Craflio
Draft — not yet in effect. This is placeholder text for launch preparation and must be reviewed and adapted by legal counsel before Craflio accepts paying customers.

Privacy Policy

Effective date: to be set on launch. This policy explains what personal data Craflio (“we”, “us”) collects, how we use it, and your rights. It applies to your use of the Service.

1. Data we collect

  • Account data: email address and authentication data, managed by our auth provider (Supabase).
  • Content you provide: prompts, uploaded images, designs, and listing text you create in the Service.
  • Connected-account data: when you connect a third-party sales or fulfilment marketplace, the access tokens and store/listing data needed to operate those integrations. Tokens are stored encrypted.
  • Billing data: subscription and payment status. Card details are handled directly by our payment processor (Stripe); we do not store full card numbers.
  • Usage and technical data: logs, device/browser information, and feature usage needed to operate, secure, and improve the Service.

2. How we use data

  • To provide, maintain, and secure the Service and your account.
  • To generate the design, manufacturing, and listing output you request.
  • To process payments and enforce plan limits.
  • To communicate with you about the Service, and to comply with legal obligations.

3. Processors and third parties

We share data with service providers that process it on our behalf, only as needed to run the Service:

  • Supabase — database, authentication, file storage.
  • Stripe — subscription billing and payments.
  • Sales and fulfilment marketplaces you choose to connect (the specific partners will be listed here at launch).
  • AI/generation providers (e.g. for image generation, text optimisation, and content moderation) to produce and screen output you request.

We do not sell your personal data.

4. Content moderation

To keep the Service safe and lawful, prompts and generated output may be screened by automated content moderation before processing. Content that violates our Acceptable Use Policy may be blocked.

5. Data retention

We keep personal data for as long as your account is active and as needed to provide the Service, then for a reasonable period afterwards to meet legal, accounting, or security obligations, after which it is deleted or anonymised.

6. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can export or delete your account data from your settings or by contacting us; we respond within the timeframe required by applicable law (e.g. GDPR).

7. Security

We use technical and organisational measures including encryption of credentials, row-level tenant isolation, and access controls. No system is perfectly secure; we cannot guarantee absolute security.

8. International transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

9. Changes and contact

We may update this policy and will notify you of material changes. Contact for privacy questions or to exercise your rights: [contact email — to be set on launch].