Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Photo Repair Lab ABN 22 681 999 744 ("Photo Repair Lab", "we", "us", "our") collects, holds, uses, discloses, and otherwise handles personal information and personal data in connection with photorepairlab.com and the related Photo Repair Lab services. For questions about privacy, access, correction, deletion, or complaints, contact:
- Privacy email: support@photorepairlab.com
- Support email: support@photorepairlab.com
- Postal address: PO Box 78, Milsons Point, NSW, 1565, Australia
1. Scope
This Privacy Policy applies to personal information collected when you visit or use our website, create an account, upload images or other content, purchase or use our Services, contact support, subscribe to marketing, or otherwise interact with us.
2. Types of Information Collected
- Account and contact details — name, email, username, password hash, account preferences.
- Transaction and billing information — purchase history, invoices, billing country, tax info, limited payment-related information. Full card details are processed by our payment processor, not us directly.
- Uploaded content — photographs, image files, prompts, instructions, edit settings, metadata, and any other content you submit.
- Generated outputs — restored, enhanced, colourised, upscaled, or otherwise processed images.
- Communications — support tickets, emails, reviews, feedback, survey responses.
- Technical and usage information — IP address, browser type, device information, OS, approximate location inferred from IP, log data, timestamps, crash and diagnostic info, pages viewed, actions taken, session info.
- Cookie and similar technology data — see our Cookie Notice.
- Compliance and security information — fraud signals, abuse-prevention information, moderation records, and records of privacy requests.
- Marketing data — subscription status, email engagement, communication preferences.
Important note about images: photographs may contain personal information about you or other identifiable people and, in some cases, may reveal sensitive information. Do not upload sensitive or high-risk images unless necessary for your intended lawful use and you have all required permissions and consents.
3. How Information is Collected
- Directly from you — when you create an account, upload images, enter prompts, make a purchase, request support, or communicate with us.
- Automatically — through cookies, server logs, device identifiers, analytics tools, fraud-prevention systems, and similar technologies.
- From service providers — payment processors, email providers, security providers, infrastructure providers.
- From other people acting for you — for example, team members, agents, or someone who purchases or shares access on your behalf.
- From public or regulatory sources — where reasonably necessary for compliance, fraud prevention, or dispute handling.
4. Why Information is Collected and Used
- provide the Services and process image restoration or enhancement requests;
- create and manage your account; authenticate users and secure accounts;
- process payments, invoices, refunds, and chargeback disputes;
- store, display, deliver, and allow deletion or download of images during the retention period;
- provide customer support and respond to inquiries or complaints;
- monitor, maintain, troubleshoot, protect, and improve the Services;
- detect, investigate, and prevent fraud, abuse, policy breaches, security incidents, and illegal activity;
- send transactional emails and service communications;
- send marketing communications where permitted by law and not opted out of;
- comply with legal obligations, regulatory requests, and law-enforcement requirements; and
- establish, exercise, or defend legal claims.
5. Legal Bases for Processing (GDPR / UK GDPR)
If the GDPR or similar laws apply, Photo Repair Lab generally relies on one or more of the following bases:
- Contract — to provide the Services you request, create your account, process your uploads, deliver outputs, and administer payment and support.
- Legitimate interests — to secure the Services, prevent abuse, improve performance, maintain records, communicate with users, and operate the business.
- Consent — for optional marketing, certain cookies, or higher-risk processing where consent is the appropriate basis.
- Legal obligation — to comply with applicable laws, tax rules, accounting requirements, regulatory obligations, or lawful requests.
- Legal claims — to establish, exercise, or defend legal rights.
6. AI Processing and Automated Functions
Photo Repair Lab uses automated tools, including AI systems and third-party AI providers, to analyse and transform uploaded images in accordance with user instructions. The Services are designed to process and generate images, not to make legal, employment, credit, insurance, migration, healthcare, or other similarly significant decisions about individuals. If we later introduce any feature involving automated decision-making that could reasonably be expected to significantly affect individuals' rights or interests, this Privacy Policy will be updated.
We do not use your photos to train our AI models.
7. Disclosure of Personal Information
We may disclose personal information to:
- AI and infrastructure providers that help process uploads and generate outputs;
- cloud hosting, storage, CDN, and security providers;
- payment processors and related financial-service providers;
- email, CRM, and messaging providers;
- analytics, monitoring, and support providers;
- professional advisers (lawyers, accountants, auditors, insurers);
- regulators, courts, law-enforcement bodies, and government agencies where required or authorised by law;
- a purchaser or successor in connection with a merger, acquisition, restructuring, financing, or sale of business assets; and
- other parties authorised by you.
7a. Current Sub-processors
The following named sub-processors currently assist us in providing the Services. We may update this list from time to time. Material additions will be reflected here and, where required by law, notified to affected users.
- Cloudflare, Inc. (USA) — object storage of uploaded and generated images, CDN, DDoS protection, edge caching. Retention up to 30 days for image files.
- Stripe Payments Europe / Stripe, Inc. (Ireland / USA) — payment processing, fraud-prevention scoring, invoice and tax records. Full card numbers are not stored by us.
- FAL.ai Inc. (USA) — AI inference services for image and video processing. Uploaded images and generated outputs are transmitted for processing only and are contractually not used to train models.
- OpenAI, L.L.C. (USA) — AI inference services for image processing. Source images are transmitted for processing only and, under OpenAI's API terms, are not used to train models.
- Sendinblue SAS (Brevo) (France) — transactional and marketing email delivery, including engagement metrics.
- Functional Software, Inc. (Sentry) (USA) — application error monitoring and performance tracing. Receives error stack traces, technical context (browser, OS, route), and limited request metadata. Configured with PII collection disabled.
- MongoDB Atlas (MongoDB, Inc.) (USA) — primary application database hosting account, transaction, and history records.
- Emergent Labs Inc. (USA) — application hosting platform and managed infrastructure.
8. Overseas Disclosure and International Transfers
Because Photo Repair Lab is offered globally and relies on cloud-based and international service providers, personal information may be stored, accessed, or processed in countries outside Australia, including the United States, the European Economic Area, the United Kingdom, and other countries where our providers operate. Where required by applicable law, we take reasonable steps to ensure overseas recipients handle personal information consistently with applicable privacy requirements, through contractual protections, provider due diligence, platform controls, or other recognised transfer mechanisms.
9. Retention
- Uploaded and generated image files: up to 30 days after creation or processing, unless you delete them earlier or we need to retain them longer for security, legal hold, fraud, or dispute reasons;
- Account information: for as long as your account remains active, plus a reasonable period afterwards;
- Billing, accounting, and tax records: for the period required by applicable law;
- Support and complaint records: as long as reasonably necessary;
- Security and abuse-prevention logs: as long as reasonably necessary;
- Marketing data: until you unsubscribe.
10. Security
We use technical, organisational, and contractual measures designed to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure — including encryption in transit, access controls, authentication measures, role-based permissions, logging, provider security features, and internal processes for security review and incident response. No internet-based service can be guaranteed completely secure; you should also take steps to protect your account and devices.
11. Your Choices and Rights
Australian privacy rights
You may request access to personal information we hold about you and request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information.
EEA / UK privacy rights
If you are in the EEA or UK, you may have rights to: access your personal data; request rectification; request erasure; request restriction of processing; object to certain processing; request data portability; withdraw consent where processing is based on consent; and lodge a complaint with a supervisory authority.
California privacy rights
If California privacy law applies, you may have rights to know, access, correct, delete, and obtain information about our collection and disclosure of personal information, subject to applicable exceptions. Photo Repair Lab does not "sell" personal information as that term is defined under the California Consumer Privacy Act (CCPA), and we do not "share" personal information for cross-context behavioural advertising. We do not knowingly collect or process the personal information of consumers under 16 years of age.
12. How to Exercise Rights
To request access, correction, deletion, export, restriction, objection, or another privacy right, contact support@photorepairlab.com. We may need to verify your identity before acting on a request. We may decline or limit a request where permitted by law.
13. Complaints
If you believe Photo Repair Lab has interfered with your privacy or breached applicable privacy law, contact support@photorepairlab.com with details. We will investigate and aim to respond within 30 days. If you are not satisfied, you may complain to the Office of the Australian Information Commissioner (OAIC) or a relevant regulator in your jurisdiction.
14. Marketing
We may send service-related messages necessary to administer the Services. Where permitted by law, we may also send promotional messages. You can opt out at any time using the unsubscribe link or by contacting us.
15. Cookies and Similar Technologies
Photo Repair Lab uses cookies and similar technologies for website functionality, security, performance, and (if enabled) analytics or marketing. See the Cookie Notice for detail.
16. Children
The Services are not intended for children under 18, and we do not knowingly collect personal information directly from children through the Services. If you believe a child has provided personal information without appropriate authority, contact us so we can investigate.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on the website and update the "Last updated" date. If changes are material, we may also provide notice through the Services or by email.
