Novart Studio Privacy Policy
This Privacy Policy explains how Novart Studio collects, uses, stores, shares, and protects information you provide or generate when using the website Studio, asset library, developer/API center, recharge and redemption functions, referral rewards, internal messages, and related features.
1. Scope
This Policy applies to personal information and business data generated when you use Novart Studio through https://www.novartspace.art. If the Service links to third-party websites, stores, model providers, or payment pages, those third parties are responsible for the information they collect independently, and you should also review their privacy policies.
2. Information We Collect
Depending on the features you use, we may collect the following categories of information:
- Account Information: email address, display name, password hash, registration time, most recent sign-in time, email verification status, ban status, and related reasons.
- Task and Content Information: prompts, reference images, selected models, resolution, aspect ratio, webhook URL, task status, error messages, generated results, previews, and download-related records.
- Account and Transaction Information: balance, bonus credits, wallet ledger, redemption or recharge code records, referral reward records, internal messages, and notification read status.
- Developer Information: API key prefix and hash, permissions and quota configuration, API request logs, request and response summaries, linked tasks, and callback endpoints.
- Device and Log Information: IP address, user agent, session identifiers, access time, request path, rate-limiting information, error logs, blocked generation attempts, and admin ban or unban audit logs.
- Browser-Side Information: the login session cookie
nova_art_session, language preference, local message-toast state, and browser Service Worker data used for signed-in notification or status synchronization.
We usually do not directly collect your bank card number or payment password inside the site. If you complete a purchase or recharge through a third-party store or payment page, payment details are primarily handled by that third party, while we keep account-related redemption, crediting, reconciliation, and consumption records inside the Service.
3. How We Use Information
- to create and maintain your account, complete sign-in, authentication, email verification, permission control, and session management;
- to receive and process generation tasks, upload or cache reference images, call upstream models or providers, return results, and display them in the asset library;
- to complete billing, debit balance, issue refunds or bonuses, redeem recharge codes, settle referral rewards, and conduct related financial reconciliation;
- to provide developer/API functionality such as key management, request records, quota review, troubleshooting, and result tracking;
- to send internal messages, announcements, security alerts, suspension notices, system updates, or service change notifications;
- to perform risk control, anti-abuse, rate limiting, anomaly detection, prohibited content blocking, suspension auditing, and security protection;
- to optimize service stability, performance, capacity planning, model routing, incident investigation, and product experience; and
- to comply with legal, regulatory, judicial, dispute-resolution, or compliance obligations.
4. Sharing and Disclosure
We do not sell your personal information to unrelated third parties without reason. We may share or disclose information in the following situations:
- Upstream Models and Service Providers: to complete image generation, callbacks, review, storage, or email delivery, we may send prompts, reference images, task parameters, callback URLs, necessary logs, or result data to relevant providers.
- Infrastructure Providers: hosting, storage, email, monitoring, security, logging, and network vendors may process data only to the extent needed to provide their services.
- Legal and Safety Reasons: where we reasonably believe disclosure is necessary to comply with law, enforce our terms, handle complaints, investigate violations, prevent fraud, or protect the platform or others.
- Business Reorganization: in connection with a merger, acquisition, restructuring, asset transfer, or insolvency process, data may be transferred as legally necessary.
- With Your Authorization: where you clearly consent to or request a specific disclosure.
5. Cookies, Local Storage, and Similar Technologies
- We use the necessary login session cookie
nova_art_sessionto recognize sign-in status, protect account security, and keep essential functions working. - We may store non-sensitive settings such as language preference and message-toast state in browser
localStorageto improve user experience. - Signed-in browsers may register a Service Worker for internal message delivery, status synchronization, or reduction of redundant requests.
- You may delete cookies or local storage through your browser settings, but doing so may sign you out or reduce the availability of certain features.
6. Data Retention
- Website task results, preview files, and visible asset-library content are generally retained for about 2 days, after which related files may be automatically cleaned up.
- Uploaded reference image files are generally retained for about 24 hours and may then be automatically deleted.
- Account records, wallet ledger entries, redemption records, API request logs, risk-control logs, and suspension audit records may be kept for longer where needed for security, reconciliation, appeal handling, compliance, or dispute resolution.
- Even if you request account deletion, some backups, financial records, or security audit records may continue to be retained for a reasonable period where necessary to meet legal obligations or resolve historical disputes.
7. Data Security
We use reasonable technical and organizational measures to protect data, such as access control, password hashing, audit logging, anomaly detection, permission isolation, and a minimum-necessary processing approach. However, no internet transmission or storage method is absolutely secure, so you should also keep your own password, API keys, and local device environment secure.
8. Your Rights and Choices
- You may review and update certain account information within the Service, such as your display name, password, and API keys.
- You may contact us to request access to, export of, correction of, or deletion of certain data related to your account. To protect security, we may require identity verification.
- You may delete local cookies or browser cache or disable browser notification permissions, though doing so may affect sign-in state or internal notification functionality.
- If you believe your account was restricted in error, you may also contact us to submit an appeal.
9. Minors
The Service is mainly intended for users with the legal capacity required in their jurisdiction. If you are a minor, please use the Service with the consent and guidance of your parent or guardian and avoid uploading or submitting sensitive information belonging to minors, identity information, or other inappropriate content.
10. Cross-Border Transfers
Because the Service may call domestic or international third-party models, cloud services, or infrastructure providers, your information may be transferred to and processed in countries or regions outside your own jurisdiction. Where this occurs, we will take reasonable measures to protect the relevant data within the scope required for business operations.
11. Changes to This Policy
We may update this Privacy Policy based on product changes, regulatory requirements, third-party service arrangements, or security needs. Updated versions will be posted on this page and will take effect on the publication date or other stated effective date.
12. Contact Us
If you have questions about this Privacy Policy, personal information processing, data retention, correction or deletion requests, or appeals, you may contact us via: