Privacy Policy
Last Updated: March 9, 2026
Version: 1.0
Service: Jewelry Studio PWA
1. Information We Collect
Account Information
- Email address
- Name (optional)
- Payment information (processed by Stripe, not stored by us)
Usage Information
- Design parameters and prompts you submit
- Generated designs and images
- 3D model requests and status
- Login times and IP addresses
- Device type and browser information
Cookies
- Session tokens (authentication)
- Preferences (theme, language)
- Analytics (if enabled)
See our Cookie Policy for details.
2. How We Use Information
We use your information to:
- Provide and improve the Service
- Process payments (via Stripe)
- Send transactional emails (generation status, account alerts)
- Debug errors and prevent fraud
- Comply with legal obligations
We do NOT:
- Sell your data to third parties
- Use your designs for AI training without explicit consent
- Share personal information outside our sub-processors
- Serve targeted ads based on your data
3. Data Storage & Security
- Storage Location: United States (Supabase PostgreSQL)
- Encryption: HTTPS in transit, encrypted at rest
- Access Control: Role-based access (RLS) on all data
- Retention: Designs stored indefinitely unless you delete them. Upon account deletion, designs are retained for 30 days as a recovery option, then permanently deleted. Transaction records are kept for 7 years for tax/legal compliance.
We use industry-standard security practices but cannot guarantee absolute security.
4. Sub-processors & Third Parties
We share limited data with:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting | Account info, designs, prompts |
| Stripe | Payment processing | Email, name, transaction amount |
| Google Gemini | Design generation | Jewelry parameters, design prompts |
| OpenAI | Design generation | Jewelry parameters, design prompts |
| OpenAI Moderation | Content moderation | Design prompts (for safety check) |
| Meshy API | 3D model generation | Design images, generation parameters |
| Upstash | Rate limiting & CSRF protection | Request metadata, IP addresses |
| Inngest | Background job processing | Job IDs, generation parameters |
| Sentry | Error tracking (optional) | Error messages, stack traces, device info |
See SUB_PROCESSORS.md for full details and data processing agreements.
5. Your Rights
Access & Portability
You can request a copy of your personal data by emailing Ryan@RyanB.NYC
Deletion
You can delete your account anytime. We will:
- Permanently delete your personal data within 30 days
- Retain designs for 30 days as recovery option
- Keep transaction records for tax/legal compliance (7 years)
GDPR Rights (EU users)
If you're in the EU, you have additional rights:
- Right to access, correct, or delete your data
- Right to restrict or object to processing
- Right to lodge complaints with your data protection authority
- Right to withdraw consent at any time
Contact: Ryan@RyanB.NYC
6. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect data from children. If we become aware of such collection, we will delete it immediately.
7. Data Transfers
Your data is hosted in the United States. If you access the Service from the EU, you agree to the international transfer of your data. This transfer is necessary to provide the Service.
8. Cookies & Tracking
We use:
- Essential Cookies: Session management, authentication
- Preference Cookies: Theme, language, user settings
- Analytics: Optional (Sentry error tracking if enabled)
See Cookie Policy for opt-out options.
9. Changes to This Policy
We may update this policy at any time. Continued use of the Service after changes constitutes acceptance.
10. Contact
For privacy questions, contact:
Email: Ryan@RyanB.NYC