Studii
Try free

Privacy Policy

Draft — replace before launch

Studii is designed to minimize what we know about you. This policy describes what we collect, why, and how long we keep it.

What we collect

  • Account: email + password hash (or OAuth provider id).
  • Images you upload: stripped of EXIF, ICC, XMP, and JFIF metadata before any other processing. Inputs older than 24 hours are auto-deleted.
  • Generated outputs: retained while your account is active; deleted on account deletion.
  • Usage: we keep an audit log keyed by a HMAC of your user id (not the raw id). Audit log is retained 1 year.
  • Billing: Stripe handles all payment data. We see only customer ids and metadata.

What we do NOT do

  • We do not train models on your uploads or outputs.
  • We do not sell your data.
  • We do not enable face-recognition or face-LoRA flows in MVP. Any future feature involving biometric identifiers will be opt-in with a BIPA-compliant consent flow.

Where data lives

Storage and database are hosted on Supabase. Generated images are served from our own CDN at outputs.studii.tech; we never link the upstream provider's CDN to end users. EU data residency is available on the Business plan.

Your rights

You can export your data and delete your account from /app/settings. Deletion erases all auth, storage, and database rows within 30 days. There's a 24-hour grace period during which deletion can be cancelled.

Contact

Privacy questions: privacy@studii.tech. For an EU-specific complaint, contact your local supervisory authority.