Legal
Privacy Policy
1. Introduction
This Privacy Policy explains how AppStyle ("we," "us," or "our") collects, uses, shares, and protects information when you use www.appstyle.dev and related services (the "Service"). It should be read together with our Terms of Service.
2. Who we are
AppStyle is operated by Sarthak Gupta. Privacy questions: [email protected]
3. Information we collect
Account information
- Email address, display name, and authentication identifiers from Firebase Authentication.
- Google profile information if you choose Google sign-in, such as name and avatar.
- Profile photo URL if you upload an avatar.
Usage and billing information
- Subscription plan, billing interval, payment status, and usage allowances from Dodo Payments.
- Project and export usage counters for free and paid tiers.
- AI credit usage metadata, including token counts and model usage, for metering and billing.
- Whether you completed onboarding.
Technical and security information
- IP address, browser type, request metadata, and timestamps in server logs and rate-limit records.
- Cloudflare Turnstile challenge results for email authentication flows.
- Firebase ID tokens sent with authenticated API requests.
Analytics information
- Page views and product events through Google Analytics 4 when enabled, such as sign-up, login, checkout, export, and tool usage.
Information we do not collect by default
- Full payment card numbers. Payment details are handled by Dodo Payments.
- A centralized cloud copy of your full project files, screenshots, or AI chat history. Those are stored locally in your browser unless you choose to share content with us for support.
4. How we use information
We use information to:
- Provide, operate, and secure the Service.
- Authenticate users and enforce plan limits.
- Process subscriptions, invoices, and usage-based billing.
- Provide AI-assisted features you request.
- Respond to support requests and prevent abuse.
- Measure product usage and improve the Service.
- Comply with legal obligations and enforce our Terms.
5. Local storage on your device
AppStyle stores projects, image assets, and AI conversations in your browser using IndexedDB. Theme preferences, billing cache, and some free-tier UI flags may be stored in localStorage. Free-draft screenshots may be held in memory only for the current session.
Because this data stays on your device, clearing site data, uninstalling your browser, or switching devices can delete it. You are responsible for exporting and backing up work you want to keep.
6. AI processing
If you use paid AI features, we send relevant content to third-party AI providers to generate responses. This may include:
- Your prompts and chat history.
- Editor and screen layout data, including text, colors, device frames, and layer structure.
- Screenshots and image attachments you include in a request.
- Rendered previews generated as part of the design workflow.
- Public webpage text if you ask the assistant to reference a URL, fetched through our webpage retrieval provider.
- Audio recordings if you use voice input, which are sent for transcription.
We do not intentionally send your Firebase password or full payment card details to AI providers. AI output is generated for your creative use and should be reviewed by you before publication.
7. Profile photos
If you upload a profile photo, we provide a signed upload path to Cloudinary and store the resulting public delivery URL in your account profile. You can remove your avatar through the Service, which deletes the hosted image.
8. Cookies and similar technologies
The Service and our providers may use cookies, local storage, and similar technologies for:
- Authentication and session management through Firebase.
- Security challenges through Cloudflare Turnstile.
- Checkout and billing flows through Dodo Payments.
- Analytics through Google Analytics, when configured.
- Remembering theme and product preferences.
You can control cookies through your browser settings. Blocking some cookies may prevent parts of the Service from working.
9. Analytics
When a Google Analytics measurement ID is configured, we use Google Analytics 4 to understand how the Service is used. Google may collect information such as pages visited, events triggered, device and browser characteristics, and approximate location derived from IP address. You can learn more in Google's Privacy Policy.
10. Third-party service providers
We use trusted providers to run the Service, including:
- Firebase / Google for authentication and identity.
- Cloudflare for hosting, security, Workers, D1 database, and Turnstile.
- Dodo Payments for subscriptions and billing.
- AWS Bedrock for AI design assistance.
- Groq for voice transcription.
- Exa for fetching public webpage content referenced in AI requests.
- Cloudinary for profile avatar hosting.
- Google Analytics for product analytics.
These providers process information on our behalf according to their own privacy policies and our instructions where applicable.
11. How we share information
We do not sell your personal information. We may share information:
- With service providers that help us operate the Service.
- With payment providers to process subscriptions and usage billing.
- With AI providers when you use AI features.
- When required by law, legal process, or to protect rights, safety, and security.
- In connection with a merger, acquisition, or asset sale, with appropriate notice where required.
12. Data retention
- Projects and chats: stored on your device until you delete them or clear browser data.
- Account data: retained while your account is active and as needed to provide the Service.
- Free-tier counters and onboarding flags: retained in our database while relevant to your account.
- Rate-limit and security logs: generally retained for a short period, often about one hour.
- Webhook processing logs: retained for up to 30 days.
- Avatars: retained until you remove them.
- Billing records: retained according to Dodo Payments and applicable law.
13. Security
We use technical and organizational measures designed to protect information, including HTTPS, authenticated APIs, rate limiting, bot protection for email sign-in, webhook signature verification, and access controls on infrastructure providers. No method of transmission or storage is completely secure.
14. International transfers
AppStyle is operated from India, and our service providers may process information in the United States and other countries. When information is transferred internationally, it may be subject to the laws of those jurisdictions.
15. Your rights and choices
Depending on where you live, you may have rights to:
- Access personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of certain information.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
You can update your display name and avatar in the Service. To make a privacy request, email [email protected]. We may need to verify your request before responding.
Because projects and chats are stored locally in your browser, deleting them from your account dashboard or clearing site data may be the fastest way to remove that creative content from your device.
16. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
17. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date above and, where appropriate, provide additional notice. Continued use of the Service after changes become effective means you accept the updated policy.
18. Contact
Privacy questions: [email protected]