Privacy Policy

Account Information

When you register, we collect your email address, display name, and authentication credentials. If you sign in through Google OAuth via Supabase, we receive basic profile information as permitted by that provider.

Prompts and Conversations

We collect the text prompts, uploaded data files, and other inputs you submit when requesting figure generation. These inputs are necessary to provide the Service. We store conversation history to allow you to revisit and continue previous sessions.

Generated Images

We store the figures, diagrams, and other visual assets you create using the Service. This allows you to access, edit, and export your work across sessions and devices.

Usage Analytics

We automatically collect information about how you interact with the Service, including pages visited, features used, generation requests made, credit consumption, browser type, operating system, IP address, and approximate geographic location.

When you submit a generation request, your prompt and relevant context may be sent to one or more of the following third-party AI services:

• Anthropic Claude — natural language understanding and multi-step reasoning tasks
• Google Gemini — multimodal generation and visual reasoning
• OpenAI GPT — code generation and data analysis assistance
• E2B — isolated sandbox code execution for programmatic figure rendering; sessions are ephemeral and data is not retained beyond execution

Your data is stored using the following secure infrastructure:

• Supabase — user authentication, session management, and structured data storage (account details, project metadata, prompt history)
• Cloudflare R2 — generated images, exported figures, and other binary assets stored in Cloudflare's object storage

All data is encrypted in transit using TLS. We implement reasonable technical and organizational measures to protect your data against unauthorized access, loss, or destruction. However, no system is completely secure.

The Service uses cookies and browser local storage for the following purposes:

• Authentication: Supabase sets the sb-plottie-auth-token cookie to maintain your logged-in session across page loads
• Locale preference: We store your preferred language setting locally
• Analytics: We may use analytics cookies to understand how users interact with the Service and improve the platform

You can configure your browser to refuse cookies, but doing so may affect your ability to use certain features, including authentication.

We work with the following third-party service providers. Your use of Plottie AI is subject to their respective privacy policies:

• Anthropic — AI model provider (Claude)
• Google — AI model provider (Gemini) and OAuth authentication
• OpenAI — AI model provider (GPT)
• E2B — secure sandbox code execution
• Supabase — authentication and database
• Cloudflare — content delivery and R2 object storage
• Stripe — payment processing for paid subscriptions

• Account data: Retained while your account is active. Deleted within 30 days of account deletion
• Generated images: Retained until you delete them from your workspace or delete your account
• Usage logs: Retained for up to 90 days for security and debugging purposes, then deleted or anonymized
• Payment records: Retained as required by applicable tax and financial regulations

Some data may be retained longer where required by law or to resolve disputes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Delete: Request deletion of your personal data and account
• Export: Request an export of your Generated Content and data in a portable format
• Opt-out: Object to certain processing activities, such as use of your data for product improvement analytics

We implement the following security measures to protect your data:

• All data transmitted between your browser and our servers is encrypted via TLS
• Authentication tokens are managed by Supabase with industry-standard JWT security
• Access to production databases is restricted to authorized personnel only
• We conduct regular security reviews of our infrastructure and code

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will take steps to delete that data promptly. If you believe we may have such data, please contact us immediately at support@plottie.art.