NEWMU LIMITED
Last updated: 3 July 2025
This Privacy Policy (“Policy“) explains how NEWMU LIMITED (“NEWMU“, “we“, “us“, “our“) collects, uses, discloses and safeguards your personal data when you visit or use photo-mind.com and its related services (the “Platform“). NEWMU LIMITED is registered in England & Wales (Company No. 14895264) with its registered office at 5 Topham St, London EC1R 5HH, United Kingdom.
By creating an account, purchasing Credits, submitting prompts or otherwise using the Platform, you acknowledge that you have read and understood this Policy.
1. WHO IS THE DATA CONTROLLER?
- Controller: NEWMU LIMITED
- Contact: info@photo-mind.com
- Data Protection Representative (EEA): NEWMU LIMITED (same address)
- Supervisory Authority: UK Information Commissioner’s Office (ICO)
2. THE DATA WE COLLECT
Category | Examples | Source | Lawful Basis* |
Account Data | Name, email, password hash, country, preferred currency | Direct (registration) | Contract |
Contact Data | Name, email, phone, message content (Contact-Us form) | Direct | Legitimate interests (respond) |
Transaction Data | Credits purchased, subscription tier, order IDs, VAT details | Direct / Payment processors | Contract & legal obligation (tax) |
Payment Data | Last 4 digits of card, expiry, billing address (processed by Stripe/Adyen – we never store full card PAN) | Processors | Contract |
Prompt & Output Data | Text prompts, uploaded images, generated Outputs | Direct | Contract & legitimate interests (service improvement, abuse prevention) |
Technical & Usage Data | IP address, device, browser, generation latency, p95 metrics | Automated | Legitimate interests (security, analytics) |
Marketing & Analytics Data | GA4 events, Meta/TikTok pixels, Hotjar heat-maps | Cookies / SDKs | Consent |
*See §3 for explanation of lawful bases.
We do not knowingly collect special-category data unless you include such content in your prompt/upload. Please avoid submitting personal data of third parties without their consent.
3. PURPOSES & LEGAL BASES
- Account creation & authentication – Contract.
- Processing orders & payments – Contract; legal obligation for VAT evidencing.
- Providing AI-generation service – Contract; legitimate interests in maintaining service quality.
- Customer support & dispute resolution – Legitimate interests.
- Fraud & abuse detection (AUP enforcement) – Legitimate interests; legal obligation where content is illegal.
- Analytics & product improvement – Consent (non-essential cookies) or legitimate interests for aggregated, anonymised metrics.
- Marketing communications – Consent (opt-in tick-box; unsubscribe anytime).
- Legal compliance & record-keeping – Legal obligation (HMRC, ICO).
4. COOKIES & TRACKING TECHNOLOGIES
We employ essential cookies for site functionality and, with your consent, analytics/advertising cookies (GA4, Meta, TikTok) and behavioural tools such as Hotjar. Detailed cookie types, lifetimes and opt-out mechanisms are set out in our Cookie Policy.
5. AUTOMATED DECISION-MAKING & PROFILING
Our AI models automatically transform your prompts into Outputs. While generation is algorithmic, it does not create legally significant decisions affecting you. Risk-scoring to detect prompt violations (hate, sexual minors, etc.) may result in automated blocking; you may request human review via info@photo-mind.com.
6. DISCLOSURE OF YOUR DATA
We share personal data only as necessary with:
- Service providers (processors):
- Cloud hosting & GPU compute
- Payment processors
- Email delivery
- Analytics & marketing
- Customer-support tooling
- Professional advisers (lawyers, auditors) under NDA.
- Authorities where required by law or to protect rights.
- Business transferees in case of merger/acquisition (notice will be provided).
Each processor is bound by a written data-processing agreement pursuant to Art. 28 GDPR.
7. INTERNATIONAL TRANSFERS
Many processors are located or have parent companies in the United States. Where data leaves the UK/EEA we rely on:
- Adequacy decisions (e.g., UK–US Data Bridge, EU–US Data Privacy Framework where certified); or
- Standard Contractual Clauses with supplementary measures (encryption in transit & at rest, strict access controls).
Copies of relevant safeguards are available on request.
8. DATA SECURITY
- TLS 1.3 encryption in transit; AES-256 at rest.
- Role-based access control; MFA for admin accounts.
- Annual penetration testing; ISO 27001-aligned policies.
- 24/7 infra monitoring; incident-response plan with <72 h breach notification.
9. DATA RETENTION
Data Set | Retention Period |
Account & Transaction Records | 6 years after last purchase (tax & audit) |
Prompt & Output Logs | 90 days (abuse detection) then anonymised |
Support Tickets | 2 years after closure |
Analytics Events | 14 months (GA4 default) |
Marketing Opt-in Records | Until opt-out + 2 years |
Backup Snapshots | Rolling 30 days then automatically purged |
We may retain data longer where required for legal claims.
10. YOUR RIGHTS (UK/EU GDPR)
You can exercise the following rights free of charge:
- Access – obtain a copy of your personal data.
- Rectification – correct incomplete or inaccurate data.
- Erasure – “right to be forgotten” where grounds apply.
- Restriction – pause processing in certain circumstances.
- Portability – receive data in a machine-readable format.
- Object – to processing based on legitimate interests or direct marketing.
- Withdraw consent – at any time for consent-based processing.
Submit requests to info@photo-mind.com. We will respond within one month (extendable by two further months for complex cases). If unsatisfied, you may lodge a complaint with the ICO (ico.org.uk) or your local EU supervisory authority.
11. CHILDREN
The Platform is not directed to children under 13. We do not knowingly collect data from minors. Parents/legal guardians may contact us to delete any unintentionally collected data.
12. CHANGES TO THIS POLICY
We may update this Policy to reflect changes in law or our practices. Material changes will be notified via email or an in-app banner 14 days before they take effect. The “Last updated” date will be revised accordingly.
13. CONTACT & COMPLAINTS
Email: info@photo-mind.com
Postal: Data Protection Officer, NEWMU LIMITED, 5 Topham St, London EC1R 5HH, UK
Supervisory Authority: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK
© 2025 NEWMU LIMITED. All rights reserved.