Updated
April 15, 2026
Privacy Policy Official Version
Privacy Policy
This Privacy Policy explains how Corn Generative collects, uses, stores, shares, and protects your personal information and creative content when you visit our website, register an account, upload assets, submit text instructions, run AI text or image generation tasks, purchase credits, or contact support.
Effective
April 15, 2026
Important Notice
Corn Generative is operated by a team based in Ontario, Canada. We currently provide online services for AI model generation, virtual try-on, general image creation, and text-assisted workflows. Our production environment uses Google Gemini models for certain text and image generation requests. If we later add an enterprise offering, SDK, standalone app, or new model capabilities, we will update this policy and notify you as required.
01
Scope and definition of application
First, clarify which services this agreement covers, who processes the data, and its relationship with other rule documents.
This policy applies when you visit the Corn Generative website, register or sign in to an account, use AI model generation, virtual try-on, general generation, prompt enhancement, text suggestions, asset management, project drafts, credit purchases, referral features, support services, and related web or API services. Corn Generative is currently operated by the Wahoo Technology team in Ontario, Canada. If future pages, notices, or order documents identify a specific legal entity, brand entity, or data controller, that disclosure will control. This policy, together with the Terms of Service, payment notices, campaign rules, feature dialogs, and on-page notices, explains how your data is handled when you use the service.
02
Information we collect
We only collect information to the extent necessary to achieve registration, authentication, text/image generation, payment, risk control and after-sales; refusing to provide certain information may cause some functions to be unavailable.
Depending on the functions you use, we will collect necessary information in different scenarios. If a certain piece of information is not necessary to complete the corresponding function, we will not force you to provide it; however, if you refuse to provide key information, you may not be able to complete registration, login, payment, upload, generation or after-sales processing.
Account and identity information: email address, password encrypted hash value, email verification status, account role, invitation code, invitation relationship, login token, refresh token and verification information related to account security.
Transaction and benefit information: recharge package, order number, payment method, payment status, points balance, points flow, welcome points, rebate records and activity reward records.
Creation and asset information: model images, garment images, general images, reference images, prompts, negative prompts, text instructions, project drafts, model profiles, garment groups, auto-tags, text suggestions, generated results, thumbnails, history records, and related save or management actions you take.
Device and log information: IP address, basic browser and device information, access time, request logs, error logs, task status, abnormal retry information and anti-abuse records.
Local storage information: login status, user profile cache, workbench draft, project name, general generation history and some page input preferences saved in the browser's localStorage.
03
How we use information
The purpose of collecting information mainly revolves around account opening, service delivery, text/image generation, payment settlement, security and customer support.
We use this information to register and verify accounts, manage sign-in sessions, receive and process uploaded assets, convert images into suitable formats for generation and display, and store outputs in object storage. We also use it to run prompt enhancement, text suggestions, auto-naming, model generation, virtual try-on, general generation, auto-tagging, and history views through Google Gemini and related image-processing infrastructure; process credit purchases, deductions, refunds after failed or cancelled tasks, referral rewards, and anti-abuse checks; troubleshoot issues, monitor service stability, and improve the editing experience; and meet our legal obligations in connection with compliance, rights protection, disputes, and security incidents. We do not publicly showcase your uploaded content, prompts, text outputs, or generated results as marketing examples without your separate permission.
04
Cookies, Local Storage and Similar Technologies
The current website mainly relies on the browser's local storage and necessary caching capabilities to maintain login status and text/image creation continuity, rather than advertising tracking cookies.
To ensure that you can continue to use the service when you refresh the page, jump to the workbench, or visit again, we will use localStorage, session cache, and necessary front-end caching mechanisms to save a small amount of information on the browser side. After clearing your browser's local storage or changing devices, you may be logged out and drafts, history, or page inputs that are not synced to the cloud may be lost.
Login and security: Save access tokens, refresh tokens, and basic user profiles to maintain logged in status and continue accessing protected pages when tokens rotate.
Creation continuity: Save try-on project drafts, project names, general generation history, prompt word drafts, text input, and local page preferences to help you continue the last creative process.
Performance and experience: Use browser caching to improve static resource loading speed, reduce repeated requests, and improve page response experience.
05
Information Sharing and Disclosure
We will not sell your personal information to unrelated third parties except as required by laws and regulations or as necessary to deliver core services.
We will only share information to the extent necessary to realize services, perform contracts, ensure security, complete payments or comply with legal obligations, and require the recipient to protect data security in accordance with applicable laws and contractual agreements.
Cloud infrastructure and object storage: for storing uploaded images, thumbnails, generated results, and content delivery capabilities, such as Cloudflare R2 and related edge delivery services.
Email service: used to send registration verification emails and necessary notifications, such as AWS SES or similar transactional email services.
Payment service: When you recharge, the necessary order information will be submitted to AlphaPay and the Alipay or WeChat payment channel you actively choose to complete payment collection and reconciliation.
Google Gemini and related processing services: To provide prompt enhancement, text suggestions, text generation, image tagging, model generation, virtual try-on, and general generation, we may send relevant prompts, image files, text inputs, generated outputs, and required parameters to the Google Gemini API and supporting processing infrastructure.
Legal and security scenarios: We may disclose necessary information to regulatory authorities, judicial authorities, professional consultants or transaction partners when required by laws and regulations, regulatory requirements, judicial procedures, intellectual property complaints, fraud investigations, account security or dispute resolution.
06
Data storage, retention periods and security measures
We follow the minimum necessary principle to save data, and adopt measures such as access control, token management, and callback signature verification to reduce risks.
Image files are usually stored in object storage. The business database mainly stores necessary metadata, URLs, tags, orders, points flow, task status, text request summary and account information, rather than directly storing the binary text of the image in the business database. Text prompt words, system-generated text suggestions, task parameters and logs will be saved in databases, caches or restricted logs according to business needs. Passwords are saved in encrypted hash form; email verification tokens are valid for 24 hours by default, refresh tokens are valid for 30 days by default, and task status caches are generally retained for 24 hours. We will take security measures such as account authentication, permission isolation, log traces, callback signature verification, minimized access and fault monitoring. Uploaded materials, text requests, generated results, project drafts and historical records are usually retained until you actively delete them; orders, points flow, risk control and dispute handling records may be retained for a longer period of time in accordance with legal requirements or for audit and evidence purposes. After data is deleted, copies in backups, caches or logs may continue to be retained for a reasonable period until overwritten or deleted in accordance with the law.
07
Cross-border transmission and overseas processing
Because the operations team, cloud service provider, email service, and Google infrastructure may be deployed in different countries or regions, your data may be transferred across borders.
Corn Generative is operated by a team based in Ontario, Canada, and may rely on object storage, email services, payment settlement services, and Google Gemini-related infrastructure deployed in Canada, the United States, or other countries or regions. As a result, your account information, order details, uploaded assets, text inputs, prompts, generated text, and generated images may be accessed, transmitted, processed, or briefly cached outside your home country or region. Where cross-border transfers are necessary, we aim to follow the data minimization principle and reduce risk through contractual safeguards, access controls, and security measures. If you have questions about overseas recipients, processing scenarios, or the safeguards that apply, you can contact us using the details on this page.
08
your rights
Within the scope of applicable laws, you have the right to know, correct, delete, withdraw authorization and object to our data processing activities.
We respect and support your requests for access, correction, deletion and compliance challenges in accordance with applicable Canadian privacy laws. To prevent unauthorized requests, we may ask you to verify your account, order, upload record, or other information relevant to the request. For requests that cannot be fulfilled immediately, we will explain the reasons and possible alternative paths.
Access and correction: You can view basic account information, points records and part of the creation history; when you find that the information is inaccurate, you can request corrections through the site's functions or contact customer service.
Deletion and cancellation: You can delete some uploaded materials, generation records, model files or clothing materials by yourself; you can also contact service@corngen.com to apply to delete your account and related data.
Interpretation and copying: Within the scope of legal requirements and technical feasibility, you can ask us to explain the data processing rules, sharing objects, Google Gemini processing scenarios, cross-border arrangements, and apply for a copy of the data related to you.
Withdrawal and Complaint: You can withdraw your previous authorization, object to certain automatic processing or risk control judgments, or complain to us; we will process and respond within a reasonable period.
09
Minors’ information protection
This service is mainly aimed at enterprises, brands, studios and adult individual users, and does not target minors.
If you have not reached the age of majority in your jurisdiction, please do not register, recharge, upload portraits, submit text requests or use this service on your own; if applicable law allows you to use it with the consent of your guardian, please obtain the explicit consent of your guardian first. If guardians find that we have processed minors' personal information without obtaining appropriate consent, please contact us in time and we will delete or de-identify it as soon as possible after verification.
10
Protocol update
When there are changes in service functions, legal requirements or data processing methods, we may update this Agreement and notify you through reasonable means.
We have the right to revise this Agreement based on product upgrades, business adjustments, changes in laws and regulations, or regulatory requirements. For general updates, we will directly publish a new version on this page and update the "Last Update" date; for important updates that may significantly affect your rights and obligations, we will remind you through site announcements, pop-up prompts, email notifications, or other reasonable means based on the actual situation. The new version of the Agreement will take effect from the effective date; if you continue to use the service after it takes effect, you will be deemed to have accepted the updated content.
11
Contact us
If you need to submit a privacy request, deletion request, infringement complaint or cross-border consultation, you can contact us as follows.
You can send an email to service@corngen.com and indicate the type of matter such as "Privacy Request", "Deletion Request", "Account Cancellation" or "Complaint Report" in the title. In order to improve processing efficiency, please try to attach your registration email, order number, task number, material ID, request content and auxiliary information for verification. We will usually respond within a reasonable period of time after identity verification; if it involves complex disputes, batch data retrieval or legal review, the processing time may be extended appropriately.
Contact
Privacy Officer
If you want to access, correct, or delete personal information, request account deletion, ask about cross-border transfers, or submit a privacy complaint, please contact us from your registered email address or another address that can verify your identity. To protect account security, we may ask for additional verification details. This email address also serves as Corn Generative's privacy contact point.
service@corngen.com
Address
Wahoo Technology Team, Ontario, Canada (detailed correspondence address can be obtained through the above email address)