Privacy policy · Updated 15 July 2026

What we collect and why.

This policy describes the information Delete SynthID handles when you sign in, purchase credits, upload an image, or contact us. It also explains the current storage and processing design without claiming protections the product does not provide.

Account information

Sign-in is provided by Google. We receive your Google account identifier, verified email address, name, and profile picture, if one is available. We use this information to create your account, keep you signed in, assign credits, show your job history, and restrict each download to the account that submitted the job.

We store a signed, secure, HTTP-only session cookie for up to 30 days. A separate secure OAuth state cookie is used for up to 10 minutes during sign-in. These cookies are necessary for account access and sign-in security.

Uploaded images and processing records

Your original upload and processed result are stored as private objects in Cloudflare R2. We also keep operational records such as the original filename, content type, file size, storage keys, job state, timestamps, retry count, and failure details.

Current retention

There is currently no automatic retention cleanup for input images, processed images, or their job records. They remain stored unless we remove them manually or add a deletion feature. Do not upload an image if that retention is unsuitable for you. To request deletion, email mehulmpt@gmail.com from the address associated with your account.

Completed files are downloaded through an authenticated account route. The application checks that the job belongs to the signed-in user before reading the private object. This is not a time-limited download link.

How image processing works

Processing is remote, not on your device. A host retrieves the private input, and image processing runs on an AWS CPU instance inside a restricted Docker container with networking disabled. Preloaded software and models are used inside that container. The host itself needs network access to claim the database job and transfer the input and output.

Temporary working files on the processing host are removed after an attempt finishes. That host cleanup does not delete the original or result stored in R2.

Payments and service providers

Stripe handles checkout and payment details. We store purchase details including the credit quantity, unit price, total, currency, payment status, and Stripe checkout or payment identifiers; we do not receive or store your full card number.

We use service providers to operate the product, including Google for sign-in, Stripe for payments, Cloudflare for delivery and object storage, AWS for remote processing, and a hosted PostgreSQL provider for account and job records. Those providers process information under their own terms and privacy practices.

Security, choices, and requests

We use private object storage, authenticated download checks, secure cookies, database access controls, and an isolated no-network processing container. No system is perfectly secure, so these measures are not a guarantee against every incident.

You can sign out to end the browser session. For access, correction, or deletion requests, email mehulmpt@gmail.com from your account email. We may need to verify the request and may retain limited records when required for fraud prevention, accounting, disputes, or legal obligations.

Changes to this policy

We may update this policy when the product or its providers change. The date at the top identifies the current version. Continued use after an update means the revised policy applies to future use.