 Technical and Service Data

• session identifiers;
• error logs, technical logs, and service events;
• device, browser, or application data to the extent necessary for operation, debugging, security, and protection of the Service;

As of the last updated date of this Policy, GHapp does not use marketing cookies. GHapp may use analytics tools on public pages to measure traffic, understand aggregate usage, and improve the Service.

3.4 Payment-Related Data If Paid Features Are Enabled

If and when GHapp enables paid features, balance top-ups, subscriptions, or live checkout, we may receive and process payment-related data such as payment provider name, payment status, transaction identifier, amount, invoice identifier, and, in the case of crypto payments, wallet address, payment address, tx hash, network information, and crypto payment status. We do not store full bank card data.

• We do not knowingly collect personal data of individuals under 18 years of age.
• We do not store full bank card data.
• We do not offer registration or login through social login providers as of the last updated date of this Policy.

If we become aware that we collected personal data of a person under 18 in violation of this Policy, we may delete such data and terminate the relevant account.

• to create and manage user accounts;
• to authenticate users and maintain account access;
• to process prompts, uploads, and generations;
• to display history and outputs in your account and private gallery;
• to operate, maintain, diagnose, and improve Service functionality;
• to prevent fraud, prohibited content, abuse, security violations, and unauthorized access;
• to respond to support requests and other user communications;
• to enforce the Terms of Service, the Acceptable Use Policy, and other GHapp rules;
• to comply with legal, regulatory, tax, sanctions, anti-fraud, and other compliance requirements;
• to establish, exercise, or defend legal claims;
• to process payment-related data if and when paid features are enabled.

We do not use your prompts, uploaded materials, or generated outputs to train GHapp’s own models.

If applicable law requires a legal basis for processing personal data, we generally rely on one or more of the following bases:

• performance of a contract — where processing is necessary to provide the Service you requested;
• legitimate interests — where processing is necessary for operation, protection, diagnostics, support, and improvement of the Service, abuse prevention, and information security;
• compliance with legal obligations — where we are required to retain, disclose, or otherwise process data under law, sanctions regimes, compliance requirements, or a binding request from a competent authority;
• consent — where applicable law requires consent or where we separately ask you for it.

We may disclose personal data strictly to the extent necessary for operation of the Service to the following categories of recipients:

• hosting, cloud infrastructure, object storage, security, and technical support providers;
• AI model providers and related generation services to the extent necessary to process your requests and obtain results;
• email, authentication, error-monitoring, and other technical service providers necessary for operation of GHapp;
• payment providers, Merchant of Record providers, card processors, crypto payment providers, and other payment partners — if and when paid features are enabled in the Service;
• law enforcement, regulators, courts, sanctions authorities, or other competent persons — where required by law, necessary to protect our rights, or reasonably related to preventing fraud, abuse, and security threats.

GHapp and its service providers may process data in different countries. By using the Service, you understand that your data may be transferred to and processed outside your country of residence, including in jurisdictions with a different level of data protection. Where required, we will take reasonable measures for such transfers in accordance with applicable law.

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy unless longer retention is required or permitted by law.

• account data is retained while the account is active and for a reasonable period after closure for security, abuse prevention, legal compliance, and dispute resolution;
• prompts, uploaded materials, generation history, and outputs may be retained while available in your account and, after deletion or account closure, for a reasonable period for operation of the Service, backup, information security, abuse investigations, and legal compliance;
• technical logs, service records, and security logs may be retained as long as needed for diagnostics, investigations, anti-fraud controls, and protection of the Service;
• payment metadata, if paid features are enabled, may be retained as long as needed for accounting, tax, anti-fraud, refunds, compliance, and dispute resolution.

Deletion through the Service interface or by contacting support may immediately limit access to data; however, actual deletion from production systems, databases, object storage, backups, and other technical layers may not occur instantly and may take place within a reasonable period.

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction. However, no method of storage or transmission over the internet is absolutely secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to request access to your personal data, correction, deletion, restriction of processing, portability, withdrawal of consent, and to lodge complaints with a competent data protection authority.

To exercise your rights or submit privacy questions, contact us at support@ghapp.co. We may request reasonable identity verification before fulfilling a request.

We may update this Privacy Policy from time to time. The updated version becomes effective on the date of publication unless stated otherwise. By continuing to use the Service after the changes become effective, you agree to the updated version.