Privacy Policy

Effective Date: 2026-05-28 Last Updated: 2026-05-29

This Privacy Policy explains how Migaki ("Migaki," "we," "us," or "our") collects and uses personal data when you use our Service at migaki.moe.

We minimize data collection to what is necessary to operate the Service.


1. Information We Collect

1.1 Information You Provide

  • Account information: Email address and password (hashed) when you sign up.
  • Uploaded images: SFW 2D / stylized digital illustrations you submit for enhancement and upscaling.
  • Support communications: Emails or support messages you send us.

1.2 Information Automatically Collected

  • Usage data: Service usage logs such as timestamps, response status, plan, and allowance balance.
  • Browser / device info: IP address, user agent, referrer (for security and abuse prevention).
  • Cookies: Session cookie (HttpOnly, Secure, SameSite=Lax) for authentication.

1.3 Information from the Checkout Provider (Payments)

Payments are handled by the Merchant of Record or payment processor shown at checkout. That provider may collect your billing name, billing address, payment method information (e.g., card last four digits, brand), tax information, invoice data, and transaction records. Migaki does not receive or store full card numbers.

The checkout provider shares limited buyer and subscription data with us so we can provision access, allocate your monthly processing allowance, send receipts, provide support, prevent fraud, and administer accounts.

The checkout provider's privacy notice is presented during checkout or linked from your receipt.


2. How We Use Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process subscriptions and allocate your monthly processing allowance through the checkout provider
  • Send transactional emails (welcome, allowance provisioned, password reset, subscription updates)
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal, tax, accounting, and dispute obligations
  • Improve the Service (aggregated, non-identifiable analytics only)
  • Allow authorized personnel to manually review uploaded and generated images for quality, abuse prevention, and to operate, evaluate, and improve the Service, only within the retention windows in Section 3

We do not:

  • Sell or rent your personal data
  • Use your uploaded images to train or fine-tune AI models
  • Keep your images after the retention windows in Section 3 — images you have not saved to your Gallery are permanently deleted within 30 days (images you save are kept until you delete them or close your account; see Section 3.2)
  • Share your data with advertisers or data brokers

3. How We Store and Process Images

3.1 Images you upload are processed on our infrastructure to deliver the enhancement and upscaling service. Authorized personnel may manually review individual images for quality and safety. Uploaded and generated images are permanently deleted from our systems within 30 days (see 3.2) — except images you choose to save to your Gallery, which are kept until you delete them or close your account — and are never used to train or fine-tune AI models.

3.2 Retention windows:

  • Input images: Deleted within 30 days of upload, or sooner where feasible
  • Output images: Stored for 30 days for download, then deleted
  • Images you save to your Gallery ("Keep"): Retained until you delete them or close your account, then permanently deleted
  • Failed / blocked jobs: Deleted within 24 hours

3.3 We may temporarily retain content moderation flags (without retaining the underlying image) for abuse prevention.

3.4 We may retain limited records longer where required for legal, tax, fraud-prevention, or dispute purposes.


4. Third Parties We Share With

We share information only as necessary:

  • Checkout provider / Merchant of Record — Subscription billing, payment processing, tax handling where required, refunds, buyer support.
  • Cloudflare, Inc. — Hosting, edge delivery, object storage, and security services. https://www.cloudflare.com/privacypolicy
  • Resend, Inc. — Transactional email delivery. https://resend.com/legal/privacy-policy
  • Law enforcement — Only in response to lawful, properly-served legal requests. We notify users when permitted.

We do not share your information with advertisers, data brokers, or unaffiliated marketers.


5. Your Rights

Depending on your jurisdiction (e.g., EEA / UK GDPR or California CCPA), you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data (subject to legal retention requirements)
  • Export your data in a machine-readable format
  • Withdraw consent by closing your account
  • Lodge a complaint with your local data protection authority

To exercise these rights: privacy@migaki.moe. We respond within 30 days.

Some records may need to be retained where required for tax, fraud-prevention, chargeback, legal, or compliance reasons.


6. Data Security

6.1 Passwords are stored using industry-standard password hashing. Sessions are protected with secure, random, HttpOnly cookies.

6.2 Data in transit is encrypted using modern HTTPS/TLS.

6.3 Stored service data is protected with access controls and encryption at rest where supported by our infrastructure providers.

6.4 Payment-related updates are verified before subscription or allowance changes are applied.

6.5 No system is perfectly secure. We follow industry best practices but make no guarantee of absolute security.


7. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, contact privacy@migaki.moe and we will delete it.


8. International Users

8.1 We and our service providers may process information in jurisdictions where our infrastructure, support, payment, and email providers operate. Those jurisdictions may have privacy laws different from your own.

8.2 If you are in the EEA, UK, or Switzerland, the legal basis for processing is your consent (account creation) and our legitimate interests in providing and securing the Service.

8.3 If you are in California, you have additional rights under the CCPA, including the right to know, delete, and opt-out of "sale" of personal information. We do not sell personal information.


9. Cookies

We use only:

  • session cookie (HttpOnly, Secure, SameSite=Lax, Max-Age 7 days) — authentication

We do not use third-party advertising cookies, third-party analytics cookies, tracking pixels, or social media share buttons that load remote scripts.


10. Changes to This Policy

We may update this policy. Material changes will be communicated by email. Continued use after changes constitutes acceptance.


11. Contact


Migaki is committed to data minimization. We collect only what we need to provide the Service.

Questions about this policy? support@migaki.moe