Privacy Policy

Last updated: June 4, 2026

1. Introduction

This Privacy Policy explains how Wixma.ai ("Wixma", "we", "us", or "our") processes personal data when you visit our website, create an account, purchase credits or subscriptions, upload content, or use our AI image, video, editing, and enhancement tools. We process personal data in accordance with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, and other applicable laws.

2. Data Controller

The controller responsible for the processing of personal data is:

Wixma.ai
operated by Dennis Kral e.U.
Spitalgasse 2
3500 Krems an der Donau, Lower Austria, Austria
Email: [email protected]
Web: wixma.ai

3. Categories of Data We Process

  • Account data: email address, name, authentication identifiers, password hashes, account settings, and login metadata.
  • User content: prompts, uploaded images, masks, reference images, settings, and other material you submit for AI processing.
  • Generated content: images, videos, previews, metadata, and generation history created through the Service.
  • Payment and billing data: plan, subscription status, credit balance, invoices, transaction IDs, and limited billing metadata. Full card details are processed by Stripe and are not stored by us.
  • Usage and security data: IP address, browser and device information, logs, rate-limit events, fraud signals, support messages, and technical diagnostics.
  • Communication data: emails, confirmations, password reset requests, account notifications, and messages you send to us.

4. Purposes and Legal Bases

We process personal data for the following purposes and legal bases:

  • Contract performance: to create and manage your account, provide AI generation features, store your generation history, process credits, and deliver paid services.
  • Legitimate interests: to secure the Service, prevent fraud and abuse, debug errors, improve reliability, enforce our Terms, and protect legal claims.
  • Legal obligations: to comply with tax, accounting, consumer protection, and law enforcement obligations.
  • Consent: where required for optional cookies, marketing, or specific processing choices. You may withdraw consent at any time.

5. AI Processing and User Content

To generate or edit content, your prompts, images, masks, reference files, and generation settings may be transmitted to external AI infrastructure providers. AI outputs may be unpredictable, technically imperfect, or legally sensitive depending on your input. You are responsible for ensuring that you have the necessary rights and permissions for any content you upload and for reviewing generated content before publication or commercial use.

6. Service Providers and Sub-Processors

We use carefully selected service providers to operate Wixma.ai. These providers process data only to the extent necessary to provide their services and, where required, under data processing agreements or comparable safeguards.

Supabase

Authentication, database, storage, and backend infrastructure.

Stripe

Payment processing, subscriptions, invoices, fraud prevention, and billing support.

Cloudflare

DNS, CDN, security, DDoS protection, and traffic routing.

Resend

Transactional emails such as signup confirmations, password resets, and account notifications.

OpenAI

AI image and video generation or editing, including processing of prompts and uploaded media.

Google AI / Gemini

AI model services where available for selected generation or editing workflows.

Fal.ai

AI image and video model infrastructure.

RunPod

GPU infrastructure and AI generation processing where used.

7. International Data Transfers

Some providers may process data outside the European Economic Area, including in the United States. Where this occurs, we rely on adequacy decisions, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or other safeguards permitted by law.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

  • Account data: retained while your account exists and for a reasonable period afterwards where needed for legal claims, fraud prevention, or statutory obligations.
  • Billing records: retained as required by tax and accounting law.
  • User and generated content: retained in your account history unless you delete it, subject to technical backups and legal retention needs.
  • Security logs: retained for a limited period necessary to protect the Service and investigate abuse.

9. Cookies and Similar Technologies

We use essential cookies and similar technologies to provide authentication, security, payment flows, and core website functionality. We do not use third-party advertising cookies without consent. Some third-party providers may set technically necessary cookies when you use their services through Wixma.ai.

10. Security

We use technical and organizational measures designed to protect personal data, including encrypted transport, access controls, provider security features, and abuse prevention. No online service can guarantee absolute security. You are responsible for keeping your login credentials confidential and for promptly notifying us of unauthorized account use.

11. Your GDPR Rights

Subject to legal requirements and limitations, you may have the right to:

  • Access your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of personal data.
  • Request restriction of processing.
  • Object to processing based on legitimate interests.
  • Receive data portability where applicable.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

To exercise your rights, contact us at [email protected]. We may need to verify your identity before fulfilling your request.

12. Minors

Wixma.ai is not intended for children. You must be at least 18 years old, or the age of majority in your jurisdiction if higher, to use the Service. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. Material changes may be communicated by email or in-app notice where appropriate.