Privacy Policy

TechBuilds EOOD (UIC 206521446), a single-member limited liability company registered in Bulgaria with its registered office at Bulgaria, Nesebar, operates Spotlight Paws and is the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.

Contact: privacy@spotlightpaws.com.

We collect only what we need to deliver and operate the service:

• Account data: email address, magic-link sign-in tokens, and account-creation timestamp.
• Marketing preferences: whether you have agreed to receive periodic product-update emails (via the sign-in notice or an optional homepage signup), and any unsubscribe or opt-out requests.
• Pet photos: the reference images you upload (typically one to three photos per generation).
• Generation metadata: scene template selected, generation status, output image, and timestamps.
• Payment records: limited Stripe checkout metadata (session ID, amount, currency, country). Card details never reach our servers.
• Technical data: IP address, user-agent, timestamps, and basic request logs used for security and abuse prevention.
• Cookies: see the Cookie Policy.

Transactional emails (magic links, order confirmations, portrait delivery) are sent under performance of a contract — art. 6(1)(b) — and do not rely on marketing consent.

We use vetted third-party providers to operate the service. Each acts under a Data Processing Agreement and processes your data only on our instructions. The main categories are:

• Payment processing (United States and EU)
• Cloud hosting and database storage (EU)
• AI image generation — inference only (United States)
• Transactional and marketing email delivery (United States and EU)
• Security, rate limiting, and background processing (EU and global)

International transfers to the United States rely on the EU–US Data Privacy Framework where the recipient is certified, or on Standard Contractual Clauses (SCCs) where it is not, with supplementary measures in our processor agreements.

Pet photos and generation prompts are sent to our AI provider for inference only. Under the provider's API terms, your inputs and outputs are not used to train their models. We do not train any Spotlight Paws models on your photos either.

We keep personal data only as long as necessary for the purposes above:

• Account, reference photos, and generation outputs: retained while your account is active and for up to 12 months of inactivity, after which the account is bulk-deleted unless you request earlier deletion.
• Payment records: retained for the period required by Bulgarian tax and accounting law (currently 10 years for primary accounting records).
• Security logs: typically 90 days.
• Email-deletion requests and our response: kept for up to 3 years for audit purposes.
• Marketing opt-in and opt-out records: kept while your account is active; if you unsubscribe, your email is added to a suppression list and retained there so we do not contact you again for marketing.

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw any consent you have given. You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) at https://www.cpdp.bg, or with the supervisory authority in your EU country of residence.

To exercise any of these rights, email privacy@spotlightpaws.com from the address associated with your account, with the subject "Data {access|deletion|export} request" and a brief description of what you want.

We respond within 30 days (extendable by a further 60 days for complex requests, in which case we tell you why).

What gets deleted on a deletion request: your account, reference photos, generation outputs, and personal generation records. Stripe payment records and the related accounting entries are retained for the legally required period (see Retention).

Marketing emails: you can withdraw consent at any time by using the unsubscribe link in any marketing message or by emailing privacy@spotlightpaws.com from your account address with the subject "Unsubscribe". Opting out does not affect transactional or legally required messages.

See the Cookie Policy for the full list. Non-essential cookies are loaded only after you opt in via the consent banner.

Spotlight Paws is not directed at children under 16. We do not knowingly process the personal data of anyone under 16. If you believe a child has used the service, contact us and we will delete the relevant account.

We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes will be communicated by email to active accounts before they take effect.

Questions, requests, or complaints: privacy@spotlightpaws.com.

Postal address: TechBuilds EOOD, Bulgaria, Nesebar.