[ Legal ]

Privacy Policy.

How we collect, use, disclose, and safeguard your information when you use Opus Designr.

Last updated: April 29, 2026

  1. Introduction

    This Privacy Policy describes how JD Brand Collective Inc. ("Opus Designr", "we", "our", or "us") handles personal information when you visit opusdesignr.com, sign up at app.opusdesignr.com, or otherwise interact with our products, marketing, or support channels (together, the "Service").

    We've tried to write this in plain English. Where a term has a specific legal meaning under the GDPR, the UK GDPR, the California Consumer Privacy Act ("CCPA/CPRA"), or other applicable law, that meaning controls. By using the Service you confirm you've read this policy and understand how we process information about you.

  2. Who This Policy Applies To

    This policy applies to:

    • Visitors to our marketing site at opusdesignr.com
    • People who sign up for a free preview, paid plan, or trial of the Service
    • Authorized users of customer workspaces (designers, brand teams, freelancers)
    • People who contact us, subscribe to updates, or engage with our ads

    If your employer or client gave you access to a workspace, that organization is the controller of the workspace data and you should also review their internal privacy notice.

  3. Information We Collect

    We collect information in three ways: information you give us, information we collect automatically while you use the Service, and information we receive from third parties.

    Information you provide directly

    • Account data: name, email address, password (hashed), profile photo, and authentication identifiers when you sign in with Google.
    • Workspace data: workspace name, team member emails, role assignments, and brand settings.
    • Billing data: billing name, billing address, plan selection, tax ID where applicable, and partial card information (last four, expiry, brand) returned by our payment processor. We do not store full card numbers on our servers.
    • User content: images, sketches, photographs, garment references, model casting prompts, tech-pack fields, comments, and any other material you upload or generate inside the Service.
    • Support content: messages you send via support email, in-app chat, bug reports, or feedback forms.

    Information we collect automatically

    • Usage events: pages viewed, studios opened, generations started, clicks, scroll depth, feature toggles, and approximate time-on-task — captured through PostHog product analytics.
    • Device and connection data: IP address (truncated where feasible), browser type and version, operating system, device type, language preference, time zone, and referring URL.
    • Cookies and similar technologies: session cookies, authentication tokens, analytics identifiers, and advertising pixels. See our Cookie Policy for the full list.
    • Logs: server-side request logs (for security, debugging, and abuse detection) typically retained for up to 90 days.

    Information we receive from third parties

    • Authentication providers: if you sign in with Google, we receive the email address and basic profile fields you authorize.
    • Payment processors: our billing provider sends us subscription and invoice events tied to your account.
    • Advertising partners: Meta and Google may share aggregated conversion signals when you arrive via an ad we ran.

  4. How We Use Your Information

    We use the information described above to:

    • Operate the Service — authenticate users, render studios, queue and run AI generations, deliver tech packs, and store outputs in your workspace.
    • Bill correctly — issue invoices, charge subscriptions, top-up credits, and prevent payment fraud.
    • Communicate with you — send transactional emails (sign-up confirmation, password resets, invoice receipts, expiring trials, generation-ready notifications) and, with your consent or where permitted, occasional product updates and marketing.
    • Improve the Service — analyze aggregate usage, debug crashes, prioritize features, and run A/B tests.
    • Keep the platform safe — detect abusive content, enforce our acceptable-use rules, investigate suspicious sign-in activity, and respond to legal requests.
    • Train internal models or evaluate output quality — only on data you explicitly opt into, or on aggregated, de-identified telemetry. We do not use your uploaded customer artwork or photographs of your products to train third-party foundation models.
    • Comply with our legal obligations — including tax, accounting, anti-money-laundering, and lawful disclosure requirements.

  5. Legal Bases for Processing (EEA / UK)

    If you are in the European Economic Area, the United Kingdom, or another jurisdiction with a similar framework, we rely on the following legal bases:

    • Performance of a contract — to deliver the Service you signed up for.
    • Legitimate interests — to secure our infrastructure, prevent abuse, measure product performance, and run reasonable direct marketing to existing customers.
    • Consent — for non-essential cookies, marketing emails to new prospects, and any optional features that use additional data.
    • Legal obligation — to satisfy tax, accounting, and other regulatory requirements.

    You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

  6. How AI Processing Works

    The Service generates designs, photoreal renders, on-model imagery, video clips, flat lays, and tech-pack assets by sending your inputs (prompts, reference images, garment files) to a combination of in-house pipelines and third-party AI model providers.

    What this means for your data:

    • Your inputs and the generated outputs are stored in your workspace and tied to your account.
    • We transmit your inputs to model providers strictly to produce your output. We have data-processing agreements in place with these providers.
    • By default, we do not allow our model providers to use your inputs or outputs to train their general-purpose models. Where a provider does not offer this guarantee for a given feature, we will say so in the relevant studio.
    • AI systems can be wrong. Outputs may misrepresent people, products, or brands and may include inaccuracies, biases, or unexpected content. You are responsible for reviewing outputs before publishing or commercial use.

  7. Cookies, Pixels, and Similar Technologies

    We use a small number of first-party cookies for sign-in, preferences, and CSRF protection, and third-party cookies/pixels for analytics and advertising attribution (Google Analytics 4, Meta Pixel, PostHog).

    You can control non-essential cookies through our cookie banner, your browser settings, or platform-level opt-outs (e.g., the Global Privacy Control signal, which we honor in California). The full inventory and your controls are in our Cookie Policy.

  8. Sharing and Sub-processors

    We do not sell your personal information. We share it only with vendors that help us run the Service, with parties you direct us to share with, or where required by law.

    Categories of recipients include:

    • Cloud and database hosting — to store account data, generations, and uploads.
    • AI model providers — to produce the generations you request.
    • Payment processing — to charge subscriptions and credit purchases.
    • Email and transactional messaging — to send sign-up, billing, and product emails.
    • Product analytics (PostHog) — to measure usage and improve the Service.
    • Web analytics and advertising (Google Analytics, Meta Pixel) — to understand traffic sources and measure ad performance.
    • Authentication (Google Sign-In) — for users who choose to sign in with a Google account.
    • Customer support and bug-reporting tools — to help us answer your questions and fix issues.

    We share information with public authorities when we have a good-faith belief that disclosure is required by law, necessary to protect the rights, property, or safety of our users or the public, or in connection with an investigation of suspected fraud or abuse. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

  9. International Data Transfers

    Opus Designr is operated by JD Brand Collective Inc., based in the United States. Personal information may be transferred to, stored in, and processed in countries other than the one in which it was collected, including the United States. Where we transfer personal data out of the EEA, the UK, or another jurisdiction with cross-border restrictions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or similar mechanisms.

  10. Data Retention

    We keep personal information for as long as your account is active and for the time needed to deliver the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention windows:

    • Account profile and workspace data — for the life of the account, then up to 30 days after deletion to allow recovery in case of accidental cancellation.
    • User content (uploads, generations, tech packs) — until you delete it or close your account, then removed from active systems within 30 days and from backups within 90 days.
    • Billing records and tax invoices — retained for the period required by applicable tax and corporate law (typically 7 years).
    • Server and security logs — up to 90 days, longer where needed for an active investigation.

    You can request earlier deletion at any time by emailing admin@opusdesignr.com.

  11. Your Rights

    Depending on where you live, you may have some or all of the following rights regarding personal information we hold about you:

    • Access — request a copy of the personal data we have about you.
    • Correction — ask us to fix data that is wrong or out of date.
    • Deletion — ask us to erase your data, subject to legal retention duties.
    • Restriction — ask us to pause certain types of processing.
    • Objection — object to processing based on legitimate interests, including direct marketing.
    • Portability — receive your data in a structured, machine-readable format and transmit it to another controller.
    • Withdraw consent — for any processing that relies on your consent.
    • Lodge a complaint — with your local data protection authority.

    To exercise any of these rights, email admin@opusdesignr.com from the address tied to your account. We may need to verify your identity before responding. We aim to respond within 30 days.

  12. California Residents — CCPA/CPRA Disclosures

    If you are a California resident, the CCPA/CPRA gives you specific rights:

    • Right to know what categories of personal information we collected, the sources, the business or commercial purpose, and the categories of third parties we shared it with.
    • Right to delete personal information we collected from you, subject to legal exceptions.
    • Right to correct inaccurate personal information.
    • Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We treat the use of advertising pixels for retargeting as "sharing" under the CPRA. You can opt out via the Global Privacy Control signal, our cookie banner, or by emailing us.
    • Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes that trigger this right.
    • Right to non-discrimination — we won't deny you the Service, charge you a different price, or give you a worse experience for exercising your CCPA rights.

    You may use an authorized agent to submit a request on your behalf, with proof of authorization.

  13. Security

    We use a layered set of technical and organizational measures to protect personal data: TLS encryption in transit, encryption at rest for stored content and database backups, hashed credentials, scoped service-account permissions, role-based access controls, audit logging, and routine vulnerability monitoring. We restrict employee access to production data on a need-to-know basis and require multi-factor authentication on internal systems.

    No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

  14. Children's Privacy

    The Service is intended for users 16 and older. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

  15. Third-Party Sites

    Our Service may link to third-party websites, model providers, or integrations we don't control. This Privacy Policy doesn't cover their practices. Review their privacy notices before sharing personal data with them.

  16. Changes to This Policy

    We may update this Privacy Policy as the Service evolves or as the law changes. Material changes will be announced through the Service or by email at least 30 days before they take effect, unless an immediate change is required for legal compliance. The "Last updated" date at the top of this page shows when the current version was published.

  17. Contact Us

    Privacy questions, requests, or complaints can be sent to:

    JD Brand Collective Inc.
    Attn: Privacy
    admin@opusdesignr.com

    If you contact us about a privacy right, please include enough detail for us to verify your identity and respond accurately.