Privacy Policy

Privacy policy for gpt-image-prompt.com
Apr 22, 2026

Effective date: May 8, 2026

gpt-image-prompt.com is an independent website built around GPT Image 2. It is not operated by OpenAI and should not be understood as an official OpenAI product. This Privacy Policy explains how we collect, use, share, retain, and protect information when you use our image generator, prompt templates, scene workspaces, public share pages, Open API, account features, credits, payments, and related services.

1. Information We Collect

We collect only the information reasonably needed to operate the product, protect the service, process image generation requests, and provide account, workspace, API, and billing features.

Account and profile information

If you create an account or sign in, we may collect:

  • email address
  • name, avatar, or profile details provided by you or your sign-in provider
  • sign-in method, email verification status, session information, and account timestamps
  • locale, referral, and campaign information such as NEXT_LOCALE, referral codes, or utm_source
  • limited security metadata such as IP address, user agent, request timestamps, and account creation or sign-in signals

Email-password sign-up may use Cloudflare Turnstile to reduce automated abuse. We may send Turnstile tokens and related verification context to Cloudflare Siteverify before account creation is completed.

Prompts, reference images, and generation data

When you use the GPT Image 2 generator, model page, template workspace, image detail panel, saved prompt features, or related flows, we may process and store:

  • prompt text and prompt edits
  • uploaded reference images, currently up to 4 reference images in the homepage generator and supported web flows
  • public image URLs submitted through the Open API where supported
  • aspect ratio, resolution, visibility, template id, source, model/provider, and other generation options
  • generated image outputs, mirrored image URLs, and download or preview URLs
  • task status, provider task identifiers, provider response data, timestamps, credit cost, billing mode, and error details
  • reference images stored in task options so that history, reuse, and Edit Image flows can work

We use this information to submit image jobs, return results, show task history, support downloads and sharing, enforce credit and paid-account rules, debug failures, refund failed paid tasks where applicable, and let you continue creating from previous prompts or images.

Public sharing and template information

Generated image tasks are public by default unless you choose a supported private option before generation. Public successful images may be available through public pages such as /images/[id]. Private generation is currently limited to paid accounts, and private tasks are not intended to be displayed through public image share routes.

Published prompt templates may be available through /prompts/[slug]. Published scene templates and prompt examples may appear through routes such as /templates, /template, /templates/[slug], /model/gpt-image-2, and /ideas. The /ideas surface is based on published prompt template image data, not a general feed of every user's public generation history.

Saved prompts, favorites, and workspace data

If you are signed in, we may store workspace-related records such as:

  • saved prompts and prompt hashes
  • source type, source id, source image URL, and metadata for saved prompts
  • scene template favorites used to pin templates in the workspace
  • account-scoped web generation history and deletion status
  • API generation tasks and request parameters shown in API logs

These records power /workspace/saved, /workspace/history, template favorites, prompt reuse, template-scoped history, and /activity/ai-tasks/api-logs.

Credits, rewards, referrals, and anti-abuse data

Image generation requires sign-in and available credits or a paid entitlement where required. To provide credits and reduce abuse, we may collect or store:

  • credit balances, grants, deductions, refunds, and expiration data
  • sign-up bonus claim status after email verification
  • historical daily check-in records created before the feature was disabled
  • referral codes, invite links, invite records, and referral reward status
  • redemption code claims and related campaign records
  • email domain reputation signals used to limit non-payment credits
  • IP address, IPv4/IPv6 prefix, user agent, and timing signals used to detect repeated bonus claims or blocked traffic
  • IP blocklist matches and other abuse-prevention records

These controls are intended to protect free or promotional credits, paid credits, provider costs, and service availability. They do not prevent ordinary registration, but they may block non-payment credits, image generation, or Open API requests when abuse or policy risk is detected.

Billing and transaction information

If you purchase credits, a subscription, or another paid feature, checkout is handled by a third-party payment provider or payment gateway. We do not store full payment card numbers on our own servers. We may receive and store billing-related records such as:

  • payment email
  • order number
  • payment provider or gateway name
  • amount, currency, product, credit amount, and validity details
  • transaction, invoice, checkout, subscription, gateway order, and callback identifiers
  • subscription status, billing period, webhook or callback records, refund status, and payment reconciliation data

For Simplified Chinese RMB credit packages, payments may be routed through a separate Alipay or WeChat payment gateway. That gateway may process payment QR codes, gateway order identifiers, callback signatures, and payment status needed to complete the order and issue credits.

API keys and Open API usage

If you create an Open API key, we store metadata needed to operate the key, such as key hash, prefix, last four characters, status, scopes, expiration time, creation time, and last-used time. We do not store the full API key after it is created.

Open API image generation tasks may store request parameters, task ids, status, generated results, source markers, and API key identifiers so that paid-account access, credit deduction, task querying, and API logs can work. API key creation and Open API generation currently require a real paid account.

Analytics, device, and log information

We may collect usage logs and analytics data such as:

  • pages visited and actions taken
  • browser, device, and operating system information
  • approximate location inferred from IP address
  • referrer and campaign parameters
  • timestamps, request metadata, performance data, crash logs, security events, and operational logs

Depending on site configuration, analytics providers may include services such as Google Analytics, Clarity, Plausible, OpenPanel, or Vercel Analytics.

2. Cookies and Similar Technologies

We use cookies and similar storage mechanisms for practical product reasons, including:

  • keeping you signed in
  • remembering language, theme, referral information, or public/private generation preference
  • protecting sessions and preventing abuse
  • supporting sign-up, checkout, credit, referral, and redemption flows
  • supporting analytics and product performance

We may also use browser storage for local preferences such as the last selected visibility option. If you block all cookies or storage, sign-in, generator state, workspace history, checkout, or other parts of the site may not work correctly.

3. How We Use Information

We use collected information to:

  • provide the website, GPT Image 2 generator, templates, galleries, public share pages, Open API, and workspace features
  • authenticate users, manage sessions, verify email sign-up, and secure accounts
  • submit generation jobs to the selected provider and return generated results
  • store prompts, reference images, generated images, saved prompts, template favorites, task history, and API logs
  • support public image links, public prompt pages, downloads, sharing, and reuse flows
  • calculate and enforce credits, first-sign-in rewards, referrals, redemption codes, 1K/2K/4K access, private visibility access, Open API access, and paid-account entitlements
  • process checkouts, credits, subscriptions, invoices, refunds, gateway callbacks, and support requests
  • mirror generated outputs to configured storage when enabled
  • detect blocked IPs, risky email domains, repeated bonus claims, payment abuse, and other misuse
  • debug failures, improve reliability, monitor performance, and comply with legal obligations

4. How We Share Information

We do not sell your personal information. We may share limited information with service providers that help us operate the product, including providers for:

  • authentication, email verification, Turnstile, and account services
  • payment processing, billing, subscriptions, Alipay or WeChat gateway processing, and order reconciliation
  • image generation, image processing, callback handling, polling, and related AI infrastructure
  • cloud storage, R2 or compatible object storage, CDN, and hosting
  • email delivery, customer support, and operational notifications
  • analytics, security monitoring, logging, and abuse prevention

Prompts, uploaded reference images, generation options, and generated outputs may be sent to third-party image generation providers such as Replicate, ePhone, Apimart, or other configured providers when needed to fulfill your request. Successful generated images may also be downloaded from a provider and uploaded to our configured storage so that history, downloads, previews, and public links remain available.

We may also disclose information:

  • if required by law, regulation, court order, or legal process
  • to investigate fraud, abuse, security incidents, payment disputes, or policy violations
  • to protect the rights, property, or safety of the service, our users, or others
  • as part of a merger, acquisition, financing, restructuring, or asset transfer

5. Data Retention

We retain information based on operational, security, support, account, billing, and legal needs.

For example:

  • account information is generally retained while your account remains active
  • public image tasks and public prompt pages may remain available unless removed, expired, made private where supported, deleted by the account owner where supported, or cleaned up by retention rules
  • private image tasks, uploaded reference images, prompts, and generated outputs may remain in account history until deleted, expired, or cleaned up by retention rules
  • saved prompts, template favorites, Open API keys, API logs, and task history are retained while needed to provide workspace or API features
  • reward, referral, redemption, IP, email-domain, security, and abuse-prevention records may be retained for service protection and dispute handling
  • billing, subscription, invoice, tax, gateway, refund, and compliance records may be retained longer where required

6. Your Choices and Rights

You can choose not to create an account, but image generation, saved prompts, higher resolution generation, private generation, Open API access, billing, and other workspace features require sign-in and may require credits or a paid account.

Depending on the feature, you may be able to:

  • choose public or private image visibility before generation where supported
  • avoid uploading reference images
  • delete image history where supported
  • delete or unsave saved prompts
  • unpin favorite templates
  • delete or rotate API keys
  • manage billing, credits, subscriptions, and payment records from account settings or the billing portal
  • request access, correction, export, or deletion of eligible account-related data

Some records may need to be retained for security, fraud prevention, payment reconciliation, tax, accounting, dispute resolution, or legal compliance. To make a privacy request, contact support@gpt-image-prompt.com.

7. Security

We use reasonable technical and organizational measures to protect information, including secure connections, hashed API keys, access controls, provider secret handling, and abuse-prevention checks appropriate for the service. No online system is completely secure. You should use a strong password, protect your devices and API keys, and avoid uploading confidential or highly sensitive material unless you understand the risks of online AI, payment, provider, and storage services.

8. International Processing

The service may rely on infrastructure, storage, payment, analytics, anti-abuse, and AI providers located in different countries. By using the service, you understand that information may be processed and stored outside your country or region, subject to applicable law and provider safeguards.

9. Children's Privacy

The service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can review and take appropriate action.

Where a legal basis is required, we process information to provide the service you request, perform our agreement with you, comply with legal obligations, protect the service from fraud or abuse, process payments and credits, and pursue legitimate interests in operating, securing, and improving the product.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will post the updated version on this page and update the effective date above. Your continued use of the service after an update means the updated policy applies to future use.

12. Contact

If you have questions about this Privacy Policy or our handling of personal information, contact us at support@gpt-image-prompt.com.

Privacy Policy