Legal - InstaSVG | InstaSVG

1. Overview and Score

At InstaSVG ("we", "us", "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered vector graphics generation service. This policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller:

InstaSVG
Email: privacy@mail.instasvg.com

2. What Data We Collect and Why (Legal Basis)

Under the GDPR, we must have a legal basis to process your personal data. Here is what we collect, why we need it, and our legal basis for doing so:

Account & Authentication Data

What we collect: Email address, name, authentication tokens, profile details.
Why we collect it: To create and manage your account, authenticate you securely, and provide access to our services.
Legal Basis: Performance of a Contract.

Content Data

What we collect: Text prompts, uploaded images, and generated SVGs.
Why we collect it: To process your requests and generate the desired output, display your generation history.
Legal Basis: Performance of a Contract.

Payment & Transaction Data

What we collect: Billing history, current subscription plan. (We do not store full credit card numbers).
Why we collect it: To process payments via Stripe, manage subscriptions, and prevent fraud.
Legal Basis: Performance of a Contract & Legal Obligation (e.g., tax compliance).

Technical & Usage Data

What we collect: IP address, browser type, device identifiers, interaction logs, and analytics.
Why we collect it: To maintain security, understand how our platform is used, and improve performance.
Legal Basis: Legitimate Interest for security/basic analytics; Consent for marketing/tracking cookies.

3. How Long We Retain Your Data

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account Information: Retained for the lifetime of your account. If you delete your account, your data will be permanently deleted within 30 days.
User Content (Prompts & Images): Retained as long as your account is active so you can access your history. You can manually delete generations at any time.
Payment Records: Retained for up to 7 years as required by tax and accounting laws.
Log Data & Analytics: Typically retained for 90 days for operational analysis.

4. Third-Party Data Processors

We use trusted third-party service providers who assist us in operating our platform. These processors only handle data according to our instructions and strict confidentiality agreements:

Database Provider: For primary database hosting and backend storage.
Authentication Provider: For secure user authentication and identity management.
Payment Processor: For secure payment processing, subscription management, and tax compliance.
CDN and Storage Provider: For fast, secure storage and delivery of generated image assets.
Email Service Provider: For essential transactional emails and notifications.
Analytics Provider: For measuring essential website performance and page views.
Advertising Partners: For marketing and ad conversion tracking.

5. Cookies and Tracking

We use cookies to operate our site and, with your consent, to analyze traffic and provide targeted advertising. You can control these preferences at any time. For a full breakdown of the cookies we use, their purpose, duration, and categories (Essential, Analytics, Marketing), please read our full Cookie Policy.

6. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or UK, you have the following data protection rights:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request that we update or correct inaccurate data.
Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data.
Right to Data Portability: You can request a structured, machine-readable copy of your data to transfer to another service.
Right to Object & Restrict Processing: You can object to our processing of your data (e.g., for marketing) or ask us to restrict it.
Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time (e.g., cookie preferences or newsletter subscriptions).

7. How to Exercise Your Rights & Contact Us

Requesting Data Deletion

If you wish to delete your account and associated personal data, you can submit a deletion request easily through our dedicated Data Deletion Portal. Once verified, we will process your deletion request within 30 days in accordance with the GDPR.

Contact the Data Controller

If you have any questions, concerns, or wish to exercise any of your other rights under the GDPR, please contact our Data Controller at:

InstaSVG Privacy Team
Email: privacy@mail.instasvg.com

You also have the right to lodge a complaint with your local Data Protection Authority (DPA) regarding the processing of your personal data.