Privacy Policy
Your privacy is important to us. Here you can find out how we collect, use, and protect your personal data.
Last updated: July 7, 2026
1. Controller
The controller responsible for data processing on this website and in the Seam Photoshop plugin is:
Seam Plugin GmbH
Karl-Liebknecht-Straße 29
10178 Berlin, Germany
E-Mail: support@seam-plugin.com
We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation (GDPR), and this privacy policy.
2. Hosting and Infrastructure
This website is hosted by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). When you visit our website, Vercel automatically processes technical connection data (IP address, date and time of the request, browser type, operating system, referrer URL) in server log files. This processing is necessary to deliver the website securely and reliably and is based on our legitimate interest (Art. 6(1)(f) GDPR). We have concluded a data processing agreement with Vercel; transfers to the USA are safeguarded by the EU Standard Contractual Clauses and the EU–US Data Privacy Framework.
Individual features — in particular AI-assisted prompt enhancement (which uses Google's Gemini API) and plugin diagnostics — are operated on Cloudflare Workers, a service of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes the technical connection data required to handle these requests. The prompt text you submit for enhancement is processed transiently and is not permanently stored by us on Cloudflare. To keep uploads fast and reliable, reference images you submit for a generation may be stored briefly as private objects in Cloudflare R2 object storage, solely to hand them over to the selected AI provider; these objects are access-controlled, retrievable only via short-lived signed URLs, and are automatically deleted within 24 hours. Transfers to the USA are safeguarded by the EU Standard Contractual Clauses. The legal basis is Art. 6(1)(b) GDPR (performance of the contract).
3. Cookies and Local Storage
Our website uses cookies and similar technologies (such as localStorage). Strictly necessary cookies — for example for login sessions, security, and checkout — are set on the basis of Art. 6(1)(f) GDPR and § 25(2) TDDDG. All non-essential cookies (analytics and marketing measurement) are only set after you have given your consent via our cookie banner (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
Your consent choice itself is stored locally in your browser. You can change or withdraw your consent at any time via the "Cookie Settings" link in the footer. Details on the individual cookies can be found in our Cookie Policy.
4. Google Analytics 4
If — and only if — you consent to analytics cookies, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies (e.g. _ga) to analyze how visitors use our website. IP addresses are not stored by Google Analytics 4 and are truncated before logging. Data may be transferred to Google LLC in the USA; these transfers are safeguarded by the EU–US Data Privacy Framework and Standard Contractual Clauses.
The legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the Cookie Settings in the footer — Google Analytics will then be deactivated and its cookies deleted.
5. User Account and Authentication
If you create a Seam account, we process your e-mail address, a hashed password (or your third-party login credentials), and session data. Authentication and account data are managed via Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore), our backend infrastructure provider, on the basis of a data processing agreement. The legal basis is Art. 6(1)(b) GDPR (performance of the contract).
When you connect the Photoshop plugin to your account, we additionally process device authorization codes and a locally generated machine identifier to bind your login to your installation and to enforce the number of device seats included in your plan. For each activated device we store a seat record containing the machine identifier, an optional device name, and the IP address and browser/user-agent of the activation request, so that you can see and free up your devices in the dashboard and so we can prevent license abuse (Art. 6(1)(b) and (f) GDPR).
6. Payments via Lemon Squeezy
Purchases and subscriptions are processed by our merchant of record, Lemon Squeezy LLC (a Stripe company, USA). When you make a purchase, Lemon Squeezy collects your name, e-mail address, billing address, and payment details directly; we never receive or store your full payment information. Lemon Squeezy notifies us of the purchase and subscription status (e.g. order ID, plan, license status) so that we can issue and manage your license. Lemon Squeezy acts as an independent controller for the payment processing; please refer to the Lemon Squeezy privacy policy. The legal basis is Art. 6(1)(b) GDPR.
7. Data Processing in the Photoshop Plugin
To provide our service (image generation, editing, upscaling), the following data is processed:
- License Keys & API Request Data: Necessary to authenticate your subscription and authorize generation requests.
- Image Data & Prompts: Uploaded image selections and prompts are processed transiently on secure cloud environments to compute generation, inpainting, or upscaling results. Image reference assets you save are stored in private, access-controlled Supabase storage buckets and are only accessible via short-lived, signed tokens.
- Generation Logs: For billing, abuse prevention, and reliability, we log technical metadata per generation (model used, provider, credits spent, duration, success/failure). We do not log your prompts or images in these records.
- Provider API Keys (Lifetime License): Lifetime licenses run on your own AI-provider API keys, which you enter in the Seam dashboard — not in the plugin. Each key is encrypted on our server (AES-256-GCM) before it is stored in our Supabase database, and is decrypted server-side only for the moment a request is sent to the provider you selected. The dashboard and plugin only ever display a masked value; the plaintext key is never returned to your browser. You can deactivate or delete a stored key at any time.
8. Transmission to AI Providers
To generate, edit, and upscale images, your prompts and image selections are forwarded securely to the AI provider serving the model you selected: Google (Gemini and Imagen API), OpenAI, Reve, or Fal.ai (which hosts the FLUX, Seedream, and upscaling models). Only the content required for the generation is transmitted — personal user profiles, your e-mail address, or your license details are never shared with these providers. Depending on the provider, processing may take place in the USA; transfers are safeguarded by Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. The legal basis is Art. 6(1)(b) GDPR.
9. Diagnostics and Error Reporting
To keep the plugin reliable and to fix problems, we process anonymous and pseudonymous diagnostic data:
- Product Telemetry: Which features and settings you use (e.g. selected output mode, enabled toggles, and counts of your saved presets and reference libraries). This never includes your prompts, your images, or any secrets.
- Crash & Error Reports: When something fails, the plugin sends a technical error report containing the error message and stack trace, the plugin version, your operating system, a randomly generated installation identifier and device identifier, and — if you are signed in — your account and license reference. Before transmission, reports are automatically scrubbed of sensitive data: access tokens, API keys, e-mail addresses, and local file paths are removed.
This data is processed on the basis of our legitimate interest in the security, stability, and improvement of the service (Art. 6(1)(f) GDPR).
10. Storage Period and Deletion
We store personal data only as long as it is needed for the purposes described above or as long as statutory retention obligations (e.g. under commercial and tax law) require. You can delete your account at any time in your dashboard; this removes your account data and stored reference assets. Generation metadata is deleted or anonymized when it is no longer required.
11. Your Rights
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21 GDPR). Where processing is based on consent, you may withdraw it at any time with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority — for us, the Berlin Commissioner for Data Protection and Freedom of Information.
To exercise your rights, contact us at support@seam-plugin.com.
12. Changes to this Privacy Policy
We may update this privacy policy to reflect changes to our services or legal requirements. The current version is always available on this page.