Privacy Policy

This Privacy Policy explains how Studio collects, uses, discloses, and protects personal data when you use our website, dashboard, APIs, and related services.

This policy applies to account users, administrators, API users, and website visitors. It should be read alongside any enterprise agreement or data processing addendum that may apply to your account.

Account and identity data: name, email address, organization membership, authentication identifiers, and role permissions.

Billing and transaction data: wallet balance activity, top-up records, invoices, and payment status metadata from payment processors.

API and usage data: request metadata, response metadata, model identifiers, token/usage metrics, logs, IP/device signals, and error telemetry.

Content data: prompts, inputs, and generated outputs submitted through the Service.

Support data: messages, tickets, and operational diagnostics shared during support interactions.

We use personal data to provide and operate the Service, including authentication, request routing, usage metering, billing, fraud prevention, abuse detection, and customer support.

We use logs and technical telemetry to maintain platform reliability, troubleshoot incidents, and improve operational performance.

We may use data to comply with legal obligations, enforce terms and policies, and protect our users, systems, and rights.

Depending on your jurisdiction, we process data under one or more legal bases, including contract performance, legitimate interests, legal obligations, and consent where required.

If you provide personal data about others, you are responsible for obtaining all necessary permissions and providing any required notices.

We share data with trusted service providers that help operate the Service, such as identity/auth providers, payment processors, cloud infrastructure providers, observability tools, and AI model routing or inference providers.

We may disclose information when required by law, court order, or regulatory request, or when necessary to prevent fraud, abuse, or security threats.

We do not store full payment card numbers on our systems. Card processing is handled by integrated payment providers.

We retain data for as long as needed to provide the Service, maintain security and abuse controls, meet accounting and tax obligations, resolve disputes, and enforce contractual rights.

Retention periods vary by data type and legal requirements. We may delete or anonymize data when it is no longer required for these purposes.

We use administrative, technical, and organizational safeguards designed to protect personal data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for securing your credentials, protecting API keys, and configuring access controls in your own environment.

We and our service providers may process data in multiple countries. Where required, we implement appropriate safeguards for cross-border transfers.

Subject to applicable law, you may have rights to access, correct, delete, restrict, object to, or export certain personal data.

You may also have rights to withdraw consent (where processing is based on consent) and lodge complaints with a supervisory authority.

To exercise rights requests, contact us at studio@pahlavan.co.uk.

The Service is not directed to children, and we do not knowingly collect personal data from children where prohibited by law.

We may update this Privacy Policy from time to time. Material updates will be posted on this page with a revised effective date.

Contact: studio@pahlavan.co.uk