Privacy Policy

1. Introduction

Welcome to Canvelete ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our design automation platform and related services.

By accessing or using Canvelete, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and profile information when you create an account
• Payment Information: Billing details processed securely through our payment processor (Polar.sh)
• Design Content: Images, text, graphics, and other content you create or upload to our platform
• Communication Data: Messages, feedback, and support requests you send to us
• Integration Data: API keys and credentials for third-party integrations (Zapier, n8n, etc.)

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with our services, including features used, designs created, and time spent
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience and analyze usage patterns
• Log Data: Server logs, error reports, and performance metrics

2.3 Information from Third Parties

• OAuth Providers: Profile information from Google, GitHub, or other authentication providers you choose to use
• Asset Libraries: Data from Pixabay, Unsplash, and FreeSVG when you use their assets
• Payment Processors: Transaction information from Polar.sh for billing purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our design automation platform
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Payment Processing: To process subscriptions, handle billing, and manage your plan
• Communication: To send service updates, security alerts, and respond to your inquiries
• Personalization: To customize your experience and provide relevant features
• Analytics: To understand usage patterns, improve our services, and develop new features
• Security: To detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: To comply with legal obligations and enforce our terms
• AI Features: To provide AI-powered design generation using Google Gemini (your prompts and designs may be processed by AI services)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

• Hosting: Vercel for application hosting and deployment
• Database: PostgreSQL database providers (Neon, Supabase, or similar)
• Payment Processing: Polar.sh for subscription and billing management
• Email Services: Resend for transactional emails
• AI Services: Google Gemini for AI-powered design generation
• Asset Providers: Pixabay, Unsplash, FreeSVG for stock images and graphics
• Analytics: Vercel Analytics for performance monitoring

4.2 Integration Partners

When you connect third-party services (Zapier, n8n, etc.), we share necessary data to enable those integrations. You control these connections and can revoke access at any time.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest in our databases
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Hosted on secure, enterprise-grade cloud infrastructure

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for a reasonable period after deletion
• Design Content: Stored until you delete it or close your account
• Transaction Records: Retained for tax and accounting purposes as required by law
• Log Data: Typically retained for 90 days for security and debugging purposes

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your designs and data in a portable format
• Opt-Out: Unsubscribe from marketing communications (service emails may still be sent)
• Revoke Consent: Withdraw consent for data processing where applicable
• Object: Object to certain types of data processing

To exercise these rights, please contact us at privacy@canvelete.com or through your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: To understand how you use our services
• Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may affect functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Canvelete is not intended for users under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Third-Party Links

Our services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: