Privacy Policy
Last updated: January 11, 2025
CutGlueBuild ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered design platform and services.
Contact for Privacy Matters: [email protected] | Data Protection Officer: Cozyartz Media Group
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, full name, profile picture
- Payment Information: Processed securely through Stripe (we don't store card details)
- Project Data: SVG files, design projects, project metadata, revision history
- Communications: Support requests, feedback, and correspondence
1.2 Automatically Collected Information
- Usage Data: Feature usage, AI generation requests, template downloads
- Device Information: Browser type, device type, IP address, operating system
- Cookies: Session cookies for authentication, preference cookies (with consent)
- Performance Data: Error logs, response times, system performance metrics
2. How We Use Your Information
- Service Delivery: Account management, AI processing, file storage and retrieval
- Payment Processing: Subscription billing, invoice generation, refund processing
- Product Improvement: Analytics, feature development, performance optimization
- Communication: Account notifications, support responses, security alerts
- Legal Compliance: Fraud prevention, abuse detection, regulatory requirements
3. Third-Party Service Providers
Cloudflare (Infrastructure)
Hosting, CDN, database services. Data processed globally with EU adequacy protections.
Stripe (Payments)
Payment processing, subscription management. PCI DSS compliant.
OpenAI (AI Processing)
AI content generation. Data processed according to OpenAI's privacy policies.
4. Data Retention
- Account Data: Retained while account is active plus 30 days after deletion
- Project Files: Retained according to your subscription tier and deletion requests
- Payment Records: Retained for 7 years for tax and legal compliance
- Usage Logs: Aggregated data retained for 2 years, detailed logs for 90 days
- Cookies: Session cookies expire after 30 days of inactivity
5. Your Privacy Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete information
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data in certain circumstances
- Object: Opt-out of certain types of processing
- Withdraw Consent: Revoke consent for cookies and marketing communications
To exercise these rights: Visit your Account Settings or contact us at [email protected]. We will respond within 30 days.
6. Cookies and Tracking
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential | Authentication, security, core functionality | 30 days | No (legally required) |
| Functional | Remember preferences, settings | 1 year | Yes |
| Analytics | Usage statistics, performance monitoring | 2 years | Yes |
7. Data Security
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access, multi-factor authentication for admin accounts
- Infrastructure: Cloudflare's enterprise-grade security and DDoS protection
- Monitoring: 24/7 security monitoring and automated threat detection
- Auditing: Regular security audits and vulnerability assessments
8. International Data Transfers
Your data may be processed in countries outside your residence. For EU users, we ensure adequate protection through:
- European Commission adequacy decisions (e.g., for Cloudflare)
- Standard Contractual Clauses with non-EU processors
- Additional safeguards for sensitive data processing
9. AI and Machine Learning
Important disclosures about AI processing:
- Your project content may be processed by AI models (OpenAI GPT) to generate designs
- AI processing happens in real-time and content is not stored by AI providers for training
- Generated content is unique to your request but may be similar to other users' results
- You retain ownership of your original content and generated outputs
- AI processing can be disabled by downgrading to essential features only
10. Children's Privacy
Our service is not directed to children under 13 (or 16 in EU). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.
11. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users within 72 hours and relevant authorities as required by law. Notifications will include the nature of the breach and recommended actions.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be notified through:
- Email notification to all active users
- Prominent notice on our website for 30 days
- In-app notifications for logged-in users
13. Contact Information
Data Controller: Cozyartz Media Group
Privacy Officer: [email protected]
General Support: [email protected]
Mailing Address: [Your Business Address]
EU Representative: If you are in the EU and have concerns about our privacy practices, you may contact your local data protection authority.
Response Time: We respond to privacy requests within 30 days (or as required by applicable law).