RestoreLensRestoreLens
PricingFAQ
Restore a photo
Last updated May 2026

Privacy Policy

This Privacy Policy describes how RestoreLens ("we", "us", or "our") collects, uses, and safeguards information when you use our photo restoration service.

1. What we collect

Photos you upload

When you upload a photo, we store it temporarily in our storage and route it to the AI providers listed in Section 4 below so they can perform the restoration. We retain the photo only as long as needed to deliver your result, and we do not share it with third parties for marketing or any purpose beyond delivering your result.

We (RestoreLens) do not operate or train AI models. Restoration is performed by the third-party AI providers in Section 4, each of which operates under terms of service that govern how they handle customer inputs. We encourage you to review the linked policies if the data handling practices of those providers matter to you.

Account information (paid users only)

If you purchase credits, our payment processor and Merchant of Record (Paddle) collects your email address and billing details. We receive your email and create a passwordless account so you can return and use your credits. No password is required at any point.

Technical data

For free-tier rate limiting, we hash your IP address with a random salt and store the hash + a daily counter. We cannot recover your original IP from this hash.

2. How we use your information

  • To process and deliver your photo restoration result.
  • To enforce free-tier daily limits (1 photo per IP per day).
  • To grant and track paid credits associated with your account.
  • To send transactional emails (sign-in links, receipts).
  • To respond to support requests you initiate.

We do not use your data for advertising, profiling, or sale to third parties.

3. Retention

  • Photos (originals and processed results) are auto-deleted from our storage within 24 hours of upload via a Cloudflare R2 lifecycle rule.
  • Account records (email, credit balance, transaction history) are retained while your account is active. You can request deletion at any time (see Section 5).
  • Hashed IP rate-limit counters reset daily. We retain past day counts only long enough to debug abuse patterns (no more than 30 days).

4. Subprocessors

We use the following third-party services ("subprocessors") to operate RestoreLens. Each handles only what's needed to deliver the service. Where a subprocessor receives your photo during processing, that is noted explicitly.

  • Cloudflare R2 (United States / global) — temporary storage for uploaded photos and restored results. We apply a 24-hour bucket lifecycle rule so objects are automatically deleted from R2 within 24 hours of creation. Receives your photo: yes.
  • Replicate (United States) — AI orchestration platform. We use Replicate to call the AI model that performs the restoration. Replicate forwards the request to the underlying model provider (see OpenAI below) and returns the result. Receives your photo: yes (in transit). Per Replicate's privacy policy, they do not use customer inputs to train their own models.
  • OpenAI (United States) — provides the gpt-image-2model that performs the actual image restoration. The photo is sent to OpenAI's API for processing. Receives your photo: yes. Per OpenAI's API data usage policy, data submitted via the API is not used to train or improve OpenAI models, and is retained for up to 30 days for abuse monitoring before deletion.
  • Supabase (Ireland / United States) — database and authentication. Stores account records (email, credit balance, transaction history, hashed rate-limit counters) and issues magic-link sign-in tokens. Does not store photos. Receives your photo: no.
  • Paddle (United Kingdom / global) — payment processor and Merchant of Record. Handles card details, billing addresses, and global VAT/sales tax directly. We never see your full card number. Paddle is the seller of record for your purchase; you may see "Paddle" on your card statement. Receives your photo: no.

We do not transfer your photos to subprocessors outside this list. If we add a new subprocessor that receives photos, we will update this page before the change takes effect.

5. Your rights

Depending on where you live (e.g. EU/UK under GDPR, California under CCPA), you may have the following rights:

  • Access — request a copy of the data we hold about you.
  • Correction — request that inaccurate data be corrected.
  • Deletion — request that we delete your account and associated data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to certain processing activities.

To exercise any of these rights, email support@example.com. We'll respond within 30 days.

6. Cookies

We use only essential cookies required for sign-in sessions (set by Supabase Auth). We do not use tracking cookies, analytics cookies, or advertising cookies.

7. Children

RestoreLens is not directed to children under 13. We do not knowingly collect data from children. If you believe we have, contact us and we'll delete it promptly.

8. Changes to this policy

We may update this policy as the service evolves. Significant changes will be announced on the homepage and via email to active users.

9. Contact

Questions or concerns? Email support@example.com.