Privacy Policy | Arc en Ciel

Controller

ArcEnCiel UG is the controller for the platform at arcenciel.io and its subdomains.

ArcEnCiel UG Am Vietshof 2-4 46236 Bottrop Germany Represented by: Murat Turcan, Managing Director Email: [email protected] Register court: Amtsgericht Gelsenkirchen Register number: HRB 19844

Privacy contact: [email protected]

Supervisory authority: Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen, https://www.ldi.nrw.de/

Scope and Public Visibility

We process account, profile, community, upload, moderation, security, billing, support, and optional integration data so users can use Arc en Ciel.

Public uploads, comments, reactions, collections, profile text, profile media, and other community activity can be visible to other users, visitors, search engines, and third parties outside our control.

Processing Activities

• Account creation, login, email verification, password resets, two-factor state, authentication cookies, and account security.
• Public profile, uploads, model files, images, videos, articles, collections, comments, reactions, and creator workflows.
• Security, moderation, illegal-content notices, abuse prevention, audit logging, guest identifiers, and hashed IP based deduplication.
• Download history, download counting, supporter memberships, donations, Stripe checkout sessions, billing metadata, and required legal confirmations.
• Optional analytics, optional guest cookies, Cloudflare Turnstile, Discord login or linking, Civitai import or export, Hugging Face downloads, and generator assistant requests.

Cookies and Device Storage

• Necessary cookies include token, refreshToken, and twoFactorToken for signed-in use and account security.
• Optional storage can include analytics consent, guest pseudonymous identifiers, theme and rating preferences, Civitai export session state, link-service base URLs, and generator UI preferences.
• Optional analytics and the optional guest cookie are enabled only after consent and can be changed later from Cookie settings in the footer.

Your Rights

Depending on the context, GDPR rights can include access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent where processing is consent based.

You can use product settings where available or contact [email protected]. You can also lodge a complaint with a competent supervisory authority.

Retention and Transfers

Account and public content data is generally retained while the account or content remains active. Security, moderation, audit, legal, billing, backup, and compliance records can remain for limited or legally required periods.

Providers can process data in the EU/EEA and, depending on the provider, in other countries. We rely on provider terms, contractual safeguards, and transfer mechanisms where required.