PRIVACY POLICY

REBEL STUDIOS AI — Privacy Policy

Effective Date: 4/12/2026 — Last Updated: 4/12/2026

This Privacy Policy explains how REBEL STUDIOS AI ("we," "us," or "our") collects, uses, stores, discloses, and protects information obtained from users of the PHOTOREBELGENX software application and associated services. Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

When you purchase a license or create an account, we collect:

• Name and email address;
• Billing information (processed by our payment processor — we do not store full payment card numbers);
• Company name and contact details (if purchasing for a business).

1.2 Information Collected Automatically by the Software (License Verification)

The Software includes a license verification mechanism ("Verification Service") that periodically contacts our servers. During verification, the Software automatically transmits:

• Your License Key or a one-way cryptographic hash of your License Key;
• A persistent device identifier generated at installation (a randomly generated UUID that does not map to hardware serial numbers but persists on the Licensed Device);
• Software version number and edition;
• Operating system type and version;
• Your device's IP address (collected as a byproduct of the network connection).

Purpose of collection: This data is collected solely to verify that the Software is properly licensed and to detect unauthorized multi-device use or license key sharing. It is not used for advertising, behavioral profiling, or sale to third parties.

1.3 Technical and Usage Data from Website/Portal

When you visit our website or customer portal, we may collect log data (IP address, browser type, pages visited, referring URLs) through standard web server logs and analytics tools.

1.4 Leaderboard Data

REBEL STUDIOS AI collects data to display on a public website (commonly referred to as) the Leaderboard. De-identified data regarding the total number of files sorted by the application is summarized with all other user data (in a de-identified manner) and shown in the Community Impact total.

Named leaderboard display is optional; user may optionally enter a name for display in the leaderboard ranking. Name displayed must be a nickname or a name of the user (an individual eighteen (18) years of age or older). Leaderboard names will be displayed on REBEL STUDIOS AI public website and will be viewable by the public. Inappropriate names will be deleted at the discretion of REBEL STUDIOS AI.

2. How We Use Your Information

We use the information collected for the following purposes:

• License Management: To activate, verify, and manage your software license and prevent unauthorized use;
• Account Services: To create and manage your account, deliver the Software, and provide customer support;
• Billing and Transactions: To process payments, prevent fraud, and comply with financial recordkeeping obligations;
• Communications: To send transactional emails (license confirmations, renewal notices, security alerts) and, with your consent, marketing communications;
• Legal Compliance: To comply with legal obligations, respond to legal process, and enforce our agreements;
• Security: To detect, investigate, and prevent fraud, abuse, and security incidents;
• Product Improvement: We may use aggregated, non-identifiable data to improve the Software.

3. How We Share Your Information

We do not sell your personal information. We may share information with:

3.1 Service Providers

We share data with third-party vendors who assist us in delivering our services, including:

• Payment processors (e.g., Stripe / PayPal) — governed by their own privacy policies;
• Cloud hosting and infrastructure providers (e.g., AWS / Azure / GCP);
• Email delivery services (e.g., SendGrid / Mailchimp);
• Analytics and error-monitoring services.

All service providers are contractually required to use your data only as directed by us and to maintain appropriate security measures.

3.2 Legal Requirements

We may disclose information if required by law, court order, subpoena, or to protect the rights, property, or safety of the Company or others.

3.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred to the successor entity, subject to this Privacy Policy.

4. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Policy:

• Account data: Retained for the duration of your account plus one (1) year following account closure;
• License verification logs: Retained for twelve (12) months, then aggregated or deleted;
• Transaction records: Retained for seven (7) years to comply with tax and accounting obligations;
• Device identifiers collected during verification: Retained for twelve (12) months after license expiration or termination.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

• Encryption of data in transit using TLS 1.2 or higher;
• Encryption of sensitive data at rest;
• Access controls limiting employee access to personal data;
• Regular security assessments and penetration testing.

No security measure is perfect. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

6. Your Rights and Choices

6.1 All Users

You may: (i) access, correct, or update your account information by emailing [email protected]; (ii) opt out of marketing communications at any time via the unsubscribe link in emails or by contacting us; (iii) request deletion of your account subject to our legal retention obligations.

6.2 EU/UK Users (GDPR Rights)

If you are located in the EU or UK, you have the following rights under GDPR/UK GDPR:

• Right of access (Article 15);
• Right to rectification (Article 16);
• Right to erasure ("right to be forgotten") (Article 17);
• Right to restriction of processing (Article 18);
• Right to data portability (Article 20);
• Right to object to processing based on legitimate interests (Article 21);
• Right to lodge a complaint with your national supervisory authority.

To exercise these rights, contact: [email protected]. We will respond within one (1) month as required by GDPR.

6.3 California Residents (CCPA Rights)

California residents have the right to: (i) know what personal information we collect, use, disclose, and sell; (ii) request deletion of personal information; (iii) opt out of the sale or sharing of personal information (we do not sell personal information); (iv) non-discrimination for exercising CCPA rights. Submit CCPA requests to: [email protected].

7. Children's Privacy

The Software and Services are not directed to children under the age of 13 (or 16 in the EU where applicable), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at [email protected] and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or via notice in the Software or on our website at least thirty (30) days before the changes take effect. Continued use of the Software after the effective date constitutes acceptance of the revised Policy.

9. Jurisdiction

Any disputes related to this Privacy Policy or our data practices shall be resolved in accordance with the dispute resolution procedures in our End User License Agreement, the State of New York, including the arbitration and class action waiver provisions therein.

10. Biometric Data

This software does not collect, process, or store biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act.

11. Disputes Contact Information

Rebel Studios AI | email: [email protected]

12. Illinois Residents Notice

Breach notifications under the Illinois Personal Information Protection Act (PIPA, 815 ILCS 530) will be delivered via email.

13. Contact

REBEL STUDIOS AI | Attn: Privacy Officer | [email protected]