Privacy

Privacy Policy

Last updated: 31 January 2026

1. Overview

This Privacy Policy explains how we collect, use, and protect your information when you use our application (“Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information we collect

We may collect the following categories of information:

2.1 Account information

  • Email address
  • Authentication-related information

Authentication, user management, and primary data storage are provided by Supabase. We store only the data needed to create and maintain your account and provide the Service.

2.2 Usage data and analytics

We may collect data about how you access and interact with the Service, such as:

  • IP address and approximate location (city/region level).
  • Browser type and version.
  • Device information.
  • Pages visited and actions performed within the app.
  • Timestamps and error logs.

We use PostHog for product analytics to understand how users interact with the Service. PostHog collects:

  • Page views and navigation patterns.
  • Feature usage and interactions (such as sign-ups, logins, and checkout events).
  • Error and exception data to help us fix bugs.
  • Device and browser information.

PostHog data is used solely to improve the Service and is not sold or shared for advertising purposes.

Our hosting provider Vercel may also collect logs and performance metrics as part of providing hosting and infrastructure.

2.3 Security and abuse prevention

We use Cloudflare Turnstile to protect our forms and services from automated abuse. Turnstile may process technical signals such as your IP address, browser details, and device characteristics to determine whether requests are legitimate.

2.4 Content you provide

When you use the Service, you may save:

  • Bookmarks and related metadata.
  • Collections and their structure.
  • Optional notes and other content.
  • Profile information, including avatar images.
  • Images uploaded to the Canvas feature.

This data is stored in our database managed via Supabase and accessed through Prisma (our ORM/data-access layer). Prisma itself does not permanently store your data; it is a tool we use to interact with the database.

Avatar images and other files may be stored in Supabase Storage or similar storage services.

Images uploaded to our Canvas feature are stored on Cloudflare Images for fast, global delivery. Cloudflare may process metadata associated with these images as part of their hosting service.

2.5 AI-powered features

We use Google Gemini (via the Gemini API) to provide AI-powered analysis of images you upload to the Canvas feature. When you upload an image:

  • The image is sent to Google's servers for analysis.
  • Google may process and temporarily store image data as part of providing the AI service.
  • Analysis results (such as generated titles, descriptions, tags, and color palettes) are stored in our database.

Google's processing of your data is subject to Google's own privacy policies.

We also use Cloudinary for image upscaling features. When you use the upscale feature, your image is processed by Cloudinary's AI services and temporarily stored on their infrastructure.

2.6 Payment and billing information

Subscriptions and payments are processed by Stripe, our payment provider.

  • Stripe may collect your name, email address, payment method details, billing address, VAT or tax information, and transaction history.
  • We do not store your payment card details on our own servers.

Your payment data is handled according to Stripe’s own terms and privacy policy.

3. How we use your information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and manage sessions.
  • Store your bookmarks, collections, and related data.
  • Process payments and manage subscriptions (through Stripe).
  • Monitor usage and performance to ensure stability.
  • Detect, prevent, and address technical or security issues.
  • Communicate with you about updates, changes, or support requests.

We do not sell your personal information.

4. Third-party providers

We rely on the following third-party providers:

  • Supabase – authentication, database, and storage. Your account data, bookmarks, collections, and media may be stored on Supabase-managed infrastructure.
  • Prisma – ORM/data-access layer. It facilitates secure access to the database but does not independently store long-term copies of your data.
  • Stripe – billing, payment processing, and tax handling. All subscription and payment workflows go through Stripe.
  • Vercel – hosting and infrastructure. Vercel may process your IP address, request logs, and basic usage data as part of serving the app.
  • Cloudflare Turnstile – bot and abuse prevention on forms. It may process technical signals (such as IP address, browser information, and device characteristics) to assess request legitimacy.
  • Cloudflare Images – image hosting and delivery for the Canvas feature. Images you upload are stored and served globally via Cloudflare's infrastructure.
  • Google Gemini – AI-powered image analysis for the Canvas feature. Images are processed by Google's AI services to generate metadata such as titles, descriptions, and tags.
  • Cloudinary – image processing and AI upscaling. When you use the upscale feature, images are processed by Cloudinary's infrastructure.
  • PostHog – product analytics and error tracking. PostHog collects usage data to help us understand how the Service is used and identify issues. Data is processed on PostHog's US-based infrastructure.

These providers process data under their own terms and privacy policies. We choose providers that are reputable and that take security and privacy seriously.

5. Legal bases for processing (if applicable)

If you are located in the European Economic Area (EEA), the United Kingdom, or a similar jurisdiction, we process your personal data on the following legal bases:

  • Contract – to provide the Service you request.
  • Legitimate interests – to operate, secure, and improve the Service.
  • Consent – where required for certain optional features or communications.
  • Legal obligations – to comply with tax, accounting, or other legal requirements.

6. Data retention

We retain your personal data for as long as necessary to:

  • Provide the Service and maintain your account.
  • Comply with legal obligations (for example, tax and accounting records via Stripe).
  • Resolve disputes and enforce agreements.

When you delete your account, we will:

  • Remove or anonymize your personal data from our primary systems within a reasonable time, subject to legal retention requirements.
  • Retain data where we are legally required to do so (e.g., invoices and payment records handled by Stripe).

Backups may retain some data for a limited period before being overwritten.

7. Data security

We take reasonable technical and organizational measures to protect your information, including:

  • Access controls and authentication.
  • Use of reputable infrastructure providers (Supabase, Vercel).
  • Use of Prisma as a structured data-access layer to interact with the database securely.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. International data transfers

Our providers (Supabase, Prisma, Stripe, Vercel, Cloudflare, Google, Cloudinary, PostHog) may store and process data in multiple countries.

By using the Service, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside your country, which may have different data protection laws.

We take reasonable steps to ensure that such transfers comply with applicable data protection requirements.

9. Your rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access – to request a copy of the personal data we hold about you.
  • Correction – to request correction of inaccurate or incomplete data.
  • Deletion – to request deletion of your personal data, subject to legal retention requirements.
  • Restriction – to request that we limit certain uses of your data.
  • Portability – to receive your data in a structured, commonly used, and machine-readable format, where technically feasible.
  • Objection – to object to certain processing activities, including direct marketing (if any).

You can exercise some of these rights by:

  • Managing your account settings within the app.
  • Deleting your account.
  • Contacting us at support@1984.design.

We may need to verify your identity before responding to certain requests.

10. Cookies and similar technologies

We may use cookies or similar technologies to:

  • Keep you logged in.
  • Remember your preferences.
  • Measure performance and usage.

Third-party providers (Supabase, Vercel, Stripe) may also use cookies or similar technologies as part of their services.

You may adjust your browser settings to refuse cookies, but this may impact certain features of the Service.

11. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

If you believe that a child under 16 has provided us with personal information, please contact us so we can take appropriate action.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make changes, we will update the “Last updated” date at the top of this page. If the changes are significant, we will take reasonable steps to notify you (for example, through the app or by email).

Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

13. Contact

If you have questions or requests related to this Privacy Policy, you can contact us at:

Email: support@1984.design
1984 Design & Development LLC