Privacy Policy

1. INFORMATION WE COLLECT

Account data — When you sign in via Google OAuth, we receive your name, email address, and profile photo. When you sign in via email, we store your email and a securely hashed password.

Analysis data — When you score an image, we process it temporarily to generate results. We store analysis results (verdict, perception score, forensic signals, observations) but do not permanently store the uploaded image.

Prompt data — Generated rewrite prompts for Midjourney, Flux, DALL-E, and Adobe Firefly are associated with your analysis session. Scene descriptions may be cached to avoid redundant API calls.

Usage data — We track image scores used and Flux generations consumed for plan limit enforcement.

2. HOW WE USE YOUR INFORMATION

• — Provide image perception scoring and prompt generation
• — Process Flux image regeneration requests
• — Manage your account and enforce plan limits
• — Improve the accuracy of the forensic analysis engine
• — Communicate service updates to registered users

3. DATA STORAGE AND SECURITY

Your data is stored securely using Supabase infrastructure with row-level security policies. All API routes require authentication in production. Data is transmitted over HTTPS with strict transport security headers.

4. THIRD-PARTY SERVICES

We use the following third-party services to operate:

• — Anthropic (Claude API) — Images are sent for forensic analysis and prompt generation. Subject to Anthropic's data handling policies.
• — Fal AI (Flux Pro) — Images are sent for regeneration. Subject to Fal AI's data handling policies.
• — Supabase — Authentication, database, and file storage infrastructure.
• — Google OAuth — Used for sign-in. We receive your name, email, and profile photo from Google.

5. DATA RETENTION

Uploaded images are processed in memory and not permanently stored. Analysis results and generated prompts are retained for as long as your account is active. You may request deletion of your data at any time.

6. COOKIES AND LOCAL STORAGE

We use essential cookies for authentication. Local storage is used for client-side usage tracking. We do not use tracking, advertising, or third-party analytics cookies.

7. YOUR RIGHTS

You may request access to, correction of, or deletion of your personal data at any time by contacting hello@valrial.com. We will respond to data requests within 30 days.

8. CHILDREN

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children.

9. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Registered users will be notified of significant changes via email. Continued use of the Service after changes constitutes acceptance.