✨ Get 15% off Growth plan with code
noshootnoshoot.
Enter App

Product Tagging

Batch Processing

Outfit Grouping

Pose Controls

Model Library

Export Ready Assets

Catalog Packs

Editorial Drops

PDP Updates

Social Launch Kits

PricingFAQBlog
Log In

Data protection

Privacy Policy

How noshoot collects, uses, shares, protects, and retains personal data for the website, product, accounts, billing, support, and AI-assisted workflows.

Operated by SZABÓ Z. ÁKOS PERSOANĂ FIZICĂ AUTORIZATĂ (VAT RO51946845) · Last updated April 30, 2026

1. Who we are

This Privacy Policy explains how noshoot collects, uses, shares, and retains personal data when you visit our website, create an account, use the Service, communicate with us, or interact with our content. noshoot is operated as the data controller for personal data processed for our own purposes.

Where a customer uploads or generates content containing personal data on behalf of its own business, that customer may be the controller and we may act as processor according to the customer instructions and applicable data processing terms.

2. Personal data we process

  • Account data, such as name, email address, password hash, workspace membership, role, preferences, and authentication events.
  • Billing and commercial data, such as plan, credits, invoices, tax details, payment status, and transaction metadata handled through payment providers.
  • Customer content, such as uploaded product photos, model references, prompts, campaign settings, generated images or videos, and comments.
  • Usage and device data, such as IP address, browser, device type, pages viewed, logs, timestamps, feature usage, errors, and security events.
  • Support and communications data, such as messages, issue reports, feedback, and attachments you send to us.
  • Cookie and local storage data, including consent records and limited preferences described in our Cookies Policy.

3. Purposes and legal bases

  • To provide the Service, authenticate users, manage workspaces, process generations, deliver assets, and administer subscriptions. Legal basis: contract or steps before contract.
  • To bill customers, manage credits, prevent fraud, keep accounting records, and comply with tax and legal obligations. Legal basis: contract, legal obligation, and legitimate interests.
  • To secure the Service, investigate abuse, prevent unauthorized access, debug errors, and maintain audit logs. Legal basis: legitimate interests and legal obligation where applicable.
  • To improve product quality, reliability, workflows, and support. Legal basis: legitimate interests, and consent where required.
  • To send service messages and essential account notices. Legal basis: contract and legitimate interests.
  • To send optional marketing or use non-essential cookies where enabled. Legal basis: consent or legitimate interests where permitted by law.

4. Customer content and AI processing

When you ask noshoot to generate or transform assets, customer content may be processed by our systems and relevant infrastructure or AI providers. You must not upload personal data, special category data, biometric identifiers, confidential third-party data, or likenesses unless you have a lawful basis, required notices, permissions, and releases for the intended use.

We do not sell customer content. We use customer content to provide, secure, troubleshoot, and improve the Service as permitted by contract and law. If separate enterprise terms or a data processing agreement restrict product improvement use, those terms control.

5. Sharing personal data

  • Service providers, including hosting, storage, database, email, support, analytics, payment, security, and AI infrastructure providers.
  • Workspace members and administrators, according to workspace roles and product functionality.
  • Professional advisers, insurers, auditors, accountants, banks, and legal representatives where reasonably necessary.
  • Authorities, courts, regulators, or third parties where required by law, to enforce rights, protect safety, or respond to lawful requests.
  • Business transaction parties if we reorganize, transfer, sell, or merge all or part of the Service, subject to appropriate safeguards.

6. International transfers

Some providers may process data outside Romania or the European Economic Area. Where required, we use appropriate transfer safeguards such as adequacy decisions, Standard Contractual Clauses, contractual security commitments, and vendor due diligence.

7. Retention

We keep personal data only as long as reasonably necessary for the purposes described in this Policy, including providing the Service, maintaining security, resolving disputes, enforcing agreements, and complying with accounting, tax, and legal obligations.

  • Account and workspace records are generally kept while the account is active and for a reasonable period after closure.
  • Billing, tax, and accounting records are kept for legally required retention periods.
  • Security logs are retained for a limited period unless needed for investigation, fraud prevention, or legal purposes.
  • Customer content may remain in backups for a limited period after deletion before being overwritten according to backup cycles.

8. Your GDPR rights

Depending on your location and the legal basis for processing, you may have rights to access, rectify, erase, restrict, object to processing, request portability, withdraw consent, and complain to a supervisory authority. These rights are not absolute and may be limited by legal obligations, security, trade secrets, third-party rights, or our need to establish or defend legal claims.

Romanian users may contact the National Supervisory Authority for Personal Data Processing (ANSPDCP). We encourage you to contact us first so we can try to resolve your request quickly.

9. Security

We use technical and organizational measures designed to protect personal data, including access controls, authentication, transport encryption, role-based workspace permissions, logging, backups, and vendor review. No online service is completely secure, and customers remain responsible for their own devices, accounts, passwords, permissions, exports, and publication decisions.

10. Children

noshoot is intended for business and professional use and is not directed to children. Do not use the Service if you are under the age required to enter into a binding agreement in your jurisdiction.

11. Marketing choices and cookies

You can opt out of non-essential marketing communications where available. Cookie and local storage choices are described in our Cookies Policy. Essential storage may be required for security, authentication, consent records, and service operation.

12. Changes

We may update this Privacy Policy as the Service, vendors, legal requirements, or processing activities change. Material updates will be posted on this page or communicated through the Service where appropriate.