Privacy Policy

INTRODUCTION

This Privacy Policy describes how the service provider (data controller) identified below (the "Provider", "we", "us", "our") collects, uses, discloses, and protects personal data when you: (a) access or use the Service (including via the Bot); (b) visit, browse, or otherwise interact with the Website; and/or (c) otherwise communicate or interact with the Provider in connection with the Service or the Website (including support requests, complaints, reports, and pre-contractual communications).

This Privacy Policy forms part of the agreement between you and the Provider under the Terms of Service (the "Terms") published on the Website at https://collage.tg/terms-of-service.

This Privacy Policy is prepared in accordance with the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) of the United Arab Emirates. Where applicable, we also comply with other data protection and privacy laws that may apply to the processing of your personal data based on your location or other connecting factors, including, by way of example, the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR and Data Protection Act 2018 (together with the PDPL and any other applicable laws, the "Data Privacy Laws"). This Privacy Policy applies to current, former, and prospective Users and other individuals whose personal data we process in connection with the Service and/or the Website.

Unless otherwise expressly stated in this Privacy Policy, all capitalized terms used in this Privacy Policy shall have the meanings given to them in the Terms.

DATA CONTROLLER

Trade Name: MAXIM PERTSOVSKIY INFORMATION TECHNOLOGY CONSULTANCY
Legal Form: Establishment
Abu Dhabi Economic Licence No.: CN-6180880
Licence Type / Category: Business / Freelance
Business Address: Office 3-122, Al Diyar , Al Wasl, Dubai, United Arab Emirates
Owner / Authorized Representative: MAXIM PERTSOVSKIY
Support Email: support@collage.team
Website: collage.tg

If you have questions or requests regarding privacy, contact us using the details above.

SCOPE; THIRD-PARTY PLATFORMS

This Privacy Policy applies to personal data we process when you:

  • interact with the Bot on Telegram;
  • use the Website;
  • purchase Token Packs or Subscriptions (where available);
  • contact support or submit complaints/reports.

Telegram, payment providers (PSPs), and other Third-Party Services may process personal data under their own terms and privacy policies. We do not control those third parties' practices. Where you interact with them, your relationship with those third parties is governed by their own policies.

ELIGIBILITY AND CHILDREN

The Service is intended for individuals aged 18+. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided personal data to us, contact us and we will take appropriate steps to delete it, subject to applicable Data Privacy Laws.

PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data:

Telegram account and identifiers

  • Telegram user ID, username, display name, and similar identifiers made available by Telegram;
  • bot messages/commands and interaction metadata required to operate the Service (e.g., feature selection, token usage events).

User Content

  • images/photos you upload to the Bot for processing;
  • any additional content you provide through the Service (if applicable).

Outputs

  • images generated by the Service based on your User Content.

Payment and transaction data

  • product type (Token Pack / Subscription), amounts, currency, timestamps, status;
  • transaction identifiers and receipts/records (as available);
  • limited payment metadata we receive from PSPs or Telegram Stars to confirm payment and handle refunds where required.

We do not store full payment card details. Card payment details are handled by the relevant PSP or platform.

Support, complaints, and enforcement data

  • communications with support (email and/or Telegram);
  • complaint/report submissions and attachments you provide;
  • information needed to investigate abuse, enforce the Terms, and comply with law.

Website and device data

If you visit the Website, we may collect:

  • IP address, device/browser type, pages visited, timestamps, referrer URLs, cookie identifiers, and similar analytics data (where used).

SOURCES OF PERSONAL DATA

We collect personal data from:

  • you directly (User Content, support messages, complaints, Website forms if any);
  • Telegram (account identifiers and bot interaction context provided through Telegram);
  • payment providers (PSPs and/or Telegram Stars) for transaction confirmation and related billing status; and
  • service providers (hosting/logging/security providers) that support Service delivery.

HOW WE USE PERSONAL DATA (PURPOSES OF PROCESSING)

We process personal data for the following purposes:

  • Service delivery: provide and operate the Service, generate Outputs, deliver Outputs, and manage Tokens/Credits.
  • Account and security: authenticate access via Telegram context, maintain security, prevent abuse, fraud, and unauthorized use.
  • Payments and accounting: process purchases, maintain transaction records, handle refunds if required by law, and manage billing disputes/chargebacks where applicable.
  • Support and complaints: respond to support requests, review complaints and reports, take enforcement actions where appropriate.
  • Reliability and improvement: monitor performance, debug errors, and improve stability and user experience.
  • Legal compliance: comply with applicable laws, lawful requests, sanctions/export control obligations, and protect legal rights.
  • Marketing (optional): send marketing communications only where permitted by applicable Data Privacy Laws and consistent with your preferences/consents, with opt-out mechanisms.
  • Personalization: tailor your experience of the Service, such as presenting features and content based on your interactions and usage patterns, subject to applicable Data Privacy Laws and your choices. We do not use phone calls for marketing and we do not sell your personal data.

LEGAL BASES FOR PROCESSING

Legal bases

Depending on your jurisdiction and the context, and where required by applicable Data Privacy Laws, we rely on one or more of the following legal bases:

  • Contract / performance of the Terms: to provide the Service you request, including generating Outputs and delivering paid features.
  • Consent: where you opt in to marketing, cookies (where required), or other processing that legally requires consent.
  • Legitimate interests: to operate, secure, and improve the Service, prevent abuse/fraud, and defend legal claims, balanced against your rights.
  • Legal obligation: to meet regulatory, accounting, compliance, and lawful request requirements.

Where local law requires a different legal basis, additional disclosures, or specific procedures, we apply them to the extent applicable.

Consent (where required)

Where applicable law requires consent for certain processing activities, we will request such consent in an appropriate manner and you may withdraw it at any time, without affecting processing carried out before withdrawal. Where local law requires a different legal basis, additional disclosures, or specific procedures, we apply them to the extent applicable.

AI PROCESSING; TRAINING; AUTOMATED DECISIONS

Processing to generate Outputs

We process your User Content to generate Outputs and provide the Service. This may involve use of Third-Party Services that provide compute, hosting, or safety tooling.

Model training

By default, we do not use your User Content or Outputs to train or improve general-purpose AI models unless we have a valid legal basis to do so (for example, your explicit consent where required under applicable Data Privacy Laws). We may process limited technical signals for reliability, safety, fraud prevention, and debugging.

Automated moderation and safety controls

We may use automated systems to detect and prevent abuse, fraud, and prohibited content. Such processing is intended to protect the Service and Users. We do not aim to make decisions that produce legal effects on you; however, automated systems may result in temporary restrictions or blocks where necessary for safety/compliance (subject to review and complaint procedures under the Terms) and to the extent permitted by applicable Data Privacy Laws.

SHARING AND DISCLOSURE

We may share personal data with:

Service providers (processors)

Third parties that help us provide and secure the Service, such as hosting providers, content delivery networks, logging/monitoring providers, customer support tooling providers, and safety tooling providers. They process personal data only on our instructions and under confidentiality and security obligations.

Payment providers

PSPs and/or platform payment services (including Telegram Stars) for payment processing, settlement, refunds (where required), and dispute/chargeback handling.

Legal and compliance disclosures

We may disclose information if we believe in good faith it is necessary to:

  • comply with a legal obligation or lawful request;
  • protect the rights, safety, and security of the Provider, Users, or others;
  • investigate fraud, security incidents, or Terms violations; and/or
  • establish, exercise, or defend legal claims.

Transfer of the Service; assignment; succession

If the Provider transfers, assigns, or otherwise disposes of the Service (in whole or in part) or any related assets, rights, or obligations (including by way of sale, assignment, novation, subcontracting, reorganization into a legal entity, or similar arrangement), or if the Provider's rights and obligations are transferred by operation of law (including succession), personal data may be transferred to the relevant successor, assignee, or service operator to the extent necessary to continue providing the Service or to complete such transfer. Any such transfer will be subject to appropriate safeguards and notice where required by applicable Data Privacy Laws.

DATA LOCATION; INTERNATIONAL DATA TRANSFERS

To provide the Service, we and our authorized service providers may process personal data using infrastructure located in one or more jurisdictions. Where applicable law imposes mandatory data location requirements and/or restrictions on cross-border transfers (including requirements that certain data be initially recorded or stored in a particular jurisdiction), we will take commercially reasonable steps to structure processing and storage accordingly. Any cross-border transfer (if any) will be made only where permitted by applicable law and subject to appropriate safeguards where required.

In some cases, we may request additional information reasonably necessary to determine and apply relevant requirements and may limit certain features or processing activities where we cannot reasonably meet mandatory applicable requirements.

DATA RETENTION

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless longer retention is required or permitted by applicable law.

User Content

User Content is retained only as long as necessary to provide the Service, including generating Outputs, delivering Outputs to you, providing support, and maintaining reliability and security. It is then deleted or anonymized, unless retention is required or permitted by law (including for legal compliance, dispute handling, fraud prevention, or enforcing the Terms), consistent with applicable Data Privacy Laws.

Outputs

Outputs are generally available to you for up to 72 hours from generation. After that, they may be deleted and may no longer be retrievable.

Transaction records

We retain transaction and accounting records as required by law and for legitimate business purposes (e.g., audit, dispute/chargeback handling). These records typically include transaction identifiers and payment status, not full payment card data.

Backups

The Provider shall not be liable for any loss, deletion, corruption, or unavailability of Outputs, whether caused by system limitations, Third-Party Services, platform constraints, or user action. You are responsible for maintaining your own backups of Outputs. We do not guarantee availability beyond the retention period.

DATA MINIMIZATION AND ACCURACY

We aim to:

  • collect only the personal data reasonably necessary for the purposes described above; and
  • keep personal data accurate and up to date where relevant.

You can request correction of inaccurate personal data by contacting us.

SECURITY

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. Measures may include access controls, encryption in transit where supported, monitoring, and least-privilege practices.

No system is perfectly secure. In particular, the Service relies on Third-Party Services (including Telegram and payment providers), which have their own security measures and risk profiles.

Where required by applicable Data Privacy Laws, we will handle personal data breaches in accordance with applicable notification obligations.

YOUR RIGHTS AND CHOICES

Your rights

Your rights depend on your jurisdiction. Subject to applicable Data Privacy Laws and certain exceptions, you may have the right to:

  • request access to personal data we hold about you;
  • request correction/rectification of inaccurate data;
  • request deletion/erasure of personal data;
  • request restriction of processing;
  • object to certain processing (including direct marketing);
  • request data portability (where applicable);
  • withdraw consent (where processing is based on consent), without affecting processing before withdrawal;
  • lodge a complaint with a competent authority (where applicable).

How to exercise rights

Contact us using the details in Section 20. We may request additional information to verify your identity and process your request. We respond within the timeframes required by applicable Data Privacy Laws.

Marketing preferences

If we send marketing communications, you can opt out at any time by using the opt-out mechanism provided or by contacting support. Service/transactional messages are not marketing and may still be sent.

COOKIES AND SIMILAR TECHNOLOGIES (WEBSITE)

Overview

When you use the Website, we (and, where applicable, our authorized service providers) may use cookies and similar technologies (such as pixels, local storage, SDKs, and device identifiers) to operate the Website, improve functionality, enhance performance, and protect the Service. This Section describes how these technologies work and how you can control them.

For avoidance of doubt, cookies are primarily a Website technology. Interactions within the Bot are governed by Telegram's platform capabilities and settings. Where similar tracking technologies are used in connection with the Website or other Provider-operated applications, this Section applies.

What are cookies?

Cookies are small text files placed on your device when you visit a website. Cookies allow the Website to recognize your browser or device, remember your settings and preferences, and understand how users navigate and interact with the Website.

Cookies may be session cookies (deleted when you close your browser) or persistent cookies (remain on your device until deleted or expired).

Types of cookies and similar technologies we may use

Depending on your location, settings, and how you use the Website, we may use the following categories:

Strictly necessary cookies

These cookies are required for the Website to function and cannot be switched off in our systems in many cases. They are used, for example, to:

  • enable core Website features;
  • support security measures and abuse prevention; and
  • maintain basic session integrity.

Functional cookies

These cookies help the Website remember choices you make and provide enhanced, more personalized functionality, such as:

  • remembering language preferences or region (where available);
  • remembering certain Website settings; and
  • enabling features that improve usability.

Optional analytics cookies

These cookies help us understand how the Website is used (e.g., which pages are visited, how long users stay, what errors occur) so we can improve performance and user experience. Analytics may be aggregated and may include information such as device/browser type, approximate location derived from IP, and interaction events.

Where required by applicable Data Privacy Laws, analytics cookies are used only with your consent.

Marketing cookies (where applicable)

Marketing cookies may be used to:

  • measure the effectiveness of advertising campaigns (if any);
  • deliver content that may be more relevant to your interests; and/or
  • limit how often you see certain promotional content.

We do not use phone calls for marketing and we do not sell your personal data. Where required by applicable Data Privacy Laws, marketing cookies are used only with your consent.

Managing cookies through your browser

Most browsers allow you to control cookies through settings, including to:

  • block cookies;
  • delete existing cookies; and/or
  • configure notifications when cookies are set.

If you block or delete cookies, some Website features may not function properly, and your experience may be degraded. In certain cases, disabling cookies may prevent specific Website features from working at all.

To learn more about managing cookies, consult your browser's help pages or settings documentation. You may withdraw or change your cookie preferences at any time through your browser settings.

THIRD-PARTY LINKS AND SERVICES

The Service and Website may reference Third-Party Services (e.g., Telegram, payment providers). We are not responsible for their privacy practices. You should review the relevant third-party privacy policies.

SUPERVISORY AUTHORITY AND COMPLAINTS

If you have a privacy complaint, contact us using the details in Section 1. Where applicable under Data Privacy Laws, you may also have the right to lodge a complaint with a competent data protection authority in your jurisdiction. For users located in the UAE, the competent supervisory authority is the UAE Data Office.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. The "Effective Date" at the top indicates when it was last updated. We will post updates on the Website and/or make them available through the Service. Your continued use of the Service after an update becomes effective indicates that you have read the updated Privacy Policy, subject to any requirements of applicable Data Privacy Laws.

Effective Date: 13 January 2026

CONTACT

For privacy questions, requests, or complaints, contact:
Email: support@collage.team
Website: collage.tg
Business Address: Office 3-122, Al Diyar , Al Wasl, Dubai, United Arab Emirates