hermoso
Sign inSign up
Legal

Privacy Policy

Last updated: 2026 · Effective at launch

Template — not yet in force. Hermoso is in private build. This document is a working draft to be reviewed by legal counsel before public launch; it does not yet create binding obligations. Questions: [email protected].

This Privacy Policy explains how Hermoso ("Hermoso", "we", "us") collects, uses, and protects information when you use our website and the Hermoso application (the "Service"). We've tried to write it like humans, not lawyers.

1. Information we collect

  • Account information — your name, email address, and authentication details when you create an account or sign up.
  • Brand & creative inputs — the brand details, product images, prompts, reference ads, and other content you provide so the Service can generate creative for you.
  • Generated content — the images, videos, copy, and projects you create with the Service.
  • Billing information — handled by our payment processor (Stripe). We receive limited details such as plan, status, and the last four digits of your card; we never store full card numbers.
  • Usage & device data — log data, approximate location, browser/device type, and how you interact with the Service, collected to operate and improve it.
  • Cookies & similar technologies — see "Cookies" below.

2. How we use your information

  • To provide, operate, and improve the Service — including generating creative from your inputs.
  • To personalize the Service to your brand and remember your preferences and past work.
  • To process payments, manage subscriptions and credits, and prevent abuse or fraud.
  • To communicate with you about your account, updates, and (with your consent) product news.
  • To comply with legal obligations and enforce our Terms.

3. Your inputs and AI generation

To generate creative, your prompts and assets may be sent to trusted third-party AI model providers that power the Service. We share only what's needed to fulfill your request, and we do not sell your inputs. We do not use your private brand assets to train third-party foundation models without your consent. You retain rights to your inputs and, subject to our Terms, to the content you generate.

4. How we share information

We do not sell your personal information. We share it only with:

  • Service providers — payment processing (Stripe), cloud hosting, AI model providers, analytics, and email delivery, each bound to handle data on our behalf.
  • Ad-library data — our research features query publicly available advertising libraries (e.g., Meta, Google, LinkedIn, TikTok). We don't share your private data with them to do so.
  • Legal & safety — when required by law or to protect rights, safety, and the integrity of the Service.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice where required.

5. Cookies

We use essential cookies to keep you signed in and the Service working, and limited analytics cookies to understand usage. You can control non-essential cookies through your browser or our cookie settings where offered. We honor "Do Not Track" signals where legally required.

6. Data retention

We keep your information for as long as your account is active or as needed to provide the Service, then for a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion at any time.

7. Security

We use industry-standard measures — encryption in transit, access controls, and reputable infrastructure providers — to protect your data. No system is perfectly secure, but we work hard to keep yours safe.

8. Your rights

Depending on where you live (including under the GDPR and CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict the use of your personal information, and to object to certain processing. To exercise any of these, email [email protected]. We won't discriminate against you for exercising your rights.

9. International transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal information.

11. Changes to this policy

We may update this policy from time to time. We'll post the new version here and update the "Last updated" date; material changes will be communicated where appropriate.

12. Contact

Questions about privacy? Email us at [email protected].