Skip to main content

Privacy Policy

Last updated: February 8, 2026

1. Introduction

SomaLabs ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI image and video generation services (the "Service").

By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, username, and authentication credentials.
  • Profile Information: Optional information you provide such as display name and profile picture.
  • Payment Information: When you make purchases, our payment processors collect billing details. We do not store complete payment card numbers.
  • User Content: Text prompts, uploaded images, uploaded videos, and generated content created through the Service.
  • API Key Usage: If you use our API, we collect data about your API requests including endpoints accessed, request timestamps, and rate limit metrics.
  • Communications: Information you provide when contacting us for support or feedback.

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device type, and unique device identifiers.
  • Usage Data: Pages visited, features used, generation history, and interaction patterns.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies and Tracking: Information collected through cookies and similar technologies (see Section 6).

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your account
  • Generate images and videos based on your prompts and inputs
  • Analyze text prompts and generated images using automated AI systems to detect content that violates our policies or applicable law
  • Log content moderation decisions for platform safety, legal compliance, and mandatory reporting obligations
  • Send transactional communications (receipts, account updates)
  • Respond to your requests, comments, and questions
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and fraud
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations

We may use anonymized and aggregated data for research, analytics, and service improvement purposes.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who assist in providing the Service, including:

  • Cloud hosting and storage providers
  • Payment processors (we do not store complete payment card numbers)
  • AI model providers for image and video generation — your prompts and reference images are sent to these providers for processing
  • Analytics and monitoring services
  • Email delivery services

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

  • Protect the rights, property, or safety of SomaLabs, users, or others
  • Enforce our Terms of Service
  • Investigate potential violations of our policies
  • Detect and prevent fraud or security incidents
  • Report apparent child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. 2258A
  • Comply with the TAKE IT DOWN Act regarding non-consensual intimate imagery

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period after deletion for legal and operational purposes.
  • Generated Content: Stored in your private gallery until you delete it or your account is terminated.
  • Transaction Records: Retained for legal and accounting purposes as required by law (typically 7 years).
  • Log Data: Typically retained for 90 days for security and debugging purposes.
  • Content Moderation Records: Violation records, including the flagged prompt and moderation decision, are retained indefinitely for legal compliance and law enforcement cooperation.
  • CSAM Reports: Content flagged as potential child sexual abuse material is preserved and reported per federal law. This data is not deleted even upon account deletion request.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users of the Service.

6.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function, including authentication and security features.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Analytics Cookies: Help us understand how users interact with the Service to improve functionality.

6.2 Cookie Consent

When you first visit our Service, a cookie consent banner allows you to choose which categories of cookies to accept. You can accept all, reject all non-essential cookies, or customize your preferences. Your choices are stored and respected on subsequent visits.

6.3 Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal from your browser. When detected, we automatically disable non-essential tracking cookies in compliance with the California Consumer Privacy Act (CCPA) and similar laws.

6.4 Managing Cookies

You can control cookies through your browser settings or by using our cookie consent preferences. Note that disabling essential cookies may affect the functionality of the Service.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms
  • Regular security assessments and monitoring
  • Access controls limiting data access to authorized personnel
  • Incident response procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

8.1 Access and Portability

You can request a copy of the personal data we hold about you in a structured, commonly used format.

8.2 Correction

You can update your account information through your profile settings or request corrections to inaccurate data.

8.3 Deletion

You can request deletion of your account and personal data, subject to our retention requirements for legal and operational purposes.

8.4 Objection and Restriction

You may object to certain processing of your data or request that we restrict processing under certain circumstances.

To exercise any of these rights, please contact us at support@somalabs.studio.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

When we transfer data internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to ensure your data receives adequate protection.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

If you believe we have inadvertently collected information from a child under 18, please contact us immediately.

11. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) legal obligations, or (d) legitimate interests that do not override your rights.
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority.
  • Data Protection: For data protection inquiries, contact support@somalabs.studio.

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know what personal information we collect and how it is used
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, please contact us at support@somalabs.studio.

13. AI Processing and Generated Content

When you use our AI image and video generation features:

  • Your text prompts are processed by AI models to generate images and videos. Prompts may be temporarily stored for processing and generation purposes.
  • Uploaded reference images are processed to understand content and style. These are stored securely and used only for your generations.
  • Generated images and videos are stored in your private gallery and associated with your account.
  • We may use anonymized prompt patterns (without personal identifiers) to improve our content filtering and safety systems.
  • AI Content Labeling: In compliance with the EU AI Act (Article 50), generated images include metadata identifying them as AI-generated content. This metadata is embedded in image files (EXIF data) and includes the generating platform name and timestamp.

13.1 Automated Content Moderation

To ensure platform safety and legal compliance, we employ automated content moderation systems:

  • Pre-Generation Scanning: Text prompts are analyzed by automated AI systems before generation begins to detect prohibited content. This scanning happens in real time and may block generation if a policy violation is detected.
  • Post-Generation Scanning: Generated images are scanned by AI vision analysis before being stored or displayed to you. Content that violates our policies may be automatically blocked, with violation details logged for review.
  • Scope of Scanning: Automated moderation is designed to detect illegal content (such as CSAM, non-consensual intimate imagery, and content involving minors). Adult and NSFW content that complies with our Acceptable Use Policy is explicitly permitted and is not flagged by these systems.
  • Violation Records: When content is flagged or blocked, we log the moderation decision, the prompt text, the moderation category, and confidence score. This data is retained for legal compliance and platform safety.
  • Content Safety Reporting: In accordance with federal law (18 U.S.C. 2258A), if our systems detect apparent child sexual abuse material (CSAM), we are legally required to report it to the National Center for Missing & Exploited Children (NCMEC). Such reports may include relevant user data and content as required by law.

14. Age Verification

Our Service requires age verification for access to certain features. We collect your date of birth during the age verification process. This information is used solely to verify that you meet the minimum age requirement (18 years old) for accessing the Service.

Age verification status is stored as a boolean flag in your account record and as a browser cookie. We do not store or share your date of birth after verification is complete. The verification process is handled entirely within our Service and no data is shared with third-party age verification providers.

15. Content Moderation and Appeals

In accordance with the EU Digital Services Act (DSA), when we take content moderation actions (such as removing content or restricting your account), we provide a statement of reasons for the action taken. You have the right to appeal any content moderation decision through our appeals process.

Appeal submissions are stored in your account and reviewed by our team. You will receive notification of the appeal outcome. Appeal records are retained for the purpose of maintaining moderation consistency and legal compliance.

16. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Service and updating the "Last updated" date. We may also notify you via email for significant changes.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: