Last Updated: March 11, 2026
Introduction
Ima Studio (referred to as “Ima”, “we”, “us”, or “our”) operates a digital platform accessible through web applications, mobile applications, and related services (collectively, the “Services”). In the course of operating the Services, we may collect, use, store, and otherwise process information relating to identified or identifiable individuals (“Personal Data”).
This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard Personal Data in connection with your access to and use of the Services, and describes your rights regarding such information.
This Policy is incorporated into and governed by our Terms of Service (“Terms”), which are available at https://imastudio.com/terms-and-conditions. Unless otherwise defined in this Policy, capitalized terms used herein have the meanings assigned to them in the Terms.
By accessing, visiting, or using our Services, you warrant and represent that you have read, understood, and agreed to this Policy and our ToS. If you disagree with anything in this Policy, you must not use or access the Services.
1. Information We Collect
We collect information in several ways when you access or use the Services, including information that you provide directly, information collected automatically through your use of the Services, and information obtained from third parties.
1.1. Information You Provide to Us
We collect information that you voluntarily provide when you create an account, use the Services, communicate with us, or otherwise interact with the platform. This may include:
- Account Information, such as your name, email address, username, password, and other information provided when registering or managing your account.
- User Content, including any prompts, images, videos, audio, reference materials, or other content that you upload, submit, or generate through the Services. User Content that you upload may include images or videos depicting identifiable individuals. Such content may reveal facial characteristics or other physical features (“Facial Data”). Depending on the laws of your jurisdiction, Facial Data may be considered sensitive personal information or biometric information. We process such content solely to provide the functionality of the Services and generate the outputs you request. Facial Data contained in User Content is processed only as necessary to perform the requested processing and to deliver the resulting output. We do not use Facial Data to identify or authenticate individuals, create biometric templates, or perform facial recognition.
- Communications, such as messages you send to us through customer support, feedback forms, or other communication channels.
- Billing Information, such as billing address, subscription plan, or transaction identifiers associated with your purchases made through the Services.
1.2. Information Collected Automatically
When you access or use the Services, we may automatically collect certain technical and usage information, including:
- Device Information, such as device type, operating system, browser type, device identifiers, and language settings.
- Usage Data, including interactions with the Services, features used, timestamps, pages viewed, and system activity.
- Log Information, such as IP address, access times, and referring URLs.
- Cookies and Similar Technologies, which help us recognize your device, improve functionality, and analyze usage patterns. For more information about how we use cookies and similar technologies, please refer to Section 8 (Cookies and Tracking Technologies).
1.3. Information from Third Parties
We may receive information about you from third parties in certain circumstances, including:
- Account Verification Services. To support account verification and prevent fraud or misuse of the Services, we may receive limited information from trusted third-party verification providers. Such providers may process verification data on our behalf in accordance with their own privacy policies.
- Payment Processors. Payments made through the Services may be processed by third-party payment providers. These providers may share limited information with us, such as payment confirmation, transaction identifiers, or subscription status. We do not store full payment card numbers or other sensitive financial information. Your use of such payment services is subject to the privacy policies of the respective providers.
- Service Providers and Partners. We may receive certain information from service providers and partners who assist us with analytics, infrastructure, technical operations, customer support, or AI model processing. This includes providers that process images, videos, or other data to deliver AI-generated outputs. All such providers act strictly under our documented instructions and are bound by agreements to safeguard your Personal Data and comply with applicable data protection requirements.
The information we receive from these third parties may be combined with other information we collect about you in order to operate and improve the Services.
2. How We Use Your Personal Data
We use the Personal Data we collect to operate and improve the Services, provide requested features, ensure security and compliance, and fulfill our legal and contractual obligations. Depending on your jurisdiction, we may rely on your consent, contractual necessity, legitimate interests, or other lawful grounds to process your Personal Data as described below.
2.1. To Provide and Operate the Services
We use information to operate, maintain, and provide the functionality of the Services. This includes processing your prompts, inputs, images, videos, and other User Content to generate the outputs you request and to enable core platform features such as content creation, storage, rendering, and sharing. If User Content you upload contains Facial Data, such information is processed solely as necessary to perform the requested processing and to generate the outputs you request through the Services. We do not use Facial Data to identify individuals, perform facial recognition, or create biometric templates.
2.2. To Process Transactions and Manage Subscriptions
We use billing and transaction-related information to process payments, manage subscriptions, provide invoices or receipts, and maintain records related to your purchases. Payment transactions may be processed through third-party payment providers.
2.3. To Improve and Develop the Services
We may use information, including usage data and technical logs, to analyze system performance, troubleshoot issues, maintain platform security, and improve the functionality, reliability, and user experience of the Services. Where permitted by applicable law, we may also use aggregated or de-identified information to develop, evaluate, and improve our technologies and services.
2.4. To Communicate With You
We may use your contact information to communicate with you about your account, respond to your inquiries, provide customer support, send service-related notifications, and inform you about updates to the Services, the Terms of Service, or this Privacy Policy. Where required by applicable law, we will obtain your consent before sending marketing communications, and you may opt out at any time.
2.5. To Maintain Security and Prevent Misuse
We use information to monitor, detect, investigate, and prevent fraudulent activity, abuse of the Services, violations of our Terms of Service, and other harmful or illegal activities. This includes protecting the integrity and security of our platform, users, and systems.
2.6. To Comply With Legal Obligations
We may use and disclose information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
We process Personal Data to the extent necessary to provide and maintain the Services, fulfill your requests, comply with our legal obligations, and protect our legitimate interests. In some cases, we rely on your consent, such as when you opt to use specific AI-powered features or provide additional data beyond what is required to operate the Services. For other activities, such as delivering the Services you request, ensuring system security, preventing fraud, or meeting regulatory requirements, processing is based on our contractual obligations, legal obligations, or legitimate business interests.
In all cases, we limit the use of Personal Data to purposes that are appropriate and necessary in connection with providing the Services, and we take reasonable measures to ensure that your rights and interests are respected.
3. How We Share Information
We may share information we collect in the following circumstances:
3.1. Third-Party Service Providers
We may share information with third-party vendors and service providers that perform services on our behalf, including cloud hosting, data storage, infrastructure services, analytics, customer support, payment processing, and AI-powered model operations (collectively, “Third-Party Service Providers”). These providers are authorized to process information only as necessary to provide services to us and are contractually obligated to protect the information they receive in accordance with applicable laws.
| Provider Type | Provider | Purpose | Processing & Restrictions |
| Cloud / Storage / Infrastructure | AWS, Alibaba Cloud | Host, store, and manage platform data | Process data only to provide infrastructure services; cannot use data for independent purposes |
| Payment Processors | Stripe, Google Pay, Apple Pay | Process payments, manage subscriptions | Limited payment information shared; no storage of full card numbers; subject to provider privacy policies |
| AI Model Providers | OpenAI, Google , ByteDance , Midjourney, Pixverse, Anthropic, MiniMax, Kling | Process User Content to generate requested outputs | To generate outputs or support functionality of AI-powered Services. Providers act only on our instructions, cannot retain Facial Data beyond processing duration, and may not use it for independent purposes such as model training, analytics, profiling, marketing, or product development |
| Communication / Media | LiveMe IM SDK, StoreKit, media_kit/libmpv | Authentication, messaging, Video and media playback | Process only data necessary for SDK functionality; must comply with provider privacy policies; cannot use User Content for independent purposes |
All third-party providers act exclusively on our behalf as data processors. Any processing they perform is strictly limited to what is necessary to provide the requested services or outputs. Providers are not permitted to use Personal Data, including Facial Data, for their own purposes and may not retain such data beyond the period required to deliver the services. Temporary caching that occurs during processing is controlled, time-bound, and automatically deleted once processing is complete. Where third-party providers process information across jurisdictions, we take appropriate measures to ensure that such transfers comply with applicable legal requirements.
From time to time, we may engage additional third-party service providers in different jurisdictions to support new features, optimizations, or other operational needs. These future providers are subject to the same restrictions and protections described above. All providers, regardless of location, are required under written agreements to follow our documented instructions, implement appropriate technical and organizational safeguards, ensure confidentiality and security, and provide adequate protection for any cross-border transfers in accordance with applicable data protection laws. We may update our Privacy Policy as needed to reflect any new service providers.
3.2. Legal Compliance and Protection
We may disclose information if we believe such disclosure is necessary to:
- comply with applicable laws, regulations, legal processes, or governmental requests;
- enforce our Terms of Service or other agreements;
- detect, investigate, or prevent fraud, security issues, or other harmful activities; or
- protect the rights, property, or safety of Ima, our users, or others.
3.3. Business Transfers
If Ima is involved in a merger, acquisition, financing, asset sale, or other corporate transaction, information we collect may be transferred as part of that transaction. In such cases, we will take reasonable steps to ensure that the receiving party continues to protect your information in a manner consistent with this Privacy Policy.
3.4. With Your Consent or Direction
We may share information with third parties when you explicitly request or direct us to do so, or when you otherwise provide your consent.
We may share aggregated, de-identified, or anonymized information with third parties for research, analytics, or other legitimate business purposes. Such information cannot be used to identify any individual and is separate from the sharing of Personal Data with service providers described above.
4. Data Retention
We retain Personal Data and other information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to enforce our agreements and policies, to resolve disputes, or as otherwise permitted or required by law. Retention periods may vary by jurisdiction, but we generally apply the following guidelines:
4.1. Marketing Data
Information collected for marketing purposes, including email addresses and preferences, is retained until you unsubscribe. Once you unsubscribe, your contact information is added to a suppression list to ensure we respect your request.
4.2. User Content and Interactions
We may retain information about your interactions with the Services, including content you upload, generate, post, or share, such as images, videos, prompts, comments, and support tickets, for as long as necessary to comply with legal obligations, resolve disputes, enforce our agreements, conduct audits, or prevent fraud or crime. Once these purposes are fulfilled, we will securely delete or anonymize the data.
Facial Data, which refers to any facial information derived from images or videos you upload as part of your User Content, is treated with additional care due to its sensitive nature. Facial Data is processed solely to fulfill your specific request for AI-generated output. To perform this processing, your content may be transmitted to trusted third-party AI providers who act strictly as data processors under written agreements. These providers are contractually prohibited from retaining Facial Data beyond the duration required to complete your request and from using it for any other purposes, including model training, analytics, profiling, or marketing. Once your requested AI-generated output has been delivered, any uploaded content and associated Facial Data are automatically deleted from our systems and those of our third-party processors, generally no later than thirty (30) days. Notwithstanding the foregoing, if retention is required to comply with legal obligations, we will retain the data only for the period strictly necessary to meet that obligation.
4.3. Web and Behavioral Data
Data collected via cookies, analytics, webpage counters, or similar tracking technologies is retained for up to one year from the date of collection or cookie expiry.
4.4. Payment Information
We may retain payment and billing information, including transaction records, for as long as necessary to process payments, fulfill contractual obligations, comply with accounting and tax regulations, or resolve disputes. Sensitive payment data, such as full credit card numbers, is not retained beyond the duration required for transaction processing in accordance with our agreements with third-party payment processors.
4.5. Support Records
Call recordings or other support communications may be retained up to six (6) years, if required by applicable law.
We regularly review our retention practices to ensure compliance with applicable laws, minimize data storage, and protect your information. If you have questions about retention periods or wish to exercise deletion rights, please contact us using the methods set forth in Section 11 (Contact Us).
5. Data Security
We implement reasonable technical and organizational measures designed to protect Personal Data from unauthorized access, disclosure, alteration, or destruction. These measures include administrative safeguards, technical protections, and physical security controls appropriate to the nature of the information we process. We also require our service providers and partners who process Personal Data on our behalf to maintain appropriate security measures consistent with applicable data protection laws and industry standards.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your Personal Data using commercially reasonable safeguards, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for taking appropriate precautions when using the Services.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data that we collect and process through the Services, including User Content, Facial Data, account information, and other personal information.
6.1. Access and Data Portability
You may request access to the Personal Data we hold about you and obtain a copy of such data in a structured, commonly used, machine-readable format. This includes information you provide, data generated through your use of the Services, and related account information. Where technically feasible, you may also request that we transmit your data directly to another service provider.
6.2. Correction
You have the right to request correction or updating of your Personal Data if it is inaccurate, incomplete, or outdated. This includes information associated with your account and any User Content you have uploaded or generated.
6.3. Deletion
You may request the deletion of Personal Data that we hold, including any information you provide or generate through the Services. You can submit such requests directly within the Services through your account settings, or by contacting us using the methods provided in Section 11 (Contact Us). We may require verification of your identity before processing your request.
While we will take reasonable steps to comply with your deletion request, please note that we may retain certain Personal Data to the extent necessary to:
- comply with applicable legal obligations;
- resolve disputes, enforce agreements, or protect our legal rights;
- maintain anonymized or aggregated data that cannot be linked to you personally;
- support legitimate operational or security purposes of the Services.
6.4. Restriction of Processing
You may request that we temporarily restrict the processing of your Personal Data, for example while we verify a deletion or correction request or to comply with legal requirements.
6.5. Objection
You have the right to object to certain types of processing, including processing for direct marketing purposes or automated decision-making where applicable. Upon receiving a valid objection, we will cease the specified processing unless otherwise required by law.
6.6. Withdraw Consent
Where you have provided consent for certain processing activities, including use of Facial Data for optional features, you may withdraw your consent at any time. Withdrawal of consent does not affect processing performed prior to the withdrawal.
6.7. Complaints
You have the right to lodge a complaint with a competent data protection authority if you believe that our processing of your Personal Data violates applicable law.
6.8. How to Exercise Your Rights
To exercise any of the rights described above, please contact us using the methods set out in Section 11 (Contact Us). We may require verification of your identity to ensure that your Personal Data is protected and that requests are fulfilled appropriately. Upon verification, we will respond to your request without undue delay and in accordance with applicable law.
7. International Data Transfers
Your Personal Data may be transferred to, stored, or processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those of your jurisdiction. In particular, we may rely on service providers, infrastructure providers, and AI technology providers that operate in multiple jurisdictions to support the operation of the Services. As a result, your Personal Data may be processed in locations where our service providers or partners maintain facilities.
Where Personal Data is transferred across borders, we take reasonable steps to ensure that appropriate safeguards are implemented to protect your information in accordance with applicable data protection laws. Such safeguards may include contractual protections with service providers, implementation of recognized data transfer mechanisms, or other legally recognized safeguards designed to ensure that your Personal Data remains adequately protected.
By using the Services, you acknowledge that your Personal Data may be transferred and processed in accordance with this Privacy Policy.
8. Cookies and Similar Technologies
We use cookies and similar technologies, such as web beacons, pixels, and local storage, to collect certain information automatically when you access or interact with the Services. These technologies help us recognize your device, maintain secure sessions, remember your preferences, and better understand how users interact with the Services.
Cookies may be used to support the core functionality of the Services, improve performance and reliability, and analyze usage patterns so that we can enhance the user experience and continue to develop and improve our products. You can control or disable cookies through your browser or device settings. Please note that if you choose to block or disable certain cookies, some features or functionality of the Services may not operate properly.
9. Children’s Privacy
Ima is intended for users aged 13 and older. We do not knowingly collect Personal Data from children under the age of 13, or under 16 for users located in the Designated Countries, unless permitted to do so by applicable law. Children are not permitted to use our Services unless they provide us with consent from their parents or guardians. If we become aware that we have unknowingly collected Personal Data from a child, we will make commercially reasonable efforts to delete such information from our database.
If you are a parent or guardian of a child, and you believe your child has provided us with their Personal Data on our Services, please contact us using the methods set out in Section 11 (Contact Us). We may request reasonable proof of parental identity and authority to provide consent.
10. Changes to This Privacy Policy
We may periodically make changes to this Policy as we update or expand our Services. We will notify you of any material changes to this Policy by notifying you via the email we have on file for you, or by means of a notice on our Services in advance of the effective date of the changes. If you do not agree to the changes, you should discontinue your use of the Services prior to the time the modified Policy takes effect. If you continue using the Services after the modified Policy takes effect, you will be bound by the modified Policy.
Furthermore, we may provide you with “just-in-time” disclosures or additional information about the data collection, use, and sharing practices of specific Services. These notices may provide more information about our privacy practices, or provide you with additional choices about how we process your Personal Data.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of Personal Data, you may contact us using the methods below:
- Legal and Privacy Inquiries: legal@imastudio.com
- Customer Support: support@imastudio.com
We will review and respond to your inquiry in accordance with applicable law.