Privacy Policy.

This Privacy Policy explains how GARGATE, operated under BSTN Innovation Studio, collects, uses, stores, protects, and deletes information when users access AI models, upload media, create QRIS payments, or check generated results.

By using the service, users acknowledge that AI processing, payment processing, security verification, and result retrieval require limited technical data to be processed by our systems and trusted service providers.

We may process AI request inputs, uploaded files or file URLs, selected model identifiers, request configuration, pricing data, Payment ID, process status, QRIS payment metadata, output URLs, error metadata, timestamps, webhook delivery records, and technical audit data.

For abuse prevention and operational security, we may store hashed IP addresses, hashed user-agent values, Turnstile verification metadata, request identifiers, and server-side logs. We do not intentionally store raw IP addresses for user-facing identification.

GARGATE does not require user accounts. Access to a transaction or generated output is based on possession of the relevant Payment ID or process identifier. Anyone who has that identifier may be able to view the related status and output page.

Users are responsible for storing Payment IDs securely and sharing them only with trusted parties. We cannot verify identity through an account login because the service is intentionally designed without user registration.

AI inputs are processed to validate model schemas, calculate pricing, submit tasks to the selected AI provider, and receive results. Uploaded media may be forwarded to upstream AI infrastructure when required by the selected model.

Generated outputs are typically stored as URLs or structured metadata so users can retrieve results later. Results are not guaranteed to remain available indefinitely and may be removed under retention rules, provider availability limits, or operational requirements.

QRIS payments are processed through BSTN Payment Gateway. Payment metadata may include amount, payable amount, admin fee, unique code, payment status, expiry time, payment page URL, and provider response data required for reconciliation and audit.

We do not store card data because the service uses QRIS payment flows. Payment confirmation is received through verified webhooks and may also be refreshed through server-side recovery checks.

We use Cloudflare Turnstile, server-side validation, request schema validation, rate-limiting signals, webhook signature verification, server-only API keys, and least-necessary data exposure to protect the service.

Secrets such as AI provider keys, payment gateway keys, webhook secrets, database credentials, and encryption keys are never intentionally exposed to the browser.

Generated results may be automatically deleted after 30 days. Request payloads may be encrypted at rest and may be purged after submission to the AI provider when the configured purge policy is enabled.

Operational records such as payment status, webhook events, audit timestamps, and error metadata may be retained longer where required for reconciliation, fraud prevention, dispute handling, service debugging, or legal compliance.

The service relies on infrastructure and providers including payment gateway services, AI model providers, media upload endpoints, hosting infrastructure, database infrastructure, and security verification services.

Third-party providers process data according to their own technical requirements and policies. We send only the information necessary to perform the requested service.

Users must not submit unlawful, abusive, infringing, harmful, or privacy-invasive content. Users must also ensure that they have the necessary rights and permissions for any uploaded media, prompts, or reference materials.

Users should download or save important outputs promptly and keep Payment IDs confidential where privacy is required.

For privacy, payment, access, or operational questions, contact BSTN Innovation Studio through the official contact channels listed on the Contact page.