Privacy Policy

Last updated: April 12, 2026

Illumina Labs ("we", "us", "our") operates the Illumina platform at illuminalabs.ai. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable laws.

1. Data Controller

The data controller responsible for your personal data is Illumina Labs. Contact: [email protected]

2. Data We Collect

2.1 Account Data

When you register, we collect your email address, name, and authentication credentials. If you sign in via OAuth (Google, Discord), we receive your profile data from those providers.

2.2 Usage Data

We collect data about how you use the Service, including generations created, credits consumed, workflows configured, and social channels connected.

2.3 Content Data

Prompts, generated images, videos, and music files you create through the Service are stored to provide the Service and may be used to improve generation quality.

2.4 Payment Data

Payment processing is handled by our payment provider. We do not store full card numbers. We receive transaction confirmations and billing history.

2.5 Technical Data

IP address, browser type, device information, and access logs collected automatically when you use the Service.

3. Legal Basis for Processing

• Contract performance — to provide you with the Service you signed up for
• Legitimate interests — to improve the platform, prevent fraud, and ensure security
• Legal obligation — to comply with applicable laws
• Consent — for marketing communications (you can withdraw at any time)

4. How We Use Your Data

• Providing, operating, and improving the Service
• Processing payments and managing subscriptions
• Sending transactional emails (account confirmations, receipts)
• Sending product updates (with your consent)
• Security monitoring and fraud prevention
• Complying with legal obligations

5. Third-Party Processors

We share data with service providers who process data on our behalf:

• Supabase — database and authentication infrastructure
• Replicate — AI model inference for content generation
• Anthropic — prompt processing via Claude API
• Vercel — hosting and edge delivery

All processors are bound by data processing agreements and may not use your data for their own purposes.

6. Data Retention

Account data is retained for the duration of your account and up to 90 days after deletion. Generated content files are retained while your account is active. You may request deletion at any time.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time for consent-based processing

To exercise these rights, contact [email protected]. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies. See our Cookie Policy for details.

9. International Transfers

Some of our processors are based outside the EU. Where data is transferred, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

10. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, and access controls. No system is 100% secure — please notify us immediately if you suspect a breach.

11. Changes to this Policy

We may update this Policy. Material changes will be notified via email or in-app. Continued use after changes constitutes acceptance.

12. Contact & Complaints

Data privacy inquiries: [email protected]

You have the right to lodge a complaint with your local data protection authority.