01 Cookie table
We use the following cookies. Essential cookies are set automatically; analytics and advertising cookies require your consent where required by law.
| Cookie / Identifier | Purpose | Provider | Retention | Type | Opt‑in required |
|---|---|---|---|---|---|
| sessionid | Authenticates user session | makeitshot.ai | Session | Essential | No |
| csrftoken | CSRF attack protection | makeitshot.ai | 1 year | Essential | No |
| cookie_consent | Stores consent preferences | makeitshot.ai | 1 year | Essential | No |
| _ga, _ga_* | Anonymous analytics — Google Analytics 4 | Google LLC | 2 years | Analytics | Yes (EEA/UK) |
| amp_*, ajs_user_id | Amplitude product analytics identifiers | Amplitude, Inc. | 2 years | Analytics | Yes (EEA/UK) |
| _fbp | Advertising & conversion tracking — Facebook Pixel | Meta Platforms, Inc. | 3 months | Advertising | Yes |
02 Subprocessors
| Processor | Role | Location | Transfer mechanism |
|---|---|---|---|
| PythonAnywhere | Application hosting & servers | United States | Data controller agreement |
| GoDaddy | Domain registrar & DNS | United States | DPA / SCCs where applicable |
| Stripe / PayPal | Payment processing | United States | SCCs & PCI‑DSS compliant |
| Google LLC | Analytics (GA4) | United States | SCCs (EU‑US Data Privacy Framework) |
| Amplitude, Inc. | Product analytics | United States | SCCs / DPF |
| Meta Platforms, Inc. | Advertising pixel | United States | SCCs / DPF |
| AI model providers (various) | AI generation APIs | United States & other | Per‑provider DPA |
Additional subprocessors may be added. A current list is available on request via info@makeitshot.ai.
03 International data transfers
All primary data is stored in the United States (PythonAnywhere). For transfers of EEA or UK personal data to the US we rely on:
- Standard Contractual Clauses (SCCs) — Module 2 (Controller‑to‑Processor) where we act as controller and the processor is based in a third country.
- EU‑US & UK‑US Data Privacy Framework — where the processor is a DPF‑certified participant.
- Consent — for specific one‑off transfers where appropriate.
Contact info@makeitshot.ai to receive executed SCC documentation.
04 AI model provider handling
When you use features backed by third‑party AI model APIs, your prompts and generated outputs may be sent to and processed by those providers. Each provider has its own data retention and use policies:
- Review the relevant provider's data processing terms before submitting sensitive or personal data in prompts.
- Make It Shot does not control how model providers store or use prompts beyond their stated policies.
- Enterprise or API customers may request zero‑data‑retention options where available from the provider.
05 Data subject request (DSR) procedure
To exercise any of your rights under GDPR or applicable privacy law:
- Email info@makeitshot.ai with the subject line "Data Subject Request".
- Include your registered email address and a brief description of the request (access, deletion, portability, etc.).
- Attach or provide a valid proof of identity (e.g., redacted government ID or verification via your registered email).
- We will acknowledge your request within 5 business days and respond substantively within 30 days (extendable to 90 days for complex requests, with notice).
06 Data Processing Addendum (DPA) & SCC
Enterprise or B2B customers who require a signed Data Processing Addendum or copies of executed Standard Contractual Clauses for compliance purposes should contact us:
- info@makeitshot.ai
- Subject line
- DPA / SCC request
- Response time
- Within 10 business days
07 Contact
For any legal, privacy or compliance inquiries: info@makeitshot.ai