Effective Date: June 6, 2026 | Last Updated: June 6, 2026
This Privacy Policy describes how Phlegethon ("Website," "we," "us," or "our") collects, uses, stores, shares, and protects personal data in connection with the website at phlegethon.icu and all associated services (the "Service").
Phlegethon operates under the laws of the State of Israel, including the Protection of Privacy Law, 5741-1981 ("PPL") and its Amendment No. 13 (effective August 14, 2025). Israel has been recognized by the European Commission as providing an adequate level of data protection equivalent to the EU GDPR, meaning that transfers of personal data from the European Economic Area (EEA) to Phlegethon are lawful without requiring additional transfer mechanisms.
For all privacy-related inquiries: Phlegethon@zipchat.email
We collect only the minimum data necessary to provide, secure, and improve the Service.
| Category | Specific Data | Purpose |
|---|---|---|
| Account Data | Email address, username, hashed password | Account creation, authentication, communication |
| Usage Data | Processing history, credits used, job IDs, timestamps | Service delivery, billing, abuse prevention |
| Payment Data | Transaction IDs, payment method type, amounts | Billing, fraud prevention, financial compliance |
| Technical Data | IP address, browser type, device type, session data | Security, fraud detection, service optimization |
| User Content | Images and videos you upload for processing | Processing your requests only — see Section 4 |
| Communications | Emails and messages you send to our addresses | Responding to your inquiries |
| Compliance Data | Account identifiers, IP history, ban records | Fraud prevention, ban enforcement, legal compliance |
We do not collect: government-issued identification numbers, biometric templates, precise geolocation data, or special categories of sensitive personal data beyond what is inherent in User Content you choose to submit.
We process your personal data on the following legal bases under the PPL (as amended by Amendment 13) and, where applicable, the GDPR:
Performance of a contract: Processing your account data, usage data, and payment data is necessary to provide the Service you have contracted for.
Legitimate interests: Processing technical data for security, fraud prevention, ban enforcement, dispute resolution, and service integrity represents our legitimate business interests, including preventing chargebacks and credit abuse, enforcing permanent bans, and protecting the rights of third parties.
Legal obligation: We process and retain certain data where required by applicable Israeli law, including financial record-keeping obligations under Israeli tax law, and where required by valid court orders or law enforcement requests.
Consent: Where we rely on consent for any specific processing activity, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
Your uploaded images and videos ("User Content") receive the highest level of privacy protection we can provide.
Content access and handling. Phlegethon may, at its sole discretion and without obligation, access or review User Content for purposes including legal compliance, fraud prevention, enforcement of these Terms, and responding to law enforcement requests. Phlegethon's exercise or non-exercise of this right does not constitute endorsement of any User Content.
No AI training. We do not use your User Content to train, fine-tune, improve, benchmark, or develop any AI model, whether our own or any third party's.
No sharing. We do not share, sell, license, rent, or otherwise disclose your User Content to any third party, except as required by a valid legal order from a competent authority.
Storage and deletion. Processed outputs are stored in your account gallery. When you delete an item, it is removed from your visible dashboard. Phlegethon may, however, retain copies of any media submitted to the Service — including original uploads, processed outputs, videos, and any other content — for an unspecified period following dashboard deletion, where Phlegethon determines that retention may be necessary for legal compliance, investigation of potential violations, response to law enforcement, or any other legitimate purpose. Phlegethon is under no obligation to disclose whether copies have been retained or for how long. All User Content is additionally subject to purge after 30 days of account inactivity, subject to the foregoing retention rights.
Isolation. Your User Content is stored in access-controlled, isolated storage. No other user can access your content.
We use your personal data exclusively for the following purposes: providing, operating, maintaining, and improving the Service; processing your image and video requests and delivering results; managing your account, credits, and payments; detecting, preventing, and investigating fraud, abuse, chargebacks, and security incidents; enforcing permanent bans and preventing re-registration by banned users; complying with legal obligations; communicating with you about your account; and enforcing our Terms of Service.
We do not use your personal data for: advertising to you, selling to data brokers, profiling for third-party marketing, or any purpose not listed above.
We do not sell your personal data. We share data only in the following limited circumstances:
Service providers. We engage trusted third-party service providers for cloud infrastructure, payment processing, and email delivery. These providers act as data processors under our instruction and are contractually prohibited from using your data for any purpose other than providing services to us.
Legal requirements. We may disclose your data if required by applicable law, regulation, court order, subpoena, or governmental authority. Where legally permitted, we will attempt to notify you of such a request before complying.
Business transfers. In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity, subject to the same privacy protections described in this Policy.
Protection of rights and safety. We may disclose data where necessary to protect the rights, property, or safety of Phlegethon, our users, or the public, including to prevent fraud, abuse, or NCII.
We will not voluntarily disclose your User Content (images/videos) to any third party except as required by a valid legal order.
7.1 Standard Retention Periods.
| Data Type | Retention Period |
|---|---|
| User Content (images/videos) | 30 days of account inactivity, or until you delete |
| Account profile data | Duration of account + 90 days after closure |
| Financial and billing records | 7 years (Israeli tax and accounting law) |
| Technical and security logs | 90 days |
| Support communications | 2 years |
| Compliance/ban records | Indefinitely (see Section 7.2) |
7.2 Retention Overriding Deletion Requests. Phlegethon does not process account closure or deletion requests submitted by users. Furthermore, under the PPL (as amended) and applicable international standards, Phlegethon retains the right — and in certain cases is legally obligated — to retain personal data indefinitely, including any media files submitted to the Service. Phlegethon does not guarantee full deletion of any personal data or media files upon any request. The following constitute lawful grounds for retaining data notwithstanding any deletion request:
You acknowledge that Phlegethon's legitimate interests in fraud prevention, financial compliance, dispute resolution, ban enforcement, and platform integrity constitute lawful grounds under applicable law for retaining your data notwithstanding any deletion request.
Depending on your jurisdiction, you may have the following rights, all subject to the limitations described in Section 7.2 and applicable law: right of access; right to rectification; right to erasure (subject to legitimate retention grounds); right to restriction of processing; right to object to processing based on legitimate interests; and right to withdraw consent.
To exercise any of these rights, contact us at Phlegethon@zipchat.email. We will respond within 30 days. We may need to verify your identity before processing your request. We reserve the right to deny requests that are manifestly unfounded, excessive, or that conflict with the retention grounds in Section 7.2.
EEA Users: If you are located in the EEA and believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection supervisory authority.
We implement industry-standard technical and organizational security measures to protect your personal data, including: encryption of data in transit (TLS 1.2+) and at rest (AES-256); access controls limiting data access to authorized personnel only; isolated, access-controlled storage for User Content; secure credential hashing; and regular security monitoring.
No method of transmission over the internet or electronic storage is 100% secure. While we implement all reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that poses a material risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.
We use only strictly necessary session cookies required for authentication and Service functionality. We do not use advertising cookies, third-party behavioral tracking cookies, or cross-site tracking technologies. We use privacy-respecting, anonymized analytics to understand aggregate usage patterns. This data is not linked to individual users.
Phlegethon is based in Israel. If you access the Service from outside Israel, your data will be transferred to and processed in Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection equivalent to the EU GDPR, meaning that transfers from the EEA to Israel are lawful without additional safeguards.
The Service is strictly for individuals 18 years of age and older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete that data immediately and terminate the associated account. If you believe we have inadvertently collected data from a minor, contact us immediately at Phlegethon@zipchat.email.
If you believe that content processed through the Service depicts you without your consent, contact us immediately at Phlegethon@zipchat.email with the subject "NCII Takedown Request." We will investigate and take appropriate action, including content removal, within 48 hours of receiving a complete and verified notice. See our Terms of Service, Section 7, for full details.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address or by prominent notice on the Service at least 14 days before taking effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
All inquiries including privacy, legal matters, NCII takedowns, and general support: Phlegethon@zipchat.email