Build with every AI model — KIE.ai + nano-banana editorial pipeline
ACAI Catch
01

Legal

Privacy Policy

Last updated: 2026-05-10

We minimize what we collect, lock down what we keep, and give you control over your data.

1. What we collect

  • Account data: email, display name, optional avatar (via Clerk).
  • Generation inputs: prompts, reference images, model selections.
  • Generation outputs: stored in your private R2 bucket. You may opt in to share to the public Gallery.
  • Billing data: handled by Creem.io as Merchant of Record. We see the last 4 digits and tax jurisdiction; never the full card.
  • Telemetry: page views, generation events, performance traces (PostHog + Sentry). Only after cookie consent.

2. What we don't collect

  • We don't sell or rent your personal data — ever.
  • We don't train shared models on your private generations.
  • We don't read your prompts for advertising; AI providers see only the prompt for the seconds it takes to generate.

3. Where data lives

On Cloudflare's global edge: D1 (SQLite) for application data and R2 for media. Encrypted at rest and in transit. Access controlled by least-privilege Workers bindings.

4. Third parties

  • Clerk — authentication. Subject to Clerk's privacy policy.
  • Creem.io — payments (Merchant of Record). Subject to Creem's privacy policy.
  • Cloudflare — hosting and CDN.
  • Resend — transactional email (receipts, password resets).
  • PostHog — product analytics (only after consent).
  • Sentry — error tracking (no PII in payloads).
  • Model providers — OpenAI, Google, fal.ai, Replicate, Kling, ByteDance. Inputs/outputs flow through these providers solely to fulfill your generation request.

5. Your rights

Access, correction, deletion, portability, and the right to object — exercise via Account → Settings or by emailing support@aicatch.online. We respond within 30 days.

6. Retention

  • Account data: until you delete the account.
  • Generation history: visible until you delete it; purged 30 days after account deletion.
  • Billing records: 7 years (legal requirement).
  • Telemetry: 13 months by default.

7. Children

The Service is not for children under 13 (or 16 in the EEA / UK). We do not knowingly collect data from minors.

8. Changes

Material changes announced via email and in-app banner at least 14 days before they take effect.

Questions or DSR requests: support@aicatch.online.