Privacy Policy

Last updated: November 30, 2025

1. Introduction

Welcome to My Hero Kiro ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered print-on-demand service.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Sign in using OAuth providers (Google, Apple)
  • Place an order
  • Contact customer support
  • Subscribe to our newsletter

This information may include:

  • Name and email address
  • Shipping and billing address
  • Payment information (processed securely by our payment provider)
  • Profile picture (if provided via OAuth)
  • Order history and preferences

2.2 OAuth Authentication Data

When you sign in using Google or Apple:

  • We receive your email address and basic profile information
  • We do not store your OAuth provider passwords
  • Apple users may choose to hide their email address
  • We only request necessary permissions (email and profile)

2.3 Generated Content

We store AI-generated images that you create using our service, including:

  • Image prompts and parameters
  • Generated images
  • Image metadata (creation date, model used, etc.)

2.4 Automatically Collected Information

We automatically collect certain information when you use our service:

  • Device information (browser type, operating system)
  • IP address and location data
  • Usage data (pages visited, features used)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our service
  • Process your orders and payments
  • Send order confirmations and shipping updates
  • Respond to your inquiries and provide customer support
  • Improve and personalize your experience
  • Detect and prevent fraud and abuse
  • Comply with legal obligations
  • Send marketing communications (with your consent)

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers

  • Payment processors (Stripe)
  • Print fulfillment partners (Gelato)
  • AI image generation services
  • Cloud storage providers
  • Email service providers
  • Analytics providers

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Secure OAuth authentication
  • Regular security audits
  • Access controls and authentication
  • Secure payment processing (PCI DSS compliant)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent for data processing

To exercise these rights, please contact us at privacy@myherokiro.com

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage patterns
  • Improve our service

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: privacy@myherokiro.com
  • Address: [Your Company Address]

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Our legal basis for processing your data includes: consent, contract performance, legal obligations, and legitimate interests.

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

We do not sell your personal information to third parties.