Legal

Privacy Policy

We built Aestiora as a browse-and-download platform. We collect as little personal data as possible, and we are transparent about everything we do collect. This policy explains what that is, why, and how.

At a Glance

The Short Version

Aestiora does not require you to create an account. You can browse and download images without providing any personal information. The limited data we do collect — such as server logs and analytics — is used solely to operate and improve the platform, and is never sold to third parties.

No Account Required

You can browse the full collection and download images without registering or logging in. We do not collect your name or email address simply from your visit.

Your Data Is Never Sold

We do not sell, rent, or share your personal information with third parties for their own marketing or commercial purposes. Ever.

Transparent Data Use

We use Google Analytics to understand how the site is used, and Google AdSense to serve ads. Both are disclosed fully in this policy. Your data is never sold to other parties.

Full Policy

All Sections

This Privacy Policy applies to all visitors and users of the Aestiora website at aestiora.com. By using the platform, you acknowledge that you have read and understood this policy. If you have any questions, contact us at the address listed in Section 10.

Section 1

Who We Are

Aestiora ("we", "us", "our") operates the website at aestiora.com — an AI-evaluated royalty-free image platform. We are the data controller responsible for the personal data processed in connection with your use of this website.

For the purposes of applicable data protection law, including the General Data Protection Regulation (GDPR) where applicable, references to "personal data" mean any information relating to an identified or identifiable natural person.

Section 2

What Data We Collect

We collect a minimal set of data, categorized as follows:

Data Type What It Includes How It Is Collected
Server Log Data IP address, browser type, operating system, referring URL, pages visited, timestamps, HTTP response codes Automatically by our web server on every page request
Analytics Data Aggregated, anonymized usage patterns — pages viewed, search queries entered, time on page, download events Via analytics software (see Section 5)
Search Queries The text you type into the search bar and the filters you apply When you perform a search on the platform
Advertising Data Ad interaction data including impressions, clicks, and inferred interests used to serve relevant ads. May include cookie identifiers and browser characteristics. Via Google AdSense when ads are displayed on the platform (see Section 5)
Contact Data Name and email address, if you contact us directly via email Voluntarily provided by you when you initiate contact

We do not collect payment information, government identification, precise geolocation data, or any special categories of sensitive personal data.

Section 3

How We Use Your Data

We use the data we collect for the following purposes, each supported by a lawful basis under applicable data protection law:

  • To operate and deliver the platform — serving web pages, processing search queries, and enabling image downloads. Lawful basis: legitimate interests in providing the service.
  • To monitor and improve platform performance — understanding which features are used, diagnosing technical errors, and optimizing page load times. Lawful basis: legitimate interests in maintaining a functional and improving service.
  • To prevent abuse and ensure security — detecting and blocking automated scraping, denial-of-service attempts, and other misuse of the platform. Lawful basis: legitimate interests in protecting the platform and its users.
  • To serve relevant advertisements — Google AdSense displays ads on the platform. Ad serving may involve the use of cookies and your browsing data to show ads relevant to your interests. You may opt out of interest-based advertising via Google's Ad Settings. Lawful basis: consent (where required) or legitimate interests in generating revenue to sustain the free platform.
  • To respond to your enquiries — if you contact us directly, we use the information you provide solely to respond. Lawful basis: contract performance or legitimate interests in responding to communications.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

Section 4

Cookies & Tracking Technologies

Aestiora uses cookies and similar technologies for site functionality, analytics, and advertising. The following categories of cookies may be set when you visit the platform:

Cookie Type Purpose Duration
Strictly Necessary Session management, security tokens, and load-balancing. Required for the site to function. Cannot be disabled. Session / up to 24 hours
Analytics Set by Google Analytics to track page views, session duration, traffic sources, and user navigation patterns. Data is used in aggregate to improve the platform. IP addresses are anonymized where possible. Up to 24 months
Advertising Set by Google AdSense to display relevant advertisements, measure ad performance, and limit how often you see the same ad. May use your browsing history across sites to infer interests. Up to 13 months
Preference Remembering UI preferences such as search filters or display settings you have configured. Up to 12 months

Where consent is required by applicable law (for example, for analytics and advertising cookies under GDPR or ePrivacy rules), we will request your consent before setting those cookies. You may withdraw consent at any time by clearing your browser cookies, adjusting your browser's cookie settings, or using the Google Ad Settings page to manage interest-based advertising preferences.

Section 5

Third-Party Services

We use the following third-party services to operate the platform. Each acts as a data processor or independent data controller under applicable law, and each has its own privacy policy governing their data practices:

  • Google Analytics — We use Google Analytics (provided by Google LLC) to collect anonymized data about how visitors use the platform, including pages visited, session duration, traffic sources, and device types. Google Analytics uses cookies and may transfer data to Google's servers. We have enabled IP anonymization. Google's data practices are governed by the Google Privacy Policy. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
  • Google AdSense — We use Google AdSense (provided by Google LLC) to display advertisements on the platform. AdSense may use cookies, device identifiers, and your browsing history to serve ads tailored to your interests. Google acts as an independent data controller for data collected through AdSense. You can manage your ad personalization preferences via Google Ad Settings or opt out of interest-based advertising through the NAI opt-out tool.
  • Web Hosting & CDN — Our infrastructure provider hosts the website and serves content globally. Server log data is processed on their infrastructure under a GDPR-compliant data processing agreement.

These third-party services may independently collect data about you subject to their own privacy policies. We are not responsible for the data practices of third-party services beyond our contractual agreements with them.

Section 6

Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law:

  • Server log data is retained for up to 90 days for security monitoring and troubleshooting, then permanently deleted.
  • Anonymized analytics data is retained for up to 26 months in aggregate form, after which it is deleted or further aggregated without any linkage to individual sessions.
  • Contact correspondence (emails you send to us) is retained for up to 2 years from the date of last contact, or longer if required by law or ongoing dispute resolution.

When retention periods expire, data is securely deleted or anonymized beyond reasonable recovery. We do not archive personal data indefinitely.

Section 7

Data Security

We implement technical and organizational measures appropriate to the risk level of the data we process. These include:

  • Encryption of data in transit via TLS 1.2 or higher (HTTPS) on all platform endpoints
  • Access controls limiting data access to personnel who require it for operational purposes
  • Regular review of third-party service providers' security posture and data processing agreements
  • Automated server log rotation and deletion according to our retention schedule

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by applicable law.

Section 8

Your Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data. To exercise any of these rights, contact us using the details in Section 10. We will respond within the timeframe required by applicable law (typically 30 days).

Right of Access
You may request a copy of the personal data we hold about you and information about how it is being used.
Right to Rectification
You may request that we correct any personal data we hold about you that is inaccurate or incomplete.
Right to Erasure
You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other lawful basis applies.
Right to Restriction of Processing
You may request that we restrict the processing of your personal data in certain circumstances, such as while a dispute over its accuracy is resolved.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you may request your personal data in a structured, commonly used, machine-readable format.
Right to Object
You may object to processing carried out on the basis of our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.
Section 9

Children's Privacy

Aestiora is not directed at children under the age of 13, and we do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us using the details in Section 10 and we will promptly delete it. If you are located in the European Economic Area, the applicable age threshold may be higher under your country's national law.

Section 10

Changes to This Policy & How to Contact Us

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of Aestiora after any changes constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your personal data, please contact us at:

Aestiora
Privacy Enquiries
Email: [email protected]
Website: www.aestiora.com

Last updated: June 2025. We aim to respond to all privacy-related enquiries within 30 days.