Privacy
/legal/privacy
Last updated: 2026-04-24 — placeholder copy pending legal review (PREP-C1).
What we collect
- Account data: email, display name, and profile picture from Google OAuth.
- Usage data: prompts you submit, generations you create, and credit ledger activity.
- Technical data: IP address and device fingerprint for anti-abuse.
What we do not collect
- We do not use cookies for advertising. Our analytics provider (Plausible) is cookieless.
- We do not sell or rent your personal data.
How we use your data
- Deliver the Service (generate your requested outputs, store them for 30 days)
- Prevent abuse (rate-limiting, fraud detection)
- Improve the Service (aggregated, anonymized metrics)
Who we share with
Only the subprocessors strictly needed to run the Service:
- Supabase (authentication, database, realtime)
- Cloudflare R2 (generated media storage)
- piapi.ai (upstream model routing)
- Resend (transactional email)
- Vercel (hosting)
- Upstash (rate-limit counters)
- Plausible (cookieless analytics)
Your rights
You may request access, correction, export, or deletion of your data by emailing the support address in the footer. We respond within 30 days.
Retention
- Generations: 30 days after creation, then deleted.
- Account metadata: retained while your account is active; deleted 90 days after account closure.
Contact
Questions? Email us — the contact address is listed in the footer.