1. Introduction
Welcome to ImgVelix (the “Website”), operated by LUVINDO LTD (“we”, “our”, or “us”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our Website and use our AI image generation services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller Information:
Company Name: LUVINDO LTD
Company Number: 17078430
Registered Address: Studio No. 12, 264 Lavender Hill, London, England, SW11 1LJ
Email Address: info@imgvelix.com
Phone Number: +44 748 884 8274
2. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:
Identity & Contact Data: Name, email address, and account login details.
Financial & Transaction Data: Details about payments to and from you, and records of token purchases. (Note: We use third-party payment processors like Stripe/PayPal and do not store your full credit card details).
User Content Data: The text prompts you submit to generate images and the images generated by our AI.
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, operating system, and platform.
Usage Data: Information about how you use our Website and services.
3. How We Use Your Personal Data and Lawful Basis
Under UK GDPR, we will only use your personal data when the law allows us to. Most commonly, we use your data under the following circumstances:
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
| To register you as a new user | Identity, Contact | Performance of a contract with you |
| To process payments and add tokens | Identity, Financial, Transaction | Performance of a contract with you |
| To generate images via AI | User Content | Performance of a contract with you |
| To provide customer support | Identity, Contact | Legitimate interests (resolving issues) |
| To improve our Website and AI | Technical, Usage, User Content | Legitimate interests (studying how customers use our products) |
| To comply with legal obligations | Identity, Contact, Transaction | Necessary to comply with a legal obligation |
4. How We Share Your Data
We do not sell your personal data. We may share your data with trusted third parties to facilitate our services, including:
Service Providers: Cloud hosting services, AI API providers (if applicable), and secure payment gateways.
Professional Advisers: Lawyers, bankers, auditors, and insurers based in the UK.
Regulators & Authorities: HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances.
5. International Data Transfers
If we transfer your personal data out of the UK (for example, if our servers or third-party service providers are located outside the UK), we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented, such as UK standard contractual clauses.
6. Data Security and Retention
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Generally, we keep basic account data for as long as your account is active.
7. Your Legal Rights
Under UK data protection laws, you have rights in relation to your personal data, including the right to:
Request access to your personal data (a “data subject access request”).
Request correction of the personal data that we hold about you.
Request erasure of your personal data (the “right to be forgotten”)
Object to processing of your personal data.
Request restriction of processing of your personal data.
Request the transfer of your personal data to you or a third party.
Withdraw consent at any time where we are relying on consent to process your data.
If you wish to exercise any of these rights, please contact us at info@imgvelix.com.
8. Cookies
Our Website uses cookies to distinguish you from other users. This helps us provide you with a good experience when you browse our Website and allows us to improve our site.
9. Complaints
If you have any concerns about how we handle your data, please contact us first so we can try to resolve the issue. However, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).
Card Data and PCI DSS Compliance
LUVINDO LTD does not store, process, or transmit raw cardholder data on its own servers. All card payments are handled exclusively by our PCI DSS Level 1 certified payment service provider — the highest tier of compliance defined by the Payment Card Industry Security Standards Council (PCI SSC).
When you submit card details on our checkout page, the data is transmitted directly to the payment processor over an encrypted TLS 1.2+ connection, tokenized at the gateway, and never reaches our infrastructure. The only payment-related information we retain on our side is:
- the transaction reference (provided by the gateway);
- the last four digits of the card and the card brand (Visa, Mastercard, etc.) — for order-management, refunds, and chargeback evidence;
- the billing name, address, and email address you provided at checkout — for invoicing and customer-support purposes.
If you exercise your right to access, rectify, or delete your data under the UK GDPR or the EU GDPR (see Your Rights section above), the order metadata may be retained for up to seven (7) years after the transaction in compliance with anti-money-laundering, accounting, and tax-record-keeping obligations applicable to LUVINDO LTD.
For details on how the payment provider itself handles your data, please consult the privacy notice of the gateway disclosed at the moment of checkout.