Privacy Policy – LogoGenAI

Last Updated: [DATE]

[Your Brand Name] (“we,” “us,” “our”) operates the website [yourwebsite.com] (the “Service”), an AI-powered logo generation platform. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Romanian Data Protection Law (Law No. 190/2018), and other applicable data protection legislation.

1. Data Controller

The data controller responsible for your personal data is:

[Your Brand Name / Legal Entity Name] Address: [Your Business Address] Email: [privacy@yourwebsite.com] Country: Romania

For any questions or requests regarding your personal data, contact us at the email address above.

2. What Data We Collect

2.1 Data You Provide Directly

Data Type	When Collected	Purpose
Email address	Account registration	Account creation, login, communications
Password (hashed)	Account registration	Account authentication
First name, last name	Account registration (optional)	Account personalization
Username	Account registration (optional)	Account identification
Payment information	Plan purchase	Payment processing (handled by Stripe)
Text prompts and preferences	Logo generation	Generating logos per your instructions
Support messages	Contacting support	Responding to your inquiries

2.2 Data Collected Automatically

Data Type	How Collected	Purpose
IP address	Server logs	Security, rate limiting, fraud prevention
Browser type and version	Server logs	Service compatibility and debugging
Pages visited and actions taken	Analytics	Improving the Service
Device type and screen resolution	Analytics	Optimizing user experience
Referring URL	Analytics	Understanding traffic sources
Cookies and similar technologies	Browser cookies	Session management, preferences

2.3 Data from Third-Party Services

Source	Data Received	Purpose
Google OAuth	Google account ID, name, email, profile picture	Account creation and login
Stripe	Subscription status, payment confirmations, invoice data	Payment and subscription management

We do not receive or store your full credit card number, bank account details, or Google account password. Stripe handles all payment data directly under their own PCI-DSS compliant infrastructure.

3. How We Use Your Data

We process your personal data based on the following legal bases under GDPR Article 6:

3.1 Performance of a Contract (Art. 6(1)(b))

Creating and managing your account
Processing payments and managing subscriptions
Generating logos based on your prompts
Delivering generated logos and brand assets
Providing customer support

3.2 Legitimate Interests (Art. 6(1)(f))

Preventing fraud, abuse, and unauthorized access
Monitoring and improving the Service
Analyzing usage patterns to improve features
Ensuring network and information security
Enforcing our Terms of Service

3.3 Legal Obligations (Art. 6(1)(c))

Complying with tax and accounting requirements
Responding to lawful requests from authorities
Retaining transaction records as required by law

3.4 Consent (Art. 6(1)(a))

Sending marketing emails or newsletters (only with your explicit opt-in)
Setting non-essential cookies (with your consent via our cookie banner)

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. How We Share Your Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We share your data only with the following categories of recipients, solely to operate and improve the Service:

4.1 Service Providers (Data Processors)

Provider	Data Shared	Purpose	Location
Hosting provider	All service data	Website and server hosting	[EU / specify]
Stripe	Email, payment details, subscription info	Payment processing	USA (EU-US Data Privacy Framework)
Google	OAuth tokens, email	Authentication via Google login	USA (EU-US Data Privacy Framework)
AI model providers (via OpenRouter)	Text prompts only	Logo generation	USA
Vectorization API provider	Generated logo images only	PNG to SVG conversion	USA
Email service provider	Email address, name	Transactional emails (receipts, password resets)	[specify]
Analytics provider	Anonymized usage data	Website analytics	[EU / specify]

All service providers are bound by data processing agreements (DPAs) and are required to process your data only on our instructions and in compliance with applicable data protection laws.

4.2 International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When transferring data outside the EEA, we rely on:

EU-US Data Privacy Framework (for certified US companies)
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable

4.3 Legal Requirements

We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Cookies and Tracking

5.1 Essential Cookies

These are strictly necessary for the Service to function and cannot be disabled.

Cookie	Purpose	Duration
Session cookie	Keeps you logged in	Browser session
CSRF token	Prevents cross-site request forgery	Browser session
Cookie consent	Remembers your cookie preferences	12 months

5.2 Analytics Cookies (Require Consent)

We use [Google Analytics / Plausible / other] to understand how visitors use the Service. These cookies are only set after you provide consent through our cookie banner.

Cookie	Purpose	Duration
Analytics identifier	Tracks page views and user journeys	Up to 26 months

5.3 Managing Cookies

You can manage or withdraw your cookie consent at any time by clicking the cookie settings link in our website footer. You can also configure your browser to block or delete cookies, though this may affect Service functionality.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Data Type	Retention Period	Reason
Account data (email, name)	Duration of account + 30 days after deletion	Service provision
Generated logos	Duration of account + 30 days after deletion	Your access to past work
Text prompts	Duration of account + 30 days after deletion	Generation history and re-generation
Payment and invoice records	10 years after transaction	Romanian tax and accounting law
Activity logs	90 days	Security monitoring and debugging
Server logs (IP, browser)	90 days	Security and abuse prevention
Support correspondence	2 years after resolution	Quality assurance and legal protection

After the retention period expires, data is permanently deleted or irreversibly anonymized.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights. To exercise any of these, contact us at [privacy@yourwebsite.com]. We will respond within 30 days.

7.1 Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

7.2 Right to Rectification (Art. 16)

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure / Right to Be Forgotten (Art. 17)

You have the right to request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., tax records). You can delete your account through your account settings, which triggers automatic deletion of your data per the retention schedule above.

7.4 Right to Restriction of Processing (Art. 18)

You have the right to request that we limit the processing of your data in certain circumstances (e.g., while we verify the accuracy of your data).

7.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV), and to transmit it to another controller.

7.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights.

7.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent (e.g., marketing emails, analytics cookies), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7.8 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, București, România Website: www.dataprotection.ro

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

HTTPS/TLS encryption for all data in transit
Hashed passwords (never stored in plain text)
API keys stored in secure server-side configuration, never exposed to client-side code
Role-based access control for administrative functions
CSRF protection on all forms
Server-side input validation and sanitization
Regular software and plugin updates
Rate limiting to prevent brute-force attacks and abuse

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. AI-Generated Content and Data Processing

9.1 How AI Generation Works

When you submit a text prompt, it is sent to third-party AI model providers through an API gateway to generate logo images. The generated images are returned to our servers and stored in your account.

9.2 What AI Providers Receive

AI providers receive only your text prompt and generation parameters (style, colors, dimensions). They do not receive your name, email, account information, or payment details.

9.3 Vectorization Processing

When you request an SVG download, your generated logo image is sent to a vectorization API provider for conversion. The provider receives only the image file — no personal data is attached.

9.4 AI Provider Data Retention

We select AI providers whose policies do not retain user inputs or outputs for training purposes beyond the immediate processing of your request. However, we cannot fully control third-party data practices. Please refer to the respective providers’ privacy policies for details.

10. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [privacy@yourwebsite.com].

11. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the “Last Updated” date at the top of this page
Notify you by email or through a prominent notice on the Service at least 15 days before the changes take effect

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service and may request account deletion.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

[Your Brand Name / Legal Entity Name] Email: [privacy@yourwebsite.com] Address: [Your Business Address] Country: Romania

We aim to respond to all data protection inquiries within 30 days.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.