ReArt
← Back

Privacy Policy

Last updated: May 3, 2026

1. Controller

ByteLane UG (haftungsbeschränkt)
Kolonnenstraße 8, 10827 Berlin, Germany
Email: nik@bytelane.io

2. What We Collect & Legal Basis

When you use ReArt, we collect and process the following data depending on how you interact with the service. For each category, we state the legal basis under GDPR Art. 6(1):

  • Account data — Email address, name, and authentication data when you sign up (managed by Clerk). Legal basis: Art. 6(1)(b) — performance of contract.
  • Uploaded images — Photos you upload for artistic transformation, stored on Cloudflare R2. Legal basis: Art. 6(1)(b) — performance of contract.
  • Generated artwork — AI-generated images created from your uploads. Legal basis: Art. 6(1)(b) — performance of contract.
  • Payment data — Billing and shipping address when you order a print (processed by Stripe; we do not store full card details). Legal basis: Art. 6(1)(b) — performance of contract.
  • Contact form submissions — Name, email, and message content when you use our contact form. Legal basis: Art. 6(1)(b) — pre-contractual enquiry / Art. 6(1)(f) — legitimate interest in responding to enquiries.
  • Usage data — Pseudonymous product analytics via PostHog (EU servers) to understand how the service is used. When you sign in, we link your account ID, email, and name to the analytics person record so we can support you across sessions and measure features end-to-end. For visitors in the EEA / UK / Switzerland, this enrichment only happens after you accept cookies — until then your activity stays unlinked from your account. Legal basis: Art. 6(1)(f) — legitimate interest in improving the service; Art. 6(1)(a) — consent for enriched analytics in the EEA / UK / Switzerland.
  • Advertising measurement data — For visitors outside the EEA / UK / Switzerland, and for visitors inside those regions who have accepted cookies, we share hashed identifiers (e.g. hashed email, IP address, browser user-agent, click ID) with Meta Platforms to measure the effectiveness of our advertising. Legal basis (EEA/UK/CH): Art. 6(1)(a) — consent. Legal basis (other regions): legitimate interest, with notice and opt-out as required by applicable law (e.g. CCPA/CPRA).
  • Bot protection data — Cloudflare Turnstile collects device and interaction signals to distinguish humans from bots. No personal data is stored by us. Legal basis: Art. 6(1)(f) — legitimate interest in preventing abuse.

3. How We Use Your Data

  • To provide the photo-to-art transformation service.
  • To process and fulfill print orders.
  • To authenticate your account and secure access.
  • To improve the service through pseudonymous product analytics.
  • To communicate with you about your orders, account, and support enquiries.
  • To protect the service from abuse and automated attacks.

4. Third-Party Services

We use the following third-party services to operate ReArt:

  • Clerk (US) — Authentication and user management.
  • Cloudflare (Global/EU) — Hosting, CDN, image storage (R2), edge computing, and bot protection (Turnstile).
  • Stripe (US) — Payment processing. Subject to Stripe's Privacy Policy.
  • Print fulfillment partner (EU) — Receives your shipping address and artwork to produce and ship your print order.
  • Product analytics provider (EU) — Pseudonymous product analytics. Data hosted in the EU. For visitors in the EEA / UK / Switzerland, no analytics cookies or local storage are used until you accept cookies, and your activity is not linked to your account until then.
  • Email delivery provider (US) — Transactional email delivery (order confirmations, notifications).
  • AI image generation provider (US) — Your uploaded images are sent to a third-party AI service for artistic transformation. We select providers that commit to deleting input and output data after processing and that do not use your images for model training.
  • Address autocomplete provider (US) — Processes address input during checkout to suggest matching addresses. No personal data is stored by us from this service.
  • Server monitoring provider (US) — Server-side logging and error monitoring for service reliability. May process IP addresses and request metadata in server logs.
  • Meta Platforms, Inc. (US) — Conversion measurement and ad attribution via the Meta Pixel and Meta Conversions API. Receives hashed identifiers and event metadata, used to attribute ad campaigns and to build look-alike audiences. Only loads in the EEA / UK / Switzerland after you accept cookies. Subject to Meta's Privacy Policy.

5. Data Transfers

Some of our service providers are based in the United States. These transfers are protected by the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC). Analytics and print fulfillment are processed within the EU.

6. Data Retention

Uploaded images and generated artwork are retained while your account is active. You can delete your designs at any time. Payment records are retained as required by tax law (typically 10 years under German law). Account data is deleted upon account deletion.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request deletion of your data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw your consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise these rights, contact us at nik@bytelane.io.

8. Automated Decision-Making

ReArt uses AI to generate artwork from your uploaded photos. This process is automated but does not produce legal or similarly significant effects — it is a creative tool used at your direction. You can regenerate artwork or choose different styles at any time.

9. Cookies & Tracking

ReArt uses the following cookies:

  • Clerk session cookies — Essential cookies required for authentication and keeping you signed in.
  • geo — A functional cookie that stores your approximate region (EU or other) to apply the correct privacy settings. No personal data is stored.
  • cookie_consent — Stores your cookie preference choice (essential).
  • _fbp — First-party cookie set by the Meta Pixel for advertising measurement and audience building. Only set for visitors outside the EEA / UK / Switzerland, or for visitors inside those regions who have chosen “Accept all” in the consent banner.

For users in the European Economic Area, the United Kingdom, and Switzerland, analytics and the Meta Pixel operate in memory only by default — no analytics or advertising cookies are stored unless you choose “Accept all” in the consent banner. We rely on Art. 6(1)(f) GDPR (legitimate interest) for basic analytics and Art. 6(1)(a) GDPR (consent) for advertising measurement and enhanced analytics. You can withdraw consent at any time via the “Cookie settings” link in the footer.

For California residents and other US visitors with a Global Privacy Control signal: if you wish to opt out of the sharing of your personal information for advertising purposes, please email us at nik@bytelane.iowith the subject line “Do Not Sell or Share My Personal Information”. We will honour the request and confirm processing within the time frames required by applicable law.

10. Changes

We may update this policy from time to time. Material changes will be communicated via email or a notice on the service.