Aiva Studio
Privacy Policy
Last updated: May 19, 2026
This Privacy Policy describes how Aiva Studio (“we”, “us”) handles personal information when you visit our website or use our services. We serve users globally and describe practices in a way that works across regions. Where national law adds requirements beyond this Policy, those laws may also apply to you.
Primary legal framework. Unless otherwise required by mandatory local law, disputes arising from this Policy are addressed under the laws of India, without prejudice to rights you may have in your own country.
Who we are
Aiva Studio is operated as an online service for AI-assisted creative workflows. Contact for privacy inquiries should be sent using the details published on this site when available, or through your account channels once provided.
Information we collect
- Account & authentication. Email address, display identifiers, and authentication provider metadata when you sign in with Google or email credentials managed through Firebase Authentication (Google).
- Usage & diagnostics. Device/browser type, approximate region from IP (via analytics), pages viewed, and interaction events when you use the site. We use Firebase Analytics / Google Analytics–compatible measurement tied to your Firebase project configuration.
- Content you submit. Prompts, reference uploads, and generated images you create through Generate, Character Swap, and related features. We store image files in object storage (Railway S3-compatible buckets) and metadata in Neon Postgres. Inference is processed via fal.ai as a subprocessor.
- Credits & billing. Credit balance and ledger entries associated with your account when you use paid features.
How we use information
- To provide, secure, and improve Aiva Studio.
- To authenticate you and prevent abuse.
- To measure product usage and reliability.
- To communicate service-related notices where permitted.
- To comply with law or enforce our Terms.
Legal bases (where GDPR-style laws apply)
Depending on your region, we rely on performance of a contract (providing the service), legitimate interests (security, analytics, product improvement), and consent where required—particularly for non-essential cookies or marketing communications when introduced.
Sharing & subprocessors
We use reputable infrastructure providers. Today this includes Firebase / Google for authentication and analytics; Vercel for application hosting; Neon for Postgres; Railway for S3-compatible object storage of uploads and generations; and fal.ai for AI image inference. Subprocessors may change; material updates will be reflected here or via notice where required.
International transfers
Your information may be processed in countries other than where you live, including the United States or regions where our vendors operate. Where required, we use safeguards such as standard contractual clauses or vendor certifications.
Retention
We retain information only as long as needed for the purposes above, including legal, accounting, or security requirements. Analytics identifiers may be retained in aggregated or pseudonymous form.
Your choices & rights
Depending on jurisdiction, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. Email-based requests will be honored subject to verification and exceptions permitted by law.
Children
Aiva Studio is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.
Changes
We may update this Policy as our service evolves. The “Last updated” date above reflects the latest revision; continued use after changes constitutes acceptance where permitted by law.