Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy describes how Draftpie ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our AI image generation service ("Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following types of information:

  • Account Information: Email address, name, and profile picture provided through authentication providers (e.g., Google OAuth, email/password).
  • Usage Data: Prompts submitted, images generated, models used, features accessed, generation settings, and interaction patterns with the Service.
  • Payment Information: Payment details are processed by Stripe. We store transaction records, subscription status, and billing history but do not store full payment card details.
  • Technical Data: IP address (which may be hashed for rate limiting and abuse prevention), browser type, device information, and cookies for session management.
  • Generated Content: Images, videos, and associated metadata (prompts, settings, timestamps) stored on our cloud infrastructure.
  • Reference Images: Images you upload as references for AI editing are transmitted to third-party AI providers for processing.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your account
  • Send service-related communications
  • Monitor and analyze usage patterns for product improvement
  • Detect, prevent, and address fraud, abuse, and security issues
  • Enforce rate limits and prevent automated abuse
  • Comply with legal obligations
  • Improve our AI systems and services using anonymized and aggregated data

4. Data Sharing and Third-Party Processors

Your data is shared with the following categories of third parties as necessary to operate the Service:

  • Cloud Infrastructure: Supabase (database, authentication, file storage), Vercel (hosting and serverless functions). Your data, including generated content, is stored on infrastructure managed by these providers.
  • AI Model Providers: Google (Gemini), xAI (Grok), fal.ai, and Kling. Your prompts and reference images are sent to these providers for content generation. These providers may process your data according to their own privacy policies.
  • Payment Processing: Stripe processes all payments. Your billing information is subject to Stripe's privacy policy.
  • Rate Limiting: Upstash Redis for rate limiting and abuse prevention.
  • Legal Requirements: When required by law, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties for marketing purposes. However, we cannot control how third-party AI providers handle data sent to their APIs. We encourage you to review their privacy policies.

5. Data Storage, Security, and Risk Acknowledgment

Your data is stored on cloud infrastructure provided by Supabase and other service providers. We implement commercially reasonable security measures to protect your data. However, you acknowledge and agree that:

  • No method of electronic storage or transmission is 100% secure. We cannot and do not guarantee absolute security of your data.
  • Generated images are stored in cloud storage that may use publicly accessible URLs. While URLs are not publicly listed or indexed, anyone with a direct URL may be able to access the content.
  • Your data may be lost, corrupted, or exposed due to security breaches, hacking, unauthorized access, software bugs, hardware failures, human error, third-party service outages, or other incidents beyond our control.
  • In the event of a data breach or security incident, we will make commercially reasonable efforts to notify affected users, but we shall not be liable for any damages resulting from such incidents.
  • We are not responsible for data loss or exposure caused by third-party service providers (Supabase, Vercel, Google, fal.ai, etc.).

We strongly recommend that you download and maintain local backup copies of any generated content you wish to preserve. Do not rely on the Service as your sole storage for important content.

6. Data Retention and Deletion

We retain your account information and generated content for as long as your account is active. We may also delete inactive accounts and their associated data at our discretion. Upon account deletion (whether initiated by you or by us), we will delete your personal data and generated content, though some data may persist in backups for a limited period and transaction records may be retained for up to 7 years for legal and accounting purposes. We cannot guarantee that all copies of your data will be immediately removed from all systems, including third-party provider caches and backups.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to certain processing activities
  • Withdraw consent where processing is based on consent

To exercise these rights, please contact us at support@draftpie.com. We will respond to valid requests within the timeframe required by applicable law. Note that exercising certain rights (such as deletion) may result in loss of access to the Service.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We may use analytics tools to understand how users interact with the Service. You can control cookie settings through your browser, but disabling essential cookies may prevent the Service from functioning correctly.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information and terminate the associated account.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States and other jurisdictions where our service providers operate. By using the Service, you consent to such transfers. Data protection laws in these countries may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy at any time without prior notice. Changes become effective immediately upon posting the updated policy with a new "Last updated" date. It is your responsibility to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@draftpie.com.

View Terms of Service