Your privacy,
explained clearly.

BlitzArt.app ("BlitzArt", "we", "the platform") is committed to protecting the privacy of its users. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our AI image and text generation service.

By using BlitzArt.app you accept the practices described in this Policy and in our Terms of Service. If you don't agree, please don't use the service.

2.1 Account and profile

• Full name or username
• Email address
• Password (hashed and salted with bcrypt/Argon2)
• Country of residence (detected from IP or self-declared)
• Preferred language, signup date, last login

2.2 Identity and age verification data

For users requesting access to Advanced Models (uncensored AI models):

• Through the provider (Onfido / Persona): ID document image, live selfie, extracted data (name, date of birth, document number), biometric scores.
• Through BlitzArt: verification status (verified/rejected/pending/ revoked), timestamp, document type and country, confirmed age, number of attempts.

2.3 Usage and generated content

• Prompts, generation parameters, models used
• Generated images (temporary storage based on plan)
• Custom configurations (styles, references, LoRAs)
• UI interactions (clicks, session time)

2.4 Payment and billing

• Billing data: name, address, postal code, country
• Cards: NOT stored. Processed by Stripe/PayPal via tokenization.
• Transaction and subscription history

2.5 Technical data

• IP address (anonymized after 30 days), browser and version
• OS, device type, screen resolution
• Cookies and similar identifiers

3.1 Primary purposes

• Provide, maintain, and improve the service
• Process payments and prevent fraud
• Verify identity and age for Advanced Models
• Moderate content per our Acceptable Use Policy
• Meet legal obligations and respond to court orders
• Send technical and marketing communications (with consent)

3.2 Use of biometric data

Verification data is used exclusively to:

• Confirm age of majority
• Verify match between person and document
• Prevent impersonation and fraud

3.3 Use of generated images

We may use anonymized images to train moderation systems, improve in-house models, and for aggregate statistics. Opt-out is available in your settings panel.

You can withdraw consent at any time from Settings or by writing to privacy@blitzart.app. Withdrawal does not affect the lawfulness of prior processing.

5.1 AI model providers

When you generate an image, your prompt is sent to the selected model's provider. We never share your name, email, or account data with them.

• Black Forest Labs (Flux), OpenAI (DALL·E, GPT-4o), Ideogram, Krea, Recraft
• Alibaba (Qwen), Tencent (Hunyuan), xAI (Grok)
• Advanced Models providers under specific agreements

5.2 Identity verification (KYC)

• Onfido Ltd. (United Kingdom)
• Persona Identities Inc. (United States)

5.3 Payment processors

• Stripe, PayPal, and specialized processors for adult content

5.4 Infrastructure

• AWS (servers), Cloudflare (CDN/DDoS), Vercel (hosting), MongoDB/PostgreSQL

5.5 Competent authorities

We share when legally required: valid court orders, requests from law enforcement, mandatory NCMEC reports, fraud investigations.

6.2 Account deletion

• Profile: anonymized or deleted in 30 days
• Standard images: deleted immediately
• Advanced images: 90 additional days for traceability
• Audit logs: 7 years (not deleted)
• Payment: 7 years per tax obligations

Under GDPR, LFPDPPP, CCPA and other applicable laws, you have the following rights over your personal data:

How to exercise your rights

Send your request to privacy@blitzart.app with the subject "Data Subject Request" or "GDPR Request". We respond within 20-30 days depending on jurisdiction.

Configure your preferences in Settings → Privacy → Cookies.

Technical

• TLS 1.3 in transit and AES-256 at rest
• Password hashing with bcrypt/Argon2 + salt
• Optional MFA on Pro/Ultimate/Creator plans
• WAF, DDoS protection, annual penetration testing

Organizational

• Least privilege and continuous training
• NDAs with employees and contractors
• Cyber insurance

Your data may be transferred to:

• United States (AWS us-east, Stripe, OpenAI, Persona)
• European Union (AWS eu-west, Onfido)
• United Kingdom (Onfido)
• China (Qwen, Hunyuan — anonymized prompts only, no account data)

Standard Models: minimum age 13 (with parental consent for 13-17). Advanced Models: strictly 18+ with identity verification.

Parents and guardians: contact privacy@blitzart.app if your child under 13 created an account.

BlitzArt may contain links to third-party sites. This Policy does not apply to those sites. We recommend reviewing each site's privacy policy.

We may update this Policy periodically. Minor changes take effect immediately; substantial changes are notified by email and banner at least 30 days in advance.

The "Last updated" date at the top indicates the current version. Continued use after changes constitutes acceptance.

European Union (GDPR)

Right to lodge a complaint with the supervisory authority of your member state of residence.

Mexico (LFPDPPP)

ARCO rights with response within 20 business days. Authority: INAI.

California (CCPA/CPRA)

Right to know, delete, opt-out (BlitzArt does not sell data), non-discrimination, and correct data.

United Kingdom (UK GDPR)

Post-Brexit UK GDPR applies.

Response time: 20-30 business days depending on jurisdiction and complexity.

Current providers: Onfido / Persona.

• Onfido — onfido.com/legal/privacy
• Persona — withpersona.com/legal/privacy-policy

The provider retains images for 30-90 days according to their policy and then deletes them. BlitzArt only receives the result, score, document type and country, and date.