Privacy Policy

Radiate Privacy Policy

Effective Date: April 19, 2026

Version: 1.3

Entity: Radiate Validator LLC (“Radiate,” “we,” “us,” or “our”) - Los Angeles, CA, USA

Contact: privacy@radiatestudio.ai

1. Scope and Purpose

This Privacy Policy explains how Radiate collects, uses, discloses, and protects personal information when you use our websites, applications, accounts, products, and services, including Radiate Studio, Radiate Art, radiatestudio.ai, app.radiatestudio.ai, radiate.art, radiatevalidator.com, and any related websites or services that link to this Privacy Policy (collectively, the “Services”).

It applies to all visitors, registered users, beta participants, and users who view or interact with Radiate Art, including through likes, comments, saves, shares, or other account-based features.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

Data Controller

Radiate Validator LLC is the data controller responsible for your personal information unless otherwise specified in a Data Processing Addendum or enterprise agreement.

EU/UK Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

• United Kingdom (UK)
• European Union (EU)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/radiate-studio

2. Information We Collect

We collect the following categories of information:

2.1 Account and Profile

• Email address, username, and optional display name
• Authentication identifiers (Auth0, Google, Apple)
• Subscription tier and usage status

Radiate Art account activity. If you use Radiate Art while logged into a Radiate Studio account, we may collect and associate with your account your Radiate Art activity, including likes, comments, saves, shares, follows, viewing activity, interaction history, moderation reports, and related metadata.

2.2 Content and Project Data

• Prompts, uploads, outputs, and project files you create
• Associated metadata (e.g., timestamps, settings, versions)

Public and community content. If Radiate Art allows comments, public profiles, reactions, submissions, or other interactive features, we may collect the content you provide, the content you interact with, and related moderation, safety, and abuse-prevention metadata.

2.3 Usage and Device Information

• Interactions with our apps and APIs
• Device type, OS, browser, region/IP, locale
• Crash reports and diagnostic logs

2.4 Payments and Billing

• Subscription and transaction records via Stripe (we never store full card numbers)

2.5 Cookies and Local Storage

• Session and security cookies, preferences, analytics identifiers

2.6 Support and Feedback

• Messages, attachments, and communications you send to our team

While the Services generally require registration to function, you may contact Radiate without creating an account for general inquiries (for example, by emailing support). If you contact us by email, we will receive your email address and any information you include in your message.

3. How We Use Information

We process data to:

1. Provide and operate the Services and core AI generation features.
2. Authenticate logins and manage accounts and subscriptions.
3. Enforce usage limits and ensure security and content safety.
4. Analyze performance and improve quality and reliability.
5. Communicate with you about updates, support, and billing.
6. Comply with law and prevent fraud or abuse.
7. Improve platform features, reliability, and safety using aggregated, anonymized, or pseudonymized usage and diagnostic data. Pseudonymized data reduces identifiability but does not render data anonymous.
8. Operate Radiate Art, including public gallery pages and logged-in features such as likes, comments, saves, shares, and other account-based interactions.
9. Moderate comments, public interactions, reports, and other community features to enforce our Terms, Acceptable Use Policy, and content-safety rules.
10. Understand engagement with public art, video, gallery, and showcase pages to improve content presentation, product experience, safety, and reliability.

We may process data related to moderation, reports, or appeals to enforce our Terms of Service and maintain a safe environment.

Radiate does not sell personal information or share personal information for cross-context behavioral advertising as those terms are defined under California law. Where we technically support recognized opt-out preference signals (including Global Privacy Control), we honor them for applicable sale/sharing contexts. You may also submit an opt-out request by emailing privacy@radiatestudio.ai. If our practices change in a way that requires an opt-out, we will implement and honor required opt-out preference signals. Where required by applicable law, we assess privacy risks associated with our processing activities and conduct Data Protection Impact Assessments where appropriate.

We may send you product updates or marketing communications where permitted by law. You can opt out of these communications at any time by following the unsubscribe link in our emails or contacting us at support@radiatestudio.ai

Content Safety, Moderation, and Review

To help maintain a safe and lawful platform, Radiate may use automated content screening tools, including third-party safety and moderation services, on product surfaces where such controls are enabled and configured, and may also use user reports and human review. These tools may include text and image moderation APIs provided by vendors such as OpenAI and other qualified safety providers.

If content is flagged by our automated systems, it may be reviewed by authorized human reviewers for the purpose of determining appropriate next steps. Such steps may include issuing warnings, restricting or suspending account access, terminating accounts, preserving relevant records, or taking other actions necessary to enforce our policies or comply with legal obligations.

In limited circumstances, and where required by law or deemed necessary to protect users, the public, or our services, Radiate Studio may disclose relevant information, including flagged content and associated account data, to law enforcement or other appropriate authorities. We do not use customer content for public display or marketing without the user’s explicit permission.

4. Cookies and Tracking Technologies

Radiate uses cookies, SDKs, local storage, and similar technologies to operate, secure, and improve its websites and Services. The specific technologies used depend on whether you are visiting our public website or using the authenticated Radiate Studio application.

Public Website (Landing Pages)

On our public-facing websites (including radiatestudio.ai, app.radiatestudio.ai, radiate.art, and radiatevalidator.com), we may use one or more analytics providers to understand general website usage and improve performance. Where required by law, non-essential analytics technologies on public websites are activated only after consent.

Authenticated Application

When you log into the Radiate Studio application, we use certain technologies that are necessary to provide core functionality, including authentication, security, and session management. These necessary technologies do not require consent.

Within the authenticated application, we use analytics and user experience tools such as Firebase, PostHog, and Hotjar to understand how users interact with the application and improve usability and reliability. On web surfaces, analytics technologies that rely on cookies or local storage are controlled by your consent preferences and, where consent is required by law, are not activated until consent is provided. In jurisdictions where consent is not required, or for server-side operational telemetry that does not rely on browser cookies, we may process limited analytics and diagnostic data based on our legitimate interests in security, fraud prevention, and service reliability.

We also use Sentry for security, error monitoring, and application stability. Sentry processes technical error and performance data to help us detect, investigate, and remediate service issues. This data may be pseudonymized and may include technical identifiers (such as device information and IP address) depending on configuration. We do not use Sentry for cross-context behavioral advertising.

You may manage your cookie and tracking preferences at any time through the “Cookie Preferences” link or in-app controls, where available. For more information, please see our Cookie & Preferences Policy at: https://radiatestudio.ai/legal/cookies.

5. AI Processing and Third-Party Providers

5.1

Radiate routes prompts and uploads to AI infrastructure partners (such as Luma, Runway, Kling, and fal.ai) to generate Outputs requested by users. These providers receive prompt and file data as needed to generate the requested Outputs. We do not send your payment card details to these providers. However, as with most online services, providers may receive limited technical information (such as IP address and device/network metadata) as part of processing requests, depending on the integration.

5.2

Where required by applicable data-protection law, we enter into written data-processing terms with our providers to address confidentiality, security, and permitted processing.

5.3

We may use aggregated or de-identified data to improve service reliability, safety, and product performance. This does not authorize training third-party foundation models on private User Content without your explicit opt-in consent.

5.4

Radiate Studio does not train foundation models on user content. We use User Content and Outputs only to provide the Services and for safety, security, debugging, and service improvement (for example, fixing bugs and improving reliability), and we do not use your private projects to train third-party foundation models unless you explicitly opt in. Outputs are generated via licensed third-party engines. We may use anonymized analytics to improve prompt-handling and moderation accuracy.

5A. AI Transparency & Model Information

Radiate Studio provides generative-AI tools that transform user-supplied prompts, references, or uploaded materials into visual or audiovisual outputs.

Model Providers: Radiate operates through licensed third-party model providers, including (but not limited to) Luma, Runway, Kling, and fal.ai. These providers process prompt and file data to generate the requested outputs. Depending on what you submit, prompt and file data may contain personal information, and providers may also receive limited technical metadata required to process requests. Radiate does not share full payment card numbers with these providers.

Training Sources: Radiate Studio does not train foundation models on user content. The underlying models are developed and trained by their respective providers using datasets and methods determined by those providers. Radiate does not control providers’ training datasets. Radiate Studio does not re-train or fine-tune these models with user projects without explicit consent.

Bias and Limitations: AI-generated outputs may reflect inaccuracies or social biases that exist within training datasets. Users are responsible for reviewing and verifying all generated material before using it publicly or commercially.

Content Safety and Moderation: Where enabled and configured in the relevant product surface, Radiate may apply automated filters, user-report handling, and human review to detect and prevent the generation or distribution of illegal, hateful, or sexual material, consistent with our Terms of Service, Responsible AI Statement, and moderation procedures.

Human Oversight: Where automated systems are deployed, they are subject to human oversight by Radiate’s engineering and moderation teams. Automated processing does not make decisions that produce legal or comparably significant effects without meaningful human review.

Responsible AI Practices: Radiate Studio is committed to developing and deploying AI responsibly. We follow principles of transparency, human oversight, privacy protection, and fairness in all AI features. Learn more in our Responsible AI Statement at https://radiatestudio.ai/legal/responsible-ai.

Radiate Art may display AI-generated, AI-assisted, curated, edited, or user-facing creative content. Unless otherwise stated, Radiate Art content may be provided for viewing, inspiration, demonstration, community interaction, or showcase purposes and may not reflect a guarantee of copyrightability, uniqueness, accuracy, or suitability for commercial use.

6. Sharing and Disclosure

Radiate shares data only as necessary to operate the Services and comply with law:

Purpose - Recipient Infrastructure, hosting, and storage/CDN — DigitalOcean, Cloudflare, Firebase, Cloudinary Payments — Stripe (PCI-compliant) Authentication — Auth0, Google, Apple Analytics/monitoring — PostHog, Sentry, Hotjar, Firebase, and (where deployed) Google Analytics AI/model and media processing (feature-dependent) — providers may include OpenAI, Luma, Runway, Kling, fal.ai, Replicate, ElevenLabs, RunPod, and other integrated providers Legal/safety — authorities where required by law Business transfers — successors in mergers or acquisitions

Radiate transfers personal data to third parties only for limited and specified purposes and uses contractual safeguards requiring an equivalent level of protection. Where required by applicable law, Radiate remains responsible for onward transfers to third-party agents that process personal data on its behalf.

We do not sell or share personal information as defined under applicable law.

6.1

California "Preceding 12 Months" Disclosures. As of the Effective Date and during the preceding 12 months, Radiate has not sold personal information and has not shared personal information for cross-context behavioral advertising. As of the Effective Date and during the preceding 12 months, Radiate has not disclosed personal information for a business purpose. We will update these disclosures at least once every 12 months as required by applicable law.

7. Data Retention

We retain personal information only for as long as reasonably necessary for the disclosed purposes described in this Policy, unless a longer period is required or permitted by law.

Retention periods and criteria:

• Account and profile data: for the life of the account and up to 90 days after account deletion request completion.
• Project content (prompts, uploads, outputs, project files): until you delete the content or close your account; removed from active systems within up to 30 days, and from backup systems within up to 90 days.
• Billing, tax, and transaction records: up to 7 years, or longer if legally required.
• Security and audit logs: typically 12 months.
• Product analytics and diagnostics (event-level): typically 24 months, then deleted or de identified/aggregated.
• Support communications: up to 24 months after ticket closure.
• Legal claims, fraud prevention, and compliance records: retained as needed until the relevant matter is resolved and applicable limitation periods expire.

Where a legal hold or regulatory requirement applies, deletion may be delayed for affected records.

Radiate Art likes, comments, saves, shares, public interactions, and related moderation records: for the life of the account or until deleted, unless retained longer for safety, legal, abuse-prevention, dispute-resolution, or compliance purposes.

8. International Transfers

8.1 Radiate processes data in the United States and other locations where our providers operate.

8.2 Data Privacy Framework Notice.

Radiate Validator LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce. Radiate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Radiate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. Upon request, we will provide you with access to the personal information that we hold about you (See Section 2. “Information We Collect” for more details). You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to privacy@radiatestudio.ai. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose materially different from the purpose for which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@radiatestudio.ai.

For personal data received under the DPF, Radiate's DPF commitments are enforceable under U.S. law. Radiate is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. See Section 3 (How We Use Information - Content Safety, Moderation, and Review) of this policy for more details.

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to third party service providers who perform services for us or on our behalf, Radiate remains liable under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles, unless Radiate proves it is not responsible for the event giving rise to the damage. Radiate transfers personal data to third parties only for limited and specified purposes.

If you have a complaint about our handling of personal data received under the DPF, contact privacy@radiatestudio.ai. We will respond within 45 days. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Radiate commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the BBB National Programs, an independent dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for residual claims as provided in DPF Annex I. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

Radiate verifies its adherence to the DPF Principles through self-assessment. Radiate’s DPF certification does not cover human resources data.

9. Legal Bases for Processing (EEA/UK/CH)

Radiate relies on the following legal bases under Article 6 GDPR/UK GDPR:

• Contract (Art. 6(1)(b)): to create and manage your account, provide requested AI generation features, process subscriptions, and deliver customer support.
• Legitimate interests (Art. 6(1)(f)): to secure and monitor the Services, prevent fraud/abuse, enforce Terms, improve reliability, and perform internal analytics where consent is not required.
• Consent (Art. 6(1)(a)): for optional cookies/analytics and marketing communications where required by law. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with legal, tax, accounting, law-enforcement, and regulatory obligations.

Required vs optional data:

• Required to enter or perform the contract: account identifiers (for example, email/login credentials), billing information needed to process payment via our payment provider, and content you submit for requested generation tasks.
• Optional data: profile fields and optional preferences.
• If required data is not provided, we may be unable to create your account, process payment, or provide requested features.

10. Your Rights

For EEA/UK/Swiss users (EU/UK GDPR, FADP):

• Access your personal data.
• Request correction or erasure.
• Request export (data portability).
• Object to or restrict processing.
• Withdraw consent at any time (without affecting lawful processing before withdrawal).

For California users (CCPA/CPRA):

• Request to know categories and specific pieces of personal information collected.
• Request deletion of personal information.
• Request correction of inaccurate information.
• Opt out of sale or sharing of data (we do not sell data).
• Non-discrimination for exercising rights.

For Australian users (Privacy Act 1988 Cth):

• You have the right to access and request correction of your personal information held by Radiate. Requests can be made by emailing privacy@radiatestudio.ai.

Requests can be submitted using any of the following designated methods: (1) Privacy request form: https://radiatestudio.ai/legal/privacy-request, (2) Email: privacy@radiatestudio.ai, and (3) Mail: Radiate Validator LLC, 11239 Ventura Blvd, STE 103-#1318, Studio City, CA 91604, USA. Radiate will verify requests using reasonable and proportionate methods. Authorized agents may submit requests on your behalf with valid written authorization and identity verification information.

We will verify your identity and respond within the period required by law. Residents of certain U.S. states may have additional privacy rights under applicable law. Where required, we will honor such rights and provide an appeals process for denied requests, in accordance with applicable statutory timelines.

11. Security Measures

Radiate implements technical and organizational safeguards including:

• TLS encryption in transit
• Access controls and least-privilege policies
• Continuous monitoring and audit logs

While no system is 100% secure, we strive to protect your information and limit access to authorized personnel and processors only.

Radiate maintains a Vulnerability Disclosure Policy to support responsible security research. Details are available at https://radiatestudio.ai/legal/vulnerability-disclosure or by contacting security@radiatestudio.ai.

In the event of a personal data breach, we will notify affected individuals and regulators as required by applicable law.

12. Children’s Privacy

12.1

The Services are not directed to individuals under 18, and the Services are not available to individuals under 18.

12.2

Radiate does not knowingly collect personal data from minors.

12.3

If you believe that a minor has provided us with personal information, please contact us at privacy@radiatestudio.ai to request deletion.

13. Automated Processing and Profiling

Radiate uses automated systems solely to assist with AI content generation and preliminary content-safety screening; these systems do not make decisions that produce legal or similarly significant effects on users without meaningful human involvement. Decisions that may result in account suspension, termination, or other effects on your contractual relationship are not made solely by automated processing and are subject to human review prior to final enforcement, except where immediate action is required to prevent harm or comply with law. In such cases, affected users may request post-decision human review by contacting legal@radiatestudio.ai (or privacy@radiatestudio.ai), subject to any appeal timelines stated in our Terms of Service.

14. Enterprise Clients and Data Processing Addendum

For enterprise or custom integrations, Radiate may enter into a separate Data Processing Addendum (DPA) governing the handling of customer data.

Enterprise clients may request a signed copy of our standard DPA and security-control summary by emailing legal@radiatestudio.ai.

15. Changes to This Policy

We may update this Policy periodically. Material changes will be notified in-app, by email where available, or through other reasonable means as required by applicable law.

The “Effective Date” above indicates the latest version.

If we make material changes, we will update the Effective Date accordingly.

Continued use of the Services after any changes take effect constitutes your acknowledgement of the revised Policy, except where applicable law requires a different form of consent or where we require renewed in-product acceptance.

A changelog or prior versions of this Policy are available upon request.

Your use of the Services is also governed by our Terms of Service, available at https://radiatestudio.ai/legal/terms.

16. Contact Us

Radiate Validator LLC 11239 Ventura Blvd, STE 103-#1318 Studio City, CA 91604 privacy@radiatestudio.ai

If you are located in the EEA, UK, or Switzerland and believe we have not resolved your complaint, you have the right to contact your local data-protection authority.

If you are located in Canada and have a privacy concern, you may contact us at privacy@radiatestudio.ai. Radiate complies with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and follows its ten Fair Information Principles for personal-data handling, including accountability, consent, and individual access rights. You also have the right to contact the Office of the Privacy Commissioner of Canada (OPC) regarding unresolved complaints.

If you are located in Australia and have an unresolved privacy concern, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

If you require this Privacy Policy in an alternative format due to a disability, please contact us at accessibility@radiatestudio.ai.