Privacy Policy

Last Updated: January 9, 2026

1. Introduction

Wixma ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI generation services. We operate under the laws of Austria and comply with the General Data Protection Regulation (GDPR).

2. Data Controller

The entity responsible for processing your data is:

Wixma
Email: [email protected]

3. Data We Collect

  • Account Data: Email address, name, password (hashed), and unique user ID.
  • User Content: Images and text prompts you upload to our service for processing.
  • Generated Content: Images and videos created by our AI models based on your inputs.
  • Payment Data: Transaction history and subscription status (processed securely via Stripe; we do not store full credit card numbers).
  • Usage Data: IP addresses, browser type, device info, and interaction logs (for security and rate limiting).

4. How We Use Your Data

We process your data for the following purposes:

  • To provide and maintain our Service (generating images/videos).
  • To manage your account and subscription.
  • To improve our AI models and user experience.
  • To detect and prevent fraud, abuse, and security incidents (via Cloudflare).
  • To comply with legal obligations.

5. Third-Party Service Providers (Sub-Processors)

To provide our services, we share necessary data with trusted third-party providers. We ensure that these providers comply with GDPR standards.

Supabase

Database, Auth & Storage. Hosted in the EU (AWS Frankfurt).

Stripe

Payment Processing. Global (PCI-DSS compliant).

Cloudflare

Security, CDN & DDoS Protection.

Google (Gemini)

AI Model Provider. Processing of text/image prompts.

OpenAI

AI Video Model Provider (Sora). Processing of prompts.

Fal.ai

AI Image Model Provider.

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.
- Account Data: Retained until you delete your account. - Generated Images: Retained in your gallery unless you delete them. We may delete old temporary files after 30 days.

7. International Data Transfers

Some of our partners (Google, OpenAI, Stripe) are based in the USA. Data transfers to the USA are protected under the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) to ensure an adequate level of protection.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion of your data ("Right to be forgotten").
  • Restrict or object to processing.
  • Data portability.

To exercise these rights, please contact us at [email protected].

9. Cookies & Tracking

We use essential cookies to maintain your session (Supabase Auth). We do not use invasive third-party tracking cookies for advertising purposes without your consent.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.