Version 1.0 · pending final legal review

Privacy Policy

What data Obrasken collects, why, how long it is kept, and the controls you have over it.

Effective July 11, 2026 · Version 1.0

Legal index

1. What we collect

Account data (email, display name, authentication records); usage data (credit transactions, generation metadata, feature usage, security events); content you provide (prompts, uploads, projects); and technical data (device/browser info, IP-derived rate-limit signals). We use Supabase for authentication and storage and Stripe for payments.

2. Why we use it

To operate your account and the tools, process payments and credits, enforce rate limits and safety, prevent abuse, provide support, and improve the product. We rely on your consent, the performance of our contract with you, and our legitimate interest in running a secure service.

3. AI providers

When you run a generation, the necessary prompt and input content is sent to the AI provider that fulfils it (for example, our configured image/video providers, or your own BYOK provider). Those providers process content under their own terms. We minimize what is sent and do not sell your content.

4. Model training

Obrasken does not train its own foundation models on your private project content. Your Memory Vault personalization is stored privately for your account and is controlled by you (enable, adjust, export, reset, delete). External providers may have their own training practices; use BYOK if you need provider-level control.

5. Retention

We keep account and billing records for as long as your account is active and as required for legal, tax, and accounting purposes. Generations and uploads are kept until you delete them or delete your account. Security logs are retained for a limited period for fraud and abuse prevention.

6. Your controls

From Settings you can edit your profile, manage privacy and memory preferences, export account data, delete individual generations, and request account deletion. Some export and deletion flows are processed on a short manual timeline; the app states this honestly where it applies.

7. Security

We use encryption in transit, encrypted storage for provider keys, row-level security on user data, rate limiting, and audit logging of sensitive actions. No system is perfectly secure, but we design to limit exposure and never expose secrets to the browser.

8. International and children

Your data may be processed in regions where our providers operate. Obrasken is not directed to children under the age of digital consent in your jurisdiction.

9. Contact

Privacy questions and data requests can be sent to support@obrasken.com.