ReArt
← Back

Privacy Policy

Last updated: February 9, 2026

1. Controller

ByteLane UG (haftungsbeschränkt)
Kolonnenstraße 8, 10827 Berlin, Germany
Email: nik@bytelane.io

2. What We Collect & Legal Basis

When you use ReArt, we collect and process the following data depending on how you interact with the service. For each category, we state the legal basis under GDPR Art. 6(1):

  • Account data — Email address, name, and authentication data when you sign up (managed by Clerk). Legal basis: Art. 6(1)(b) — performance of contract.
  • Uploaded images — Photos you upload for artistic transformation, stored on Cloudflare R2. Legal basis: Art. 6(1)(b) — performance of contract.
  • Generated artwork — AI-generated images created from your uploads. Legal basis: Art. 6(1)(b) — performance of contract.
  • Payment data — Billing and shipping address when you order a print (processed by Stripe; we do not store full card details). Legal basis: Art. 6(1)(b) — performance of contract.
  • Contact form submissions — Name, email, and message content when you use our contact form. Legal basis: Art. 6(1)(b) — pre-contractual enquiry / Art. 6(1)(f) — legitimate interest in responding to enquiries.
  • Usage data — Anonymous analytics via PostHog (EU servers) to understand how the service is used. Legal basis: Art. 6(1)(f) — legitimate interest in improving the service.
  • Bot protection data — Cloudflare Turnstile collects device and interaction signals to distinguish humans from bots. No personal data is stored by us. Legal basis: Art. 6(1)(f) — legitimate interest in preventing abuse.

3. How We Use Your Data

  • To provide the photo-to-art transformation service.
  • To process and fulfill print orders.
  • To authenticate your account and secure access.
  • To improve the service through anonymous analytics.
  • To communicate with you about your orders, account, and support enquiries.
  • To protect the service from abuse and automated attacks.

4. Third-Party Services

We use the following third-party services to operate ReArt:

  • Clerk (US) — Authentication and user management.
  • Cloudflare (Global/EU) — Hosting, CDN, image storage (R2), edge computing, and bot protection (Turnstile).
  • Stripe (US) — Payment processing. Subject to Stripe's Privacy Policy.
  • Gelato (EU) — Print-on-demand fulfillment. Receives your shipping address and artwork for printing.
  • PostHog (EU) — Anonymous product analytics with cookieless tracking. Data hosted in the EU (Frankfurt).
  • Resend (US) — Transactional email delivery (order confirmations, notifications).
  • AI image generation provider (US/EU) — Your uploaded images are sent to a third-party AI service for artistic transformation. We select providers that commit to deleting input and output data after processing and that do not use your images for model training.
  • Chatwoot (US) — Live chat support widget. Collects your name and email if you initiate a chat conversation. Only loaded when enabled.
  • Radar (US) — Address autocomplete during checkout. Processes address input to suggest matching addresses. No personal data is stored by us from this service.
  • Axiom (US) — Server-side logging and error monitoring for service reliability. May process IP addresses and request metadata in server logs.
  • Langfuse (US) — Prompt management for AI image generation. Stores and serves the style prompts used to generate artwork. Does not receive your uploaded images or personal data.

5. Data Transfers

Some of our service providers are based in the United States (Clerk, Stripe, Resend, Chatwoot, Radar, Axiom, Langfuse). These transfers are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses. PostHog analytics and Gelato print fulfillment are processed within the EU.

6. Data Retention

Uploaded images and generated artwork are retained while your account is active. You can delete your designs at any time. Payment records are retained as required by tax law (typically 10 years under German law). Account data is deleted upon account deletion.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw your consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise these rights, contact us at nik@bytelane.io.

8. Automated Decision-Making

ReArt uses AI to generate artwork from your uploaded photos. This process is automated but does not produce legal or similarly significant effects — it is a creative tool used at your direction. You can regenerate artwork or choose different styles at any time.

9. Cookies & Tracking

ReArt uses the following cookies:

  • Clerk session cookies — Essential cookies required for authentication and keeping you signed in.
  • geo — A functional cookie that stores your approximate region (EU or other) to apply the correct privacy settings. No personal data is stored.
  • cookie_consent — Stores your cookie preference choice (essential).

For users in the European Economic Area, the United Kingdom, and Switzerland, analytics operate in memory only by default — no analytics cookies or local storage are used unless you choose “Accept all” in the consent banner. We rely on Art. 6(1)(f) GDPR (legitimate interest) for basic analytics and Art. 6(1)(a) GDPR (consent) for enhanced analytics. No advertising or third-party tracking cookies are used.

10. Changes

We may update this policy from time to time. Material changes will be communicated via email or a notice on the service.