Effective date: 12 June 2026 · Last updated: 12 June 2026
This policy explains what Adopt-a-Nation, operated by AI-MDS,
collects, why, and your choices. We aim to collect as little as possible.
The short version. Quiz answers stay in your browser. If you buy HD images we
store your email and a one-way hash of your password (never the password itself). Photos you
upload are sent to Google’s Gemini API to generate your image and stored in our private cloud
bucket, then auto-deleted after 60 days. Payments go through Stripe — we never see your card.
We don’t sell your data.
1. What we collect
Account data (only if you create an account): your email address and a
salted PBKDF2 hash of your password. We cannot recover your plaintext password.
Photos & generated images: a selfie you choose to upload, and the image
generated from it.
Purchase data: your credit balance and a record that a given Stripe payment
was applied. Card data is handled entirely by Stripe — we never receive it.
Technical/abuse-prevention data: short-lived counts keyed to your IP address
and a proof-of-work token, used only to enforce rate limits and block bots.
In your browser only: your quiz answers and a temporary “pending purchase”
marker. These are not sent to our servers as part of your profile.
2. How your photo is processed
The instant “stylised” kit is rendered entirely in your browser — that photo
is not uploaded.
The optional photoreal kit sends your uploaded photo to Google’s
Gemini API for the AI edit. Google processes it under its API terms; we do not permit it
to be used to train models where that control is available to us.
The resulting image (and a watermarked preview) is stored in our private
Cloudflare R2 bucket under an unguessable identifier and is served only to you.
Image records and files are automatically deleted after 60 days.
3. Why we use it (legal bases)
To provide the feature you requested (performance of a contract / your request).
To process your payment and grant credits (contract).
To keep the Service secure and prevent abuse and fraud (legitimate interests).
4. Who we share with (processors)
Stripe — payment processing.
Google (Gemini API) — AI image generation.
Cloudflare — hosting, storage (R2), and bot/DDoS protection.
We do not sell your personal information or share it for advertising.
5. Retention
Uploaded/generated images: deleted after 60 days (often sooner).
Account email, password hash, and credit balance: kept while your account exists. Email us to
delete your account.
Abuse-prevention counters: expire automatically within hours to a couple of days.
Payment records held by Stripe are retained per Stripe’s policies and applicable law.
6. Your rights
Depending on where you live, you may have rights to access, correct, delete, or export your
data, and to object to certain processing. To exercise them, email
admin@aimedqs.com and we’ll respond within a reasonable time.
You can delete locally-stored data anytime by clearing your browser storage.
7. Cookies
We use a single essential, HTTP-only session cookie to keep you logged in after
purchase. We do not use advertising or third-party tracking cookies.
8. Children
The Service is not directed to children under 13, and we do not knowingly collect their data. If
you believe a child has provided us data, contact us and we will delete it.
9. Security
We protect the Service with HTTPS/HSTS, hashed passwords, host-locked session cookies,
same-origin request checks, rate limiting, and a proof-of-work bot gate on sensitive actions. No
system is perfectly secure, but we take reasonable measures to protect your data.
10. Changes
We may update this policy; the “Last updated” date reflects the latest version.