Alex on RAW
Not logged in

Privacy Policy

Effective Date: 15 May 2025

This Privacy Policy ("Policy") explains how Afterimages OÜ, registry code 16195804, with registered address at Luise tn 4‑46, 10142 Tallinn, Estonia ("Company," "we," "us," or "our") collects, uses, discloses, and processes personal data when you access or use scripts.alexonraw.com (the "Service"), including any related applications, features, or content.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN. IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.

As we are established in Estonia, we process personal data in accordance with the EU General Data Protection Regulation (GDPR), Estonian data protection laws, and other applicable privacy regulations. "Personal data" means any information relating to an identified or identifiable natural person.

1. Data Controller

Afterimages OÜ
Luise tn 4‑46, 10142 Tallinn, Estonia
Email: store@alexonraw.com

2. Scope and Consent

This Policy covers all personal data collected through:

  • The Service and all its features
  • Related communications (emails, support, newsletters)
  • Third-party integrations and APIs
  • Cookies and tracking technologies
  • Any offline interactions related to the Service

Your explicit consent: By creating an account, using the Service, or clicking "Accept" on our cookie banner, you provide explicit, informed consent to all data processing activities described in this Policy, including but not limited to AI training, commercial use of content, and international data transfers.

3. Personal Data We Collect

3.1 Data You Provide

CategoryExamplesPurpose
Account DataName, email, password (hashed), username, organization, profile informationEssential for Service provision
Content DataAll prompts, inputs, generated scripts, uploaded files, feedback, ratings, commentsCore Service functionality and improvement
Payment DataOrder ID, products purchased, billing email, VAT informationTransaction processing (card details handled by FastSpring)
Communication DataSupport tickets, emails, chat messages, survey responsesCustomer service and improvement

3.2 Data We Collect Automatically

CategoryExamplesPurpose
Usage DataIP addresses, device information, browser type, operating system, access times, pages viewed, clicks, session durationService optimization and security
Technical DataError logs, crash reports, performance metrics, API calls, feature usageDebugging and improvement
Location DataCountry, region, city (derived from IP)Compliance and service customization
Cookie DataSession IDs, preferences, authentication tokensService functionality and analytics

3.3 Data from Third Parties

  • Gravatar: Profile pictures based on your email address
  • Google: Account information if you use Google sign-in
  • FastSpring: Order confirmation and licensing data
  • Social Media: Public profile information if you connect accounts

IMPORTANT: We do not knowingly collect special categories of personal data (Art. 9 GDPR) or criminal conviction data. However, if such data is included in your prompts or generated content, you consent to its processing for Service provision and improvement.

4. How We Use Your Data

4.1 Primary Purposes

We process your personal data for the following purposes and legal bases:

PurposeLegal BasisRetention Period
Service Provision - Account management, script generation, content storageContract performance (Art. 6(1)(b) GDPR)Duration of account + 3 years
AI Training & Improvement - Using all inputs and outputs to train, fine-tune, and improve our AI modelsLegitimate interests (Art. 6(1)(f)) + Consent for public contentIndefinite for training data
Commercial Exploitation - Using public scripts for any commercial purposeConsent (Art. 6(1)(a))Indefinite
Security & Fraud Prevention - Monitoring for abuse, preventing unauthorized accessLegitimate interests2 years from incident
Legal Compliance - Tax records, responding to legal requestsLegal obligation (Art. 6(1)(c))As required by law (typically 7 years)
Marketing - Newsletters, product updates, promotional contentConsentUntil withdrawn
Analytics - Understanding usage patterns, improving UXConsent14 months

4.2 Comprehensive Data Usage Rights

By using the Service, you grant us an irrevocable, worldwide, royalty-free, perpetual license to use, process, analyze, modify, reproduce, and create derivative works from:

  1. All Content Data (inputs and outputs)
  2. Usage patterns and interaction data
  3. Aggregated and anonymized data sets
  4. Any feedback or suggestions

This includes the right to:

  • Train and improve AI models (ours and third parties')
  • Develop new features and services
  • Conduct research and publish findings
  • License or sell aggregated/anonymized data
  • Create benchmarks and datasets
  • Any other purpose we deem appropriate

For PUBLIC scripts specifically: You grant us unlimited rights to use, distribute, sublicense, modify, and commercially exploit the content in any manner without attribution or compensation.

5. Cookies and Tracking Technologies

We use the following technologies:

5.1 Essential Cookies (No consent required)

  • Authentication and security tokens
  • Load balancing and performance
  • User preferences (language, theme)

5.2 Analytics & Marketing (Consent required)

  • Google Analytics - Usage patterns (IP anonymized)
  • Google Tag Manager - Marketing campaign tracking
  • Facebook Pixel - Ad targeting and retargeting
  • Custom tracking - Feature usage and conversion

5.3 Third-Party Technologies

  • Gravatar - Automatically loads profile pictures based on email hash
  • Cloudflare - Security and performance monitoring
  • Sentry - Error tracking and debugging

You can manage cookie preferences via our cookie banner or browser settings. Note that disabling cookies may limit Service functionality.

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with carefully selected processors under strict Data Processing Agreements:

ProviderPurposeData SharedLocationSafeguards
Google LLCAI generation, analytics, workspaceAll data categoriesUSASCCs + encryption
OpenAI L.L.C.GPT model accessContent DataUSASCCs + data minimization
Anthropic PBCClaude model accessContent DataUSASCCs + pseudonymization
OpenRouter Inc.Multi-model routingContent DataUSASCCs
Langfuse GmbHAI observabilityUsage and Content DataGermanyIn-EEA processing
FastSpringPayment processingOrder Data (no cards)USASCCs + PCI compliance
MailchimpEmail communicationsContact DataUSASCCs
CloudflareCDN and securityTechnical DataGlobalSCCs + encryption
AWSHosting and storageAll data categoriesEU/USASCCs + encryption
GravatarProfile picturesEmail hash onlyUSASCCs
ZapierAutomationSelected dataUSASCCs
SentryError monitoringTechnical DataUSASCCs + anonymization

6.2 Other Disclosures

We may disclose your data:

  • Legal requirements: To comply with laws, court orders, or governmental requests
  • Vital interests: To protect someone's life or physical safety
  • Business transfers: In connection with mergers, acquisitions, or asset sales
  • With consent: When you explicitly agree to specific sharing

6.3 Public Content

WARNING: Scripts set to PUBLIC are immediately accessible to anyone worldwide. We may showcase, redistribute, or commercialize public content without notice. You waive all privacy rights to public content.

7. International Data Transfers

Your data may be transferred outside the EEA to countries without adequate data protection laws. We implement the following safeguards:

  1. Standard Contractual Clauses (SCCs) with all non-EEA processors
  2. Technical measures: Encryption, pseudonymization, access controls
  3. Contractual obligations: Data protection addendums with all vendors
  4. Risk assessments: Regular evaluation of transfer risks

By using the Service, you explicitly consent to these international transfers and acknowledge the associated risks.

8. Data Security

While we implement industry-standard security measures, we cannot guarantee absolute security. Our measures include:

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Incident response procedures
  • Employee training and access controls

YOU ACKNOWLEDGE THAT:

  • No internet transmission is 100% secure
  • You are responsible for maintaining account credentials
  • We are not liable for unauthorized access resulting from your actions
  • Security breaches may occur despite our efforts

9. Your Rights Under GDPR

You have the following rights, subject to legal limitations:

  1. Access (Art. 15) - Request a copy of your data
  2. Rectification (Art. 16) - Correct inaccurate data
  3. Erasure (Art. 17) - Request deletion (exceptions apply)
  4. Restriction (Art. 18) - Limit processing in certain cases
  5. Portability (Art. 20) - Receive data in machine-readable format
  6. Object (Art. 21) - Oppose certain processing activities
  7. Withdraw consent (Art. 7) - For consent-based processing only

Important limitations:

  • Rights do not apply to anonymized or aggregated data
  • We may retain data for legal obligations or legitimate interests
  • Erasure requests do not affect data already used for AI training
  • Public content may remain accessible even after account deletion

To exercise rights, email privacy@alexonraw.com. We will respond within 30 days.

10. Children's Privacy

The Service is strictly prohibited for anyone under 18 (or 13 with verified parental consent per our Terms of Service).

If we discover that we have collected data from a child without proper consent:

  • We will immediately delete the account and associated data
  • We reserve the right to retain anonymized data for safety and improvement
  • Parents may contact us to request deletion of their child's data

Parents/guardians are liable for any misrepresentation of a child's age.

11. Data Retention

We retain data for the periods necessary to fulfill the purposes outlined in this Policy:

Data TypeRetention PeriodJustification
Account DataActive account + 3 yearsLegal claims period
Content Data (Private)Until deletion or account closureUser control
Content Data (Public)IndefiniteLegitimate interests
AI Training DataIndefiniteService improvement
Payment Records7 yearsEstonian tax law
Security Logs2 yearsIncident investigation
Marketing DataUntil consent withdrawnUser preference
Backups30 days rollingDisaster recovery

12. Automated Decision-Making

The Service uses AI models for script generation. This involves:

  • Automated processing of your inputs
  • AI-generated outputs based on training data
  • No automated decisions with legal effects

You acknowledge that:

  • AI outputs may be unpredictable or incorrect
  • We are not responsible for AI-generated content
  • Human review is available upon request

13. Third-Party Links and Services

The Service may contain links to third-party websites or integrate third-party services. We are not responsible for their privacy practices. Review their policies before providing any data.

14. Changes to this Policy

We may update this Policy at any time. For material changes:

  • We will notify you via email or in-app notice
  • Changes take effect 14 days after notification
  • Continued use constitutes acceptance

For minor changes (typos, clarifications), updates are effective immediately upon posting.

15. Complaints and Contact

For privacy concerns or complaints:

  1. Contact us: store@alexonraw.com
  2. Estonian DPA: Andmekaitse Inspektsioon (www.aki.ee)
  3. Your local authority: You may lodge complaints in your country of residence

Response time: We aim to respond within 30 days, extendable by 60 days for complex requests.

16. Governing Law and Disputes

This Policy is governed by Estonian law. Any disputes shall be resolved in the courts of Tallinn, Estonia, except where prohibited by mandatory consumer protection laws.

17. Severability and Interpretation

If any provision of this Policy is deemed invalid, the remaining provisions continue in full force. This Policy shall be interpreted in a manner that maximizes our rights while remaining compliant with applicable law.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO ALL TERMS OF THIS PRIVACY POLICY. YOUR CONTINUED USE OF THE SERVICE CONSTITUTES ONGOING CONSENT TO OUR DATA PROCESSING PRACTICES.

Last updated: 15 May 2025
Version: 2.0