CHRONOSNAPTEMPORAL PHOTOGRAPHY · EST. 2024

Privacy Policy

Effective date: 13 May 2026

1. Who We Are

Chronosnap is operated by Icefish Research (“we”, “our”, “us”), a company registered in Singapore, and is accessible at chronosnap.icefish.uk.

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”), Icefish Research is the data controller for personal data collected through this service. You can contact us at support@icefish.uk for any privacy-related questions.

2. Information We Collect

We collect the following categories of personal data:

  • Account information. Your email address, collected when you register or sign in via Magic Link or password-based authentication.
  • Portrait photos. The portrait image you upload is stored in our secure cloud storage solely for the purpose of generating your composite images.
  • Generated images. The AI-composite images produced for you are stored and associated with your account so you can download them from your gallery.
  • Payment information. We do not store card details. Payment is processed directly by Creem.io. We only receive a payment confirmation reference and the amount paid.
  • Usage events. We log events such as image generation starts and completions, gallery views, and sign-in activity to operate and improve the service.
  • Technical data. Standard server logs including IP address, browser type, and request timestamps, retained for security purposes.

3. Lawful Basis for Processing

Under UK GDPR / EU GDPR, we rely on the following lawful bases:

  • Contract performance (Article 6(1)(b)). Processing your email address, portrait photo, and order data to provide the service you have paid for.
  • Legitimate interests (Article 6(1)(f)). Logging usage events and technical data to detect fraud, maintain security, and improve service reliability. Our legitimate interests do not override your fundamental rights.
  • Legal obligation (Article 6(1)(c)). Retaining transaction records as required by applicable financial regulations.

4. How We Use Your Information

  • To authenticate you and maintain your account.
  • To process your uploaded portrait and generate composite images using our AI pipeline.
  • To fulfil your paid order and provide results in your gallery.
  • To detect and prevent fraud or abuse.
  • To improve the reliability and quality of the service.

We do not sell your personal data or use it to train AI models without your explicit consent.

5. Third-Party Service Providers

We share data only with the following sub-processors, strictly to operate the service:

  • Supabase (USA / EU). Authentication, database, and file storage. Your email and images are stored on Supabase infrastructure. Supabase processes data under Standard Contractual Clauses for transfers outside the UK/EEA. See supabase.com/privacy.
  • Creem.io. Payment processing. We pass your email address and order ID to Creem to pre-fill the checkout form. Creem handles all card data as an independent data controller. See creem.io/privacy.
  • Vercel (USA). Application hosting and serverless compute. Request metadata passes through Vercel infrastructure under Standard Contractual Clauses. See vercel.com/legal/privacy-policy.

6. International Data Transfers

Our service is hosted in the United States and the European Union through our sub-processors. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and UK International Data Transfer Agreements (IDTAs) where required. You may request a copy of the relevant safeguards by contacting us at support@icefish.uk.

7. Your Portrait Photos

Your uploaded portrait is stored privately and is only accessible to you and our server-side AI processing pipeline. It is never displayed publicly, shared with other users, or used in any training dataset. You may request deletion of your portrait and all associated generated images at any time by contacting us.

8. Data Retention

We retain your account data and generated images for as long as your account is active or as necessary to provide the service. Uploaded portrait photos are retained until your order is fulfilled and for up to 90 days thereafter for support purposes. Transaction records are retained for 7 years as required by applicable tax and financial regulations. You may request deletion of your personal data at any time (see Section 9).

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

  • Right of access. Request a copy of the personal data we hold about you.
  • Right to rectification. Request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”). Request deletion of your personal data where there is no overriding legitimate reason to retain it.
  • Right to restriction. Request that we restrict processing of your data in certain circumstances.
  • Right to data portability. Receive your personal data in a structured, machine-readable format and have it transmitted to another controller.
  • Right to object. Object to processing based on legitimate interests; we will stop unless we have compelling grounds to continue.
  • Rights related to automated decision-making. We do not make solely automated decisions that have legal or similarly significant effects on you.

To exercise any of these rights, contact us at support@icefish.uk. We will respond within one calendar month as required by UK/EU GDPR.

10. Right to Lodge a Complaint

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data in accordance with UK GDPR.

If you are in the EU, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we can resolve the matter directly.

11. Security

All data is transmitted over HTTPS. Files are stored in access-controlled cloud storage buckets with row-level security enforced at the database layer. No two users can access each other’s orders or images. We apply industry-standard security practices but cannot guarantee absolute security against all threats.

12. Children

Chronosnap is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page reflects the latest revision. For material changes, we will notify you via the email address on your account with at least 30 days’ notice. Continued use of the service after changes constitutes acceptance of the revised policy.

14. Contact

For privacy questions or to exercise your data rights, contact Icefish Research at support@icefish.uk.

← Back to home