MogGPT
Sign In

Privacy Policy

Last updated: February 16, 2026

1. Introduction

MogGPT ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI photo generation service (the "Service"). Because our Service involves the processing of facial photographs, we take privacy especially seriously and have designed our systems with data minimization and security as core principles.

2. Information We Collect

Account Information

When you create an account, we collect your email address. Authentication is handled via magic link (passwordless) — we do not collect or store passwords.

Uploaded Photos

You upload facial photographs of yourself for AI processing. These images contain biometric-adjacent data (your facial features). We process these images solely to provide the Service and do not use them for any other purpose. See Section 4 for details on how we handle this sensitive data.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other financial information on our servers. Stripe's privacy policy governs the handling of your payment data.

Usage Data

We collect basic usage information such as pages visited, features used, generation history, and device/browser type. This data is used to improve the Service and diagnose technical issues.

3. How We Use Your Information

We use your information for the following purposes:

  • Account management: To create and maintain your account, authenticate your identity, and communicate with you about your account
  • AI photo generation: To process your uploaded photos and generate AI-edited images as requested
  • Payment processing: To process subscription payments through Stripe and manage your billing
  • Service improvement: To analyze usage patterns and improve the reliability and quality of the Service
  • Legal compliance: To comply with applicable laws, regulations, and legal requests

4. Biometric & Facial Data

Because MogGPT processes photographs of your face, we want to be transparent about how this sensitive data is handled:

  • Your photos are processed by our AI provider solely for the purpose of generating your requested output images
  • We do not use your photos for facial recognition, biometric identification, or surveillance purposes
  • We do not use your photos to train, fine-tune, or improve AI models
  • We do not share your photos with third parties except as necessary to provide the Service (i.e., our AI processing provider)
  • Your source photos are automatically and permanently deleted from our servers within 24 hours of upload
  • You may manually delete your photos at any time before the automatic deletion occurs

If you are located in a jurisdiction with specific biometric data laws (such as Illinois BIPA, Texas CUBI, or Washington state biometric law), please be aware that by uploading your photos and using the Service, you provide your informed consent to the processing described in this section.

5. Data Retention

We retain your data for the minimum time necessary to provide the Service:

  • Source photos: Automatically deleted 24 hours after upload
  • Generated outputs: Automatically deleted 7 days after generation (download them before expiry)
  • Account data: Retained until you delete your account
  • Usage data: Retained in anonymized/aggregated form for analytics

Automatic deletion is handled by scheduled background jobs that run hourly. You can also manually delete your photos and generated images at any time through your account dashboard.

6. Data Sharing

We share your personal information only with the following third-party service providers, and only as necessary to operate the Service:

  • AI processing provider: Receives your uploaded photos to generate AI-edited outputs. Photos are transmitted securely and are not retained by the provider beyond the processing session
  • Stripe: Processes your payment transactions. Stripe operates as an independent data controller for payment data
  • Supabase: Provides our database and storage infrastructure. Data is stored in private, encrypted buckets with row-level security

We do not sell your personal information to third parties. We do not share your data with advertisers, data brokers, or any other commercial entities. We may disclose information if required by law, regulation, or valid legal process.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Request a machine-readable copy of your data
  • Right to object: Object to the processing of your personal data
  • Right to withdraw consent: Withdraw your consent to data processing at any time

To exercise any of these rights, please contact us at privacy@moggpt.com. We will respond to your request within 30 days. Our legal basis for processing your data is your consent (for photo uploads) and contractual necessity (for account management and service delivery).

8. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request information about the categories and specific pieces of personal data we have collected about you
  • Right to delete: Request deletion of your personal data
  • Right to opt-out of sale: We do not sell your personal information, so this right is automatically fulfilled
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, contact us at privacy@moggpt.com. We will verify your identity before processing any request and respond within 45 days.

9. Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over encrypted connections (HTTPS/TLS)
  • Photos and generated images are stored in private storage buckets — they are never publicly accessible
  • Access to stored files requires time-limited signed URLs
  • Database access is protected by row-level security policies, ensuring users can only access their own data
  • Authentication tokens and API keys are never logged or exposed
  • Security headers (HSTS, CSP, X-Content-Type-Options) are applied to all responses

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. If you become aware of any security breach affecting your account, please contact us immediately.

10. Cookies & Tracking

MogGPT uses only essential cookies required for authentication and session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites. We do not participate in cross-site tracking or targeted advertising.

11. Children's Privacy

MogGPT is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete that information. If you believe a child under 18 has provided us with personal information, please contact us at privacy@moggpt.com.

12. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in a country with different data protection laws than your country of residence. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, for significant changes, by sending an email notification to the address associated with your account. We encourage you to review this policy periodically.

14. Contact

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your data is handled, please contact us:

Email: privacy@moggpt.com

We aim to respond to all privacy-related inquiries within 30 days.