Privacy Policy
What data Obrasken collects, why, how long it is kept, and the controls you have over it.
Effective July 11, 2026 · Version 1.0
Legal index1. What we collect
Account data (email, display name, authentication records); usage data (credit transactions, generation metadata, feature usage, security events); content you provide (prompts, uploads, projects); and technical data (device/browser info, IP-derived rate-limit signals). We use Supabase for authentication and storage and Stripe for payments.
2. Why we use it
To operate your account and the tools, process payments and credits, enforce rate limits and safety, prevent abuse, provide support, and improve the product. We rely on your consent, the performance of our contract with you, and our legitimate interest in running a secure service.
3. AI providers
When you run a generation, the necessary prompt and input content is sent to the AI provider that fulfils it (for example, our configured image/video providers, or your own BYOK provider). Those providers process content under their own terms. We minimize what is sent and do not sell your content.
4. Model training
Obrasken does not train its own foundation models on your private project content. Your Memory Vault personalization is stored privately for your account and is controlled by you (enable, adjust, export, reset, delete). External providers may have their own training practices; use BYOK if you need provider-level control.
5. Retention
We keep account and billing records for as long as your account is active and as required for legal, tax, and accounting purposes. Generations and uploads are kept until you delete them or delete your account. Security logs are retained for a limited period for fraud and abuse prevention.
6. Your controls
From Settings you can edit your profile, manage privacy and memory preferences, export account data, delete individual generations, and request account deletion. Some export and deletion flows are processed on a short manual timeline; the app states this honestly where it applies.
7. Security
We use encryption in transit, encrypted storage for provider keys, row-level security on user data, rate limiting, and audit logging of sensitive actions. No system is perfectly secure, but we design to limit exposure and never expose secrets to the browser.
8. International and children
Your data may be processed in regions where our providers operate. Obrasken is not directed to children under the age of digital consent in your jurisdiction.
9. Contact
Privacy questions and data requests can be sent to support@obrasken.com.
