hermoso
Sign inSign up
Legal

Privacy Policy

Last updated: 2026 · Effective at launch

This Privacy Policy explains how Hermoso ("Hermoso", "we", "us") collects, uses, and protects information when you use our website and the Hermoso application (the "Service"). We've tried to write it like humans, not lawyers.

1. Information we collect

  • Account information — your name, email address, and authentication details when you create an account or sign up.
  • Brand & creative inputs — the brand details, product images, prompts, reference ads, and other content you provide so the Service can generate creative for you.
  • Generated content — the images, videos, copy, and projects you create with the Service.
  • Billing information — handled by our payment processor (Stripe). We receive limited details such as plan, status, and the last four digits of your card; we never store full card numbers.
  • Usage & device data — log data, approximate location, browser/device type, and how you interact with the Service, collected to operate and improve it.
  • Cookies & similar technologies — see "Cookies" below.

2. How we use your information

  • To provide, operate, and improve the Service — including generating creative from your inputs.
  • To personalize the Service to your brand and remember your preferences and past work.
  • To process payments, manage subscriptions and credits, and prevent abuse or fraud.
  • To communicate with you about your account, updates, and (with your consent) product news.
  • To comply with legal obligations and enforce our Terms.

3. Legal bases for processing (EEA/UK)

Where the GDPR or UK GDPR applies, we process your personal data on these bases: to perform our contract with you (to provide the Service); our legitimate interests in operating, securing, and improving the Service and preventing abuse; your consent where we ask for it (such as optional analytics or marketing); and to comply with legal obligations. You may withdraw consent at any time.

4. Your inputs and AI generation

To generate creative, your prompts and assets may be sent to trusted third-party AI model providers that power the Service. We share only what's needed to fulfill your request, and we do not sell your inputs. We do not use your private brand assets to train third-party foundation models without your consent. You retain rights to your inputs and, subject to our Terms, to the content you generate.

5. How we share information

We do not sell your personal information. We share it only with:

  • Service providers — payment processing (Stripe), cloud hosting, AI model providers, analytics, and email delivery, each bound by contract to handle data on our behalf.
  • Ad-library data — our research features query publicly available advertising libraries (e.g., Meta, Google, LinkedIn, TikTok). We don't share your private data with them to do so.
  • Legal & safety — when required by law or to protect rights, safety, and the integrity of the Service.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required.

6. Cookies

We use essential cookies to keep you signed in and the Service working, and limited analytics cookies to understand usage. You can control non-essential cookies through your browser or our cookie settings where offered. We honor "Do Not Track" and Global Privacy Control signals where legally required.

7. Data retention

We keep your information for as long as your account is active or as needed to provide the Service, then for a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion at any time, after which we delete or de-identify your data except where retention is legally required.

8. Security

We use industry-standard measures — encryption in transit, access controls, and reputable infrastructure providers — to protect your data. No system is perfectly secure, but we work hard to keep yours safe.

9. Your rights

Depending on where you live (including under the GDPR and CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict the use of your personal information, and to object to certain processing. To exercise any of these, email [email protected]. We won't discriminate against you for exercising your rights, and you may have the right to lodge a complaint with your local data-protection authority.

10. California privacy (CCPA/CPRA)

In the past 12 months we may have collected these categories of personal information: identifiers (name, email), commercial information (plan and purchase history), internet or network activity (usage and device data), approximate geolocation, and visual content you upload or generate. We collect it for the business purposes described above. We do not "sell" or "share" your personal information as those terms are defined by the CCPA/CPRA, and we do not knowingly sell or share the data of minors. We do not use or disclose sensitive personal information for purposes that would trigger a right to limit. California residents may exercise their rights to know, delete, correct, and opt out, and may use an authorized agent.

11. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as the Standard Contractual Clauses) for international transfers.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

13. Changes & language

We may update this policy from time to time. We'll post the new version here and update the "Last updated" date; material changes will be communicated where appropriate. This policy is written in English; any translation is provided for convenience only, and the English version controls.

14. Contact

Questions about privacy? Email us at [email protected].