Loading...

Privacy And Policy

NEWMU LIMITED

Last updated: 3 July 2025

This Privacy Policy (“Policy“) explains how NEWMU LIMITED (“NEWMU“, “we“, “us“, “our“) collects, uses, discloses and safeguards your personal data when you visit or use photo-mind.com and its related services (the “Platform“). NEWMU LIMITED is registered in England & Wales (Company No. 14895264) with its registered office at 5 Topham St, London EC1R 5HH, United Kingdom.

By creating an account, purchasing Credits, submitting prompts or otherwise using the Platform, you acknowledge that you have read and understood this Policy.

1. WHO IS THE DATA CONTROLLER?

  • Controller: NEWMU LIMITED
  • Contact: info@photo-mind.com
  • Data Protection Representative (EEA): NEWMU LIMITED (same address)
  • Supervisory Authority: UK Information Commissioner’s Office (ICO)

2. THE DATA WE COLLECT

Category

Examples

Source

Lawful Basis*

Account Data

Name, email, password hash, country, preferred currency

Direct (registration)

Contract

Contact Data

Name, email, phone, message content (Contact-Us form)

Direct

Legitimate interests (respond)

Transaction Data

Credits purchased, subscription tier, order IDs, VAT details

Direct / Payment processors

Contract & legal obligation (tax)

Payment Data

Last 4 digits of card, expiry, billing address (processed by Stripe/Adyen – we never store full card PAN)

Processors

Contract

Prompt & Output Data

Text prompts, uploaded images, generated Outputs

Direct

Contract & legitimate interests (service improvement, abuse prevention)

Technical & Usage Data

IP address, device, browser, generation latency, p95 metrics

Automated

Legitimate interests (security, analytics)

Marketing & Analytics Data

GA4 events, Meta/TikTok pixels, Hotjar heat-maps

Cookies / SDKs

Consent

*See §3 for explanation of lawful bases.

We do not knowingly collect special-category data unless you include such content in your prompt/upload. Please avoid submitting personal data of third parties without their consent.

3. PURPOSES & LEGAL BASES

  1. Account creation & authentication – Contract.
  2. Processing orders & payments – Contract; legal obligation for VAT evidencing.
  3. Providing AI-generation service – Contract; legitimate interests in maintaining service quality.
  4. Customer support & dispute resolution – Legitimate interests.
  5. Fraud & abuse detection (AUP enforcement) – Legitimate interests; legal obligation where content is illegal.
  6. Analytics & product improvement – Consent (non-essential cookies) or legitimate interests for aggregated, anonymised metrics.
  7. Marketing communications – Consent (opt-in tick-box; unsubscribe anytime).
  8. Legal compliance & record-keeping – Legal obligation (HMRC, ICO).

4. COOKIES & TRACKING TECHNOLOGIES

We employ essential cookies for site functionality and, with your consent, analytics/advertising cookies (GA4, Meta, TikTok) and behavioural tools such as Hotjar. Detailed cookie types, lifetimes and opt-out mechanisms are set out in our Cookie Policy.

5. AUTOMATED DECISION-MAKING & PROFILING

Our AI models automatically transform your prompts into Outputs. While generation is algorithmic, it does not create legally significant decisions affecting you. Risk-scoring to detect prompt violations (hate, sexual minors, etc.) may result in automated blocking; you may request human review via info@photo-mind.com.

6. DISCLOSURE OF YOUR DATA

We share personal data only as necessary with:

  • Service providers (processors):
    • Cloud hosting & GPU compute
    • Payment processors
    • Email delivery
    • Analytics & marketing
    • Customer-support tooling
  • Professional advisers (lawyers, auditors) under NDA.
  • Authorities where required by law or to protect rights.
  • Business transferees in case of merger/acquisition (notice will be provided).

Each processor is bound by a written data-processing agreement pursuant to Art. 28 GDPR.

7. INTERNATIONAL TRANSFERS

Many processors are located or have parent companies in the United States. Where data leaves the UK/EEA we rely on:

  • Adequacy decisions (e.g., UK–US Data Bridge, EU–US Data Privacy Framework where certified); or
  • Standard Contractual Clauses with supplementary measures (encryption in transit & at rest, strict access controls).

Copies of relevant safeguards are available on request.

8. DATA SECURITY

  • TLS 1.3 encryption in transit; AES-256 at rest.
  • Role-based access control; MFA for admin accounts.
  • Annual penetration testing; ISO 27001-aligned policies.
  • 24/7 infra monitoring; incident-response plan with <72 h breach notification.

9. DATA RETENTION

Data Set

Retention Period

Account & Transaction Records

6 years after last purchase (tax & audit)

Prompt & Output Logs

90 days (abuse detection) then anonymised

Support Tickets

2 years after closure

Analytics Events

14 months (GA4 default)

Marketing Opt-in Records

Until opt-out + 2 years

Backup Snapshots

Rolling 30 days then automatically purged

We may retain data longer where required for legal claims.

10. YOUR RIGHTS (UK/EU GDPR)

You can exercise the following rights free of charge:

  1. Access – obtain a copy of your personal data.
  2. Rectification – correct incomplete or inaccurate data.
  3. Erasure – “right to be forgotten” where grounds apply.
  4. Restriction – pause processing in certain circumstances.
  5. Portability – receive data in a machine-readable format.
  6. Object – to processing based on legitimate interests or direct marketing.
  7. Withdraw consent – at any time for consent-based processing.

Submit requests to info@photo-mind.com. We will respond within one month (extendable by two further months for complex cases). If unsatisfied, you may lodge a complaint with the ICO (ico.org.uk) or your local EU supervisory authority.

11. CHILDREN

The Platform is not directed to children under 13. We do not knowingly collect data from minors. Parents/legal guardians may contact us to delete any unintentionally collected data.

12. CHANGES TO THIS POLICY

We may update this Policy to reflect changes in law or our practices. Material changes will be notified via email or an in-app banner 14 days before they take effect. The “Last updated” date will be revised accordingly.

13. CONTACT & COMPLAINTS

Email: info@photo-mind.com
Postal: Data Protection Officer, NEWMU LIMITED, 5 Topham St, London EC1R 5HH, UK
Supervisory Authority: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK

© 2025 NEWMU LIMITED. All rights reserved.