ImageSpot / XOR SOLUTIONS LIMITED
Digital content website and AI image-generation service
| Website operator | XOR SOLUTIONS LIMITED Company No. 15744696 Registered office: Flat 44 Ennerdale House, 121 Hamlets Way, London, England, E3 4TY |
| Website | image-spot.com Contact: info@image-spot.com |
| Policy scope | This Cookie Policy explains how cookies and similar technologies may be used on the Website, including customer account areas, checkout flows, image-generation interfaces, analytics pages, and related support or security functions. |
| Important note | The exact cookies and tools actually active on the Website may change over time. This policy describes the functional categories and governance approach used by ImageSpot. A consent banner or preference tool should be aligned with the technologies actually deployed. |
| Last updated | 11 March 2026 |
| Cookie governance snapshot Strictly necessary cookies may be used without consent where they are required for core site, login, checkout, security, or load-balancing functions. Analytics, performance, personalization, and advertising cookies should only be set where the applicable legal basis exists, typically consent for UK/EEA users where required. Generation credits/tokens, account sessions, basket status, and anti-fraud workflows may rely on device/session identifiers that are operationally necessary. Users should be able to manage non-essential cookie preferences via the site banner or settings tool, and may also control certain technologies through browser settings. This policy avoids listing phone numbers and uses info@image-spot.com as the principal contact channel for cookie-related queries. |
1. Purpose of this policy
This Cookie Policy explains how XOR SOLUTIONS LIMITED (trading through the ImageSpot website) uses cookies and similar technologies when visitors browse the Website, create an account, purchase AI-generated image content, buy or redeem generation credits/tokens, use the image-generation module, or interact with support and security functions.
A cookie is a small text file or similar identifier stored on or accessed from a user device. Comparable technologies can include pixels, tags, scripts, SDKs, local storage objects, and other identifiers that help a website recognise a browser or device over time or across sessions.
2. Who controls these technologies
For first-party technologies deployed directly through the Website, the controller is XOR SOLUTIONS LIMITED, Company No. 15744696, registered office at Flat 44 Ennerdale House, 121 Hamlets Way, London, England, E3 4TY. Questions about this Cookie Policy may be sent to info@image-spot.com.
Some technologies may be set by third-party service providers acting on behalf of ImageSpot or, in some cases, by independent third parties whose tools are embedded into the Website. Where third-party technologies are used, ImageSpot intends to configure them in line with the applicable legal basis and its broader privacy governance framework.
Cookie categories and typical uses
| Category | Purpose | Typical examples | Consent position | Indicative duration |
| Strictly necessary | Enable core website and transaction functions. | session ID, login authentication, cart or checkout state, security token, load balancer, consent storage | Usually no consent required where genuinely necessary | Session to 12 months depending on function |
| Preferences | Remember user choices and interface settings. | language choice, region, display preference, saved generator settings | Usually consent where not strictly necessary | Session to 12 months |
| Analytics / performance | Measure traffic, diagnose issues, improve UX and performance. | page view counter, event analytics, conversion tracking, error telemetry, A/B testing | Usually consent required | Minutes to 24 months depending on tool |
| Functional personalization | Tailor content or remember non-essential behaviour. | recent prompts, favourites, recommendation hints, feature adoption markers | Usually consent required unless strictly necessary for requested feature | Session to 12 months |
| Advertising / remarketing | Support campaign measurement or targeted marketing. | ad attribution, retargeting pixel, marketing audience identifier | Consent required | Days to 24 months depending on provider |
3. Why ImageSpot uses cookies and similar technologies
- to operate essential website functions, including account login, session continuity, checkout flow, and security controls;
- to remember preferences or settings selected by the user;
- to support the purchase, crediting, and redemption of generation credits/tokens within the platform;
- to improve website speed, stability, diagnostics, and user experience;
- to measure traffic, campaign effectiveness, and general service performance where permitted;
- to detect fraud, abuse, account compromise, scraping, automated misuse, or other activity inconsistent with the Terms and Conditions;
- to support the operation of embedded tools, payment pages, analytics dashboards, or customer communication workflows where deployed.
Illustrative technology map
The table below is an illustrative governance schedule showing the types of tools or technologies that may be used on a website like ImageSpot. It is not a promise that every listed item is currently active. Operational deployment should always be reconciled to the actual cookie banner and tag inventory.
| Technology / identifier type | Operational purpose | Typical data points | Notes |
| Session cookie | Maintain secure browsing state and user session | random session identifier, timestamp, CSRF token | Usually essential for login and checkout |
| Local storage token | Preserve client-side settings or temporary generation state | preference flags, saved draft prompt, rate-limit marker | May require consent if not strictly necessary |
| Analytics tag | Measure traffic, engagement and funnel performance | page URLs, approximate geolocation, browser type, referral source | Use should match the consent banner configuration |
| Security / anti-fraud marker | Detect abuse, bots, suspicious checkout or account activity | IP-derived signals, device fingerprinting elements, anomaly scores | Can be important for fraud prevention and platform integrity |
| Payment provider token | Support secure payment routing and transaction integrity | transaction reference, checkout state, anti-fraud nonce | May be set by the payment service provider or embedded checkout |
| Embedded third-party content cookie | Support media, maps, social or external widgets if used | service-specific device/session identifiers | Should be disabled until consent where legally required |
4. Legal basis and consent approach
ImageSpot intends to distinguish between technologies that are strictly necessary for the operation of the Website and those that are not. Strictly necessary technologies may be used where they are essential to provide the service requested by the user or to maintain the security and integrity of the Website. Non-essential technologies, such as analytics, advertising, or non-essential personalization tools, should only be used where the applicable legal basis exists, which for UK and EEA users will often be consent.
Where consent is required, users should be given a clear cookie banner or preference mechanism allowing them to accept, reject, or manage non-essential categories. Withdrawal of consent should be as easy as giving it, subject to the technical capabilities of the Website and the third-party tools in use.
5. Browser settings and user controls
Most web browsers allow users to review, block, or delete cookies. Users can usually control cookie behaviour through browser settings, extension tools, or device-level privacy controls. However, blocking strictly necessary technologies may cause certain website functions to become unavailable or unstable, including secure login, checkout, generation workflows, saved baskets, or token/credit management.
Where the Website provides a cookie banner, consent manager, or settings panel, users should use that tool first for category-level choices. Browser controls may not always fully disable certain local storage items, server-side tracking features, or third-party technologies already loaded before settings are updated.
6. Third-party services and embedded content
ImageSpot may use third-party processors or service providers for hosting, payments, analytics, security, support, communications, content delivery, or embedded services. Those providers may place or read cookies and similar identifiers either as processors on ImageSpot instructions or, in certain cases, as independent controllers under their own privacy notices.
If the Website embeds third-party content such as payment widgets, media, maps, social features, chat tools, or analytics scripts, those providers may collect technical data directly from the user device. ImageSpot aims to implement such services in a manner consistent with applicable law and the Website consent settings.
7. Credit/token flows and AI-generation module
Because the Website includes a non-subscription model for purchasing and consuming generation credits/tokens, certain identifiers may be used to preserve user session state, authenticate access to generation functionality, prevent duplicate or abusive requests, support order integrity, and evidence token consumption or non-delivery events. These identifiers may be strictly necessary where they are essential to the operation of the requested digital service.
The image-generation module may also rely on short-term local storage or session-level identifiers to preserve prompt state, output retrieval, queue position, content-delivery workflow, anti-fraud controls, or error-recovery functions. Any such implementation should remain proportionate and consistent with ImageSpot’s privacy and security objectives.
8. Retention periods
Cookies and similar technologies may be session-based, meaning they expire when a browser is closed, or persistent, meaning they remain for a defined period after a session ends. Retention depends on the purpose of the technology, the tool provider, and the operational need. ImageSpot intends to avoid keeping non-essential identifiers for longer than reasonably necessary for the relevant purpose.
Users can usually remove stored cookies earlier through browser or device settings. Clearing cookies may reset preferences, log users out of their account, or affect website functionality.
9. International transfers
Some third-party technology providers may process related personal data outside the United Kingdom. Where personal data collected through cookies or similar technologies is transferred internationally, ImageSpot intends to rely on appropriate safeguards where legally required, as further described in the Website Privacy Policy.
10. Changes to this policy
ImageSpot may update this Cookie Policy from time to time to reflect changes in website functionality, legal requirements, service providers, tracking technologies, or operational practice. The latest version should be made available on the Website together with its most recent update date. Material changes to the consent approach should, where appropriate, be reflected in the cookie banner or preference tool.
11. Contact
Questions, requests, or complaints relating to this Cookie Policy may be sent to info@image-spot.com.
Registered office: Flat 44 Ennerdale House, 121 Hamlets Way, London, England, E3 4TY.