Learn how Martini Art, operated by StoryFlow AI, Inc., collects, uses, shares, and protects personal information. This Privacy Policy explains your rights and our practices, including how we use prompts, uploads, and outputs to operate and improve the Service.
Effective Date: May 9, 2026
Martini Art is operated by StoryFlow AI, Inc.. StoryFlow AI, Inc. ("StoryFlow AI, Inc.", "Martini", "we", "us", or "our") is the data controller responsible for the personal information described in this Privacy Policy. This Privacy Policy explains how we collect, use, share, retain, and protect personal information when you use Martini Art and related websites, applications, APIs, AI tools, and services (collectively, the "Service").
Capitalized terms not defined here have the meanings given in our Terms of Service.
Our business address is 1003 Post St, Apt 8, San Francisco, CA 94109, United States. For questions or requests, contact us at support@martini.art or via our Contact page.
This Privacy Policy applies to personal information we process in connection with the Service. It does not apply to (i) third-party websites, services, or applications that we do not control, even if they are accessible through the Service; or (ii) data processing performed under a separate written agreement with you (for example, a Data Processing Addendum, Enterprise Agreement, or order form), which governs to the extent it conflicts with this Policy. A separate notice, available on request, governs processing relating to our employees and contractors.
We collect personal information that you provide to us, that we collect automatically, and that we receive from third parties. Specific categories include:
We use third-party payment processors such as Stripe to process payments. They collect your payment card details and other billing information directly from you. StoryFlow AI, Inc. does not store full payment card numbers, but may store information associated with your payments such as the last four digits of your card, card-issuer country, billing address, transaction history, subscription status, plan, credit balance, and invoices.
We collect and process the content you submit to or generate through the Service, including:
Inputs, references, and Outputs may include personal information of you or others (for example, faces, voices, names, or contact details). You are responsible for ensuring you have the rights to submit that content. See our Terms of Service for restrictions on submitting another person's likeness, voice, or biometric data without sufficient rights.
If you use the Service through a Workspace, team, or organization, we process information about that Workspace and its members, including roles, seats, member identifiers, sharing settings, access permissions, member activity, credit allocations, and billing information for the Workspace administrator. The Workspace administrator may have access to information about Workspace members and their activity within the Workspace.
To protect account registration, social sign-in, one-time passcode flows, and other security-sensitive interactions from spam, fraud, and automated abuse, we use Cloudflare Turnstile, including its invisible mode. Cloudflare may receive technical and connection information such as your IP address, user agent, browser and device characteristics, TLS fingerprint, sitekey, origin, and request metadata. We use this only to distinguish humans from bots and to help keep the Service safe and available. See Cloudflare's Turnstile Privacy Addendum and Privacy Policy.
We may receive information about you from authentication providers, referral partners, business partners, marketing or analytics providers, fraud-prevention providers, or — if you use the Service on behalf of an organization — from that organization. We handle such information consistent with this Policy and the terms under which it was provided to us.
When you participate in surveys, contests, conferences, webinars, or events that we host, run, or sponsor, you may provide information such as name, email address, mailing address, demographic data, and event-specific responses.
We use personal information and Customer Content (including Inputs, Outputs, and metadata) for the following business purposes. Where required by applicable law, we rely on a lawful basis described in Section 11.
We may use User Content (including Inputs, Outputs, references, and project data), Feedback, metadata, usage data, telemetry, and related information to train, fine-tune, evaluate, benchmark, test, develop, enhance, evolve, and improve StoryFlow AI, Inc.'s and its affiliates' AI Models, algorithms, machine-learning systems, classifiers, products, services, and related technologies. This may include human or automated labeling, classification, content moderation, abuse and fraud detection, safety review, quality control, and model evaluation.
These uses apply to the default consumer, free, pro, and team plans. They do not apply to the extent restricted by an applicable account or workspace setting we expressly designate as restricting AI training or product-improvement use, by a plan-specific term we publish, or by a Separate Agreement (such as an Enterprise Agreement, DPA, order form, or enterprise terms) that expressly modifies or limits these rights for the customer covered by that Separate Agreement.
We use personal information for analytics, research, benchmarking, performance monitoring, and quality improvement, including by generating aggregated, de-identified, or anonymized data. We may retain and use such aggregated, de-identified, or anonymized data indefinitely without further notice to you.
Subject to the visibility settings then in effect for your User Content, applicable plan-specific terms, and any Separate Agreement that modifies these rights, we may use User Content, Inputs, Outputs, your public profile, username, displayed name, public Workspace name, public projects, public workflows, public templates, and public remixes for marketing, promotional, social, showcase, advertising, sales, investor, partner, case study, educational, demonstration, gallery, marketplace, community, and discovery purposes — including through our website, blog, product surfaces, social channels, ads, sales decks, presentations, press materials, and other media.
We may also send you direct marketing communications about the Service, new features, or events, where permitted by law. You can opt out of marketing emails at any time using the unsubscribe link or by contacting us.
We use personal information to comply with applicable laws, regulations, court orders, subpoenas, and governmental requests; to enforce these Terms; to establish, exercise, or defend legal claims; and to protect our legitimate business interests.
We share personal information only as described below.
We share personal information with our parent, subsidiaries, and other affiliates for the purposes described in this Policy.
We share personal information with vendors that perform services for us — including AI model providers, GPU and inference providers, hosting and infrastructure providers, storage providers, analytics providers, payment processors, fraud-prevention and bot-detection providers, content-moderation and trust-and-safety providers, customer support tools, email and notification providers, marketing providers, and professional advisors. These providers are permitted to process your information only on our instructions and for the purposes for which we engaged them.
The following table identifies third-party subprocessors authorized to process customer or personal data on behalf of StoryFlow AI, Inc. to provide the Service. We may add or remove subprocessors over time.
| Name of Subprocessor | Description of Processing | Location of Processing | Corporate Location |
|---|---|---|---|
| OpenAI | AI model inference for text and image generation | Global | USA |
| Anthropic | AI language model inference | Global | USA |
| Fal.ai | AI model hosting and inference | Global | USA |
| ByteDance (BytePlus) | AI video and image generation services | Global | China/Singapore |
| Vercel | Web hosting, Vercel Analytics, and Vercel Speed Insights | Global | USA |
| Supabase | Authentication, database, and storage services | Global | USA |
| Cloudflare | Bot detection, abuse prevention, and security challenges through Turnstile, plus content delivery and edge security | Global | USA |
| PostHog | Product analytics and event measurement | Global | USA/EU |
| Google Tag Manager | Tag management for analytics or marketing scripts after consent | Global | USA |
| Ahrefs | Website analytics | Global | USA |
| Stripe | Payment processing | Global | USA |
If you use the Service in a Workspace, members and administrators of that Workspace may see your activity, content, and account information within the Workspace. If you make User Content public (for example, by posting to a community, gallery, marketplace, showcase, share, or remix surface, or by sharing a link), other users and members of the public may view, copy, download, cache, screenshot, share, repost, or remix that content. We do not control how third parties use Public Content.
As described in Section 4.5, we may use User Content, Inputs, Outputs, public profile information, and other content for marketing and promotional purposes through our website, ads, social media, sales materials, and other channels.
We may disclose personal information when we believe in good faith that disclosure is necessary or appropriate to: comply with applicable law, regulation, legal process, court order, subpoena, or governmental request; enforce these Terms or other agreements; protect the rights, property, safety, or security of StoryFlow AI, Inc., our users, or the public; respond to claims of intellectual-property infringement; or prevent or investigate fraud, abuse, or technical or security issues.
We may share or transfer personal information in connection with, or during negotiations of, a merger, acquisition, financing, sale of assets, reorganization, bankruptcy, or other change of control or business transfer, or in the unlikely event we go out of business. The acquirer or successor may continue to process your personal information consistent with this Policy or as otherwise permitted by law.
We may share personal information with other parties when you direct us to or otherwise consent.
We use cookies, pixel tags, web beacons, local storage, and similar technologies (collectively, "Technologies") on the Service. Categories include:
You can manage non-essential cookies through the Cookie settings link in our footer or your browser. If you reject essential cookies, parts of the Service may not function properly.
The Service uses AI Models and automated systems to: generate Outputs in response to your Inputs; recommend features, models, templates, or workflows; detect and prevent abuse, fraud, and policy violations; classify, label, and moderate content; and measure quality and performance. We do not use automated decision-making to make decisions that produce legal effects concerning you or similarly significantly affect you, except where such processing is necessary for entering into or performing a contract with you, is authorized by law, or is based on your explicit consent.
You may have the right to request human review of an automated decision that significantly affects you, to express your point of view, and to contest the decision. Contact us using the details below to exercise these rights.
We retain personal information for as long as needed to fulfill the purposes described in this Policy, including providing the Service, complying with legal, accounting, audit, tax, fraud- prevention, safety, and reporting obligations, resolving disputes, and enforcing our agreements. Specific guidance:
When we no longer need personal information, we will delete, aggregate, or anonymize it, or isolate it from further use. However:
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No system can be guaranteed to be completely secure, and we cannot guarantee the security of any information you transmit to us or store on the Service.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware. Our notification will describe the nature of the breach, likely consequences, mitigating measures, and contact information for further inquiries.
We are based in the United States, and we and our service providers may process personal information in the United States and other countries that may have different data-protection laws than your country of residence. Where we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or other legally accepted means.
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal information on the following lawful bases:
Subject to applicable law and verification of your identity, you may have the following rights with respect to your personal information:
To exercise these rights, contact us at support@martini.art. We will respond within the time periods required by applicable law, typically within 30 days. We may need to verify your identity before processing your request and may decline requests where permitted by law (for example, where the request would impair the rights of others or where we must retain information to comply with legal obligations).
If you are a resident of California or another U.S. state with comprehensive privacy legislation, you may have additional rights, including the rights to know, access, correct, delete, and opt out of certain sharing or sale of personal information, and the right not to be discriminated against for exercising these rights. We do not knowingly "sell" personal information for money, but our use of certain advertising and analytics Technologies may be considered a "sale" or "sharing" under some state laws; you can opt out of non-essential cookies through the Cookie settings link in our footer or by contacting us.
Shine the Light (California): California residents may request information about the categories of personal information we have shared with third parties for those parties' direct-marketing purposes during the prior calendar year. To make a request, contact us with "California Privacy Rights Request" in the subject line.
Do Not Track: we do not currently respond to browser "Do Not Track" signals.
The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
Enterprise customers and certain other customers may enter into a Separate Agreement with us — for example, an Enterprise Agreement, DPA, order form, or enterprise terms — that may modify how we process customer data, including with respect to AI training, retention, data residency, audit rights, security commitments, and confidentiality. To the extent any such Separate Agreement conflicts with this Privacy Policy with respect to the same subject matter for that customer, the Separate Agreement controls for that customer.
To request enterprise terms, please contact us through our contact page or at support@martini.art.
The Service may link to or integrate with third-party websites or services. We are not responsible for the privacy practices or content of those third parties. Please review their privacy policies before providing personal information.
We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" above and, where required or appropriate, take reasonable steps to notify you (for example, by email, in-product notice, or by re-prompting you to accept the updated Policy). Where required by law, we will obtain your consent before applying material changes that require it.
Martini Art is operated by StoryFlow AI, Inc.. For any questions, requests, or concerns regarding this Privacy Policy or our data practices, contact us at support@martini.art, visit our Contact page, or write to 1003 Post St, Apt 8, San Francisco, CA 94109, United States.