Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use InfoAIgraphic (the "Service"). It applies worldwide.

Account & Billing

• Email address.
• Payment data processed by Stripe (billing details, card tokens/identifiers). We do not store full card numbers.

Content & Usage

• Prompts, inputs, uploaded assets (e.g., logos), and generated infographics.
• Event telemetry such as user-agent and device identifiers; our hosting/CDN providers may process network information (e.g., IP addresses) for security and delivery.

Analytics & Ads (if enabled in your region)

• Google Analytics 4 (GA4) to measure usage. GA4 uses first-party cookies/identifiers to distinguish users/sessions.
• Advertising/retargeting pixels (e.g., Google Ads, Meta, LinkedIn) for cross-context behavioral advertising where permitted.

We do not intentionally collect sensitive categories unless you include them in your prompts or uploads. Please avoid providing personal data in prompts unless necessary.

• Provide and operate the Service; perform contract with you.
• Process payments and fraud prevention; legitimate interests and legal obligations.
• Analytics to improve performance and features; consent in EEA/UK, legitimate interests elsewhere.
• Advertising/retargeting; consent in EEA/UK; opt-out rights in certain U.S. states (see Section 9).
• Security, abuse prevention, and compliance; legitimate interests and legal obligations.
• Communications (service notices, updates); legitimate interests/contract.

We send prompts/inputs to AI providers (e.g., OpenAI and Google AI services) to generate outputs.

No training: We do not permit our providers to use your prompts or outputs to train their models, where such controls exist. (For example, OpenAI states that business/API data is not used to train by default.)

We configure providers to minimize retention and disable logging where feasible.

We share personal data with:

• Infrastructure & processing: Vercel (hosting/CDN), Supabase (database, auth), cloud storage, backup vendors.
• Payments: Stripe (payment processing, taxes).
• AI providers: OpenAI; Google's AI services (as configured).
• Analytics/ads: GA4; ad platforms (Google Ads, Meta, LinkedIn).
• Compliance: government authorities or third parties when required by law or to protect rights and safety.

We do not "sell" personal information. For California and similar laws, we may "share" personal information for cross-context behavioral advertising; you can opt out (Section 9).

We operate globally; data may be processed outside your country (e.g., the EU/UK ↔ US).

For EU/EEA data, we rely on the European Commission's Standard Contractual Clauses (SCCs) with our vendors and subprocessors. For UK data, we use the UK IDTA or UK Addendum to the SCCs. We also implement supplementary measures and conduct transfer assessments as appropriate.

• User Content (prompts, uploads, outputs): retained for 12 months to support your account history and features, then deleted or anonymized unless we must keep it longer to comply with law or resolve disputes.
• Telemetry/logs: retained for up to 12 months unless a shorter technical TTL applies.
• Billing records: retained per tax and accounting laws.

We use reasonable administrative, technical, and organizational measures appropriate to the risk (e.g., encryption in transit, access controls). No method is 100% secure.

EEA/UK: rights of access, rectification, erasure, restriction, portability, objection; and the right to withdraw consent.

US (e.g., CA, CO, CT, VA, UT, etc.): rights to know/access, delete, correct, opt out of sale/sharing/targeted advertising. In California we provide:

• "Do Not Sell or Share My Personal Information" link (or equivalent Privacy Choices) and we honor Global Privacy Control (GPC) signals.
• Sensitive data limits as required by CPRA.

To exercise rights or appeal a decision, contact contact@infoaigraphic.com. We respond within 30 days (extendable where permitted).

In the EEA/UK, we set analytics/advertising cookies only after your consent via our cookie controls; you can withdraw consent anytime.

Outside the EEA/UK, we rely on applicable laws (consent or legitimate interests).

Manage preferences via "Cookie Settings" (link in footer) or your browser settings. See also Google's GA4 cookie use documentation.

The Service is not directed to children under 13 (or 16 in the EEA/UK where consent rules apply). We do not knowingly collect data from such users; if we learn of it, we will delete it.

• Hosting/CDN: Vercel (global)
• Database/Auth: Supabase
• Payments & tax calc: Stripe
• AI providers: OpenAI API; Google AI services
• Analytics: Google Analytics 4
• Advertising pixels: Google Ads, Meta, LinkedIn

We may update this list as our stack evolves. For material changes, we will notify you by email.

The Service may link to third-party sites. Their privacy practices are outside our control.

We may update this Policy. For material changes, we will notify you by email before the new version takes effect.

Questions or requests: contact@infoaigraphic.com