BitmonBitmon.meBack to home

PRIVACY POLICY — BITMON PHOTO (BITMON.ME)

Last update: 11/25/2025

Controller: Bitmon.me ("Bitmon", "we")

Privacy contact: bitmon.app@gmail.com

This Policy explains how we collect, use, store, share and protect personal data when you use Bitmon Photo ("Service").

By using the Service, you agree to this Policy.

1)Scope and audience

Bitmon Photo is an application that allows enhancing photos through AI and post-processing. The Service may be used, for example, for dental photography enhancement, which may involve personal data and sensitive personal data (LGPD), especially when images reveal health information.

2)Data we collect

2.1 Account data (Google login)

When you log in with Google, we may collect:

  • name,
  • email,
  • profile picture (avatar),
  • provider account identifier (Google ID),
  • authentication tokens (securely, according to the authentication library used).

Purpose: authenticate you, create your account and maintain your session.

2.2 Content you submit

We may collect and process:

  • input images submitted for enhancement,
  • output images generated by the Service,
  • logos submitted for watermark (when you choose to use).

Attention: depending on the content, images may contain personal data (e.g., face), and/or sensitive data (e.g., health-related information, such as dental condition).

2.3 Usage data and technical logs

We may collect:

  • event records (e.g., image submission, successful enhancement, errors),
  • timestamps,
  • device/browser information (e.g., user-agent),
  • performance metrics,
  • security/anti-fraud data (e.g., suspicious attempts, usage limits).

In general, we seek minimization: we collect what is necessary to operate, protect and improve the Service.

2.4 Payments (Stripe)

When you purchase credits or subscribe to a plan:

  • payment is processed by Stripe (payment provider).
  • We do not receive your complete card number.

We may receive and store payment metadata:

  • subscription/purchase status,
  • customer/subscription/transaction identifiers (Stripe IDs),
  • date, amount, currency, and billing events (e.g., invoice.paid).

2.5 Referral program, if enabled

We may collect and store:

  • your referral code/link,
  • "referred/was referred" relationship,
  • bonus eligibility status (e.g., pending/completed),
  • associated anti-fraud logs (when necessary).

3)Legal bases (LGPD)

We process personal data based on one or more legal bases, as applicable:

  • Contract execution: to provide the Service (process images, manage credits, authentication).
  • Legitimate interest: security, fraud/abuse prevention, Service improvement, support and aggregate analysis.
  • Legal/regulatory obligation: when applicable (e.g., accounting/tax records).
  • Consent: when required (e.g., certain communications; and especially when you, as a professional, upload third-party images, you declare that you have appropriate consent/legal basis from the data subject).

Important: If you submit patient/third-party images, you declare that you have valid and adequate legal basis/consent for such submission and processing.

4)How we use data (purposes)

We use your data to:

  • Authenticate and manage your account.
  • Process images (AI enhancement and post-processing, including possible logo application, if enabled).
  • Manage credits, subscriptions and purchases (Stripe) and maintain a credit transaction history for audit.
  • User support (investigate errors, respond to requests).
  • Security and anti-fraud (usage limits, referrals, promotion abuse).
  • Improve the Service (aggregate and anonymous metrics when possible).

5)Providers and data sharing

We may share data with providers necessary to operate the Service:

5.1 Google (Login)

We share information necessary for authentication via Google.

5.2 Stripe (Payments)

We share data necessary to process payments and manage subscriptions. Stripe acts as the payment processor and maintains its own compliance records.

5.3 AI Provider (image processing)

To enhance your images, we send data (image and instructions/prompt) to the AI provider configured in the Service. This submission is necessary to perform the functionality.

Important about sensitive content: if the image contains sensitive data, its submission to the AI provider will occur due to technical necessity to execute the Service and according to applicable legal bases.

5.4 Infrastructure and storage

We use hosting, execution and storage services (e.g., Vercel, Supabase and/or equivalents). This may involve temporary storage and technical logs.

6)International transfer

Some providers may operate in other countries. Thus, your data may be processed/stored outside Brazil, with applicable contractual and security measures.

7)Information security

We adopt reasonable technical and organizational measures to protect data, including:

  • access control,
  • encryption in transit (HTTPS),
  • storage with permission rules (e.g., private buckets),
  • key and secret segregation,
  • logs and anomaly monitoring.

Despite this, no system is infallible. You should also keep your credentials and account protected.

8)Retention and deletion

We retain data for the time necessary to fulfill the described purposes, including:

  • Service operation (processing, temporary storage),
  • credit audit and anti-fraud,
  • legal/accounting obligations (payments).

8.1 Images

Image retention policies may vary according to Service settings. When possible:

  • we limit storage time,
  • we enable content deletion,
  • we maintain backups for a limited period for technical and security reasons.

9)Your rights (LGPD)YOUR RIGHTS

You may request, when applicable:

  • processing confirmation,
  • access,
  • correction,
  • anonymization/blocking,
  • portability (when possible),
  • deletion (when possible and not conflicting with legal obligation),
  • information about sharing,
  • consent revocation (when applicable).

To exercise rights, contact: bitmon.app@gmail.com

10)Cookies and similar technologies

We may use cookies/localStorage for:

  • maintaining session,
  • remembering preferences,
  • storing referral parameters,
  • essential metrics (when necessary).

You can manage cookies in your browser. However, disabling them may affect functionality.

11)Children and adolescents

The Service is not directed at minors. If you believe that minor's data has been improperly processed, contact us.

12)Third-party content and user responsibility

If you submit images of third parties (e.g., patients), you declare that:

  • you have appropriate authorization and legal basis,
  • you comply with professional standards and applicable laws,
  • you do not send information beyond what is necessary.

We recommend avoiding identifiable data when the purpose does not require it.

13)Communications

We may send operational communications (e.g., payment confirmation, account notices). Marketing communication, when existing, will follow opt-in/opt-out when applicable.

14)Changes to this Policy

We may update this Policy. In case of relevant changes, we will notify through reasonable means in the Service.

15)Contact

Privacy questions and LGPD requests: bitmon.app@gmail.com

Back to home