Privacy Policy

Short version:

• We collect your email, hashed password, billing info (handled by Stripe), and the prompts + images you generate.
• We send your prompts to OpenAI or Google so they can generate images for you.
• We don't sell your data. We don't run ads. We don't use tracking cookies beyond what's needed to keep you signed in.
• You can export or delete your data anytime by emailing us.

Mindmarvel is operated by Sontiac LLC, a Florida limited liability company ("we," "us"). We're the data controller for the information described below. Contact: hello@mindmarvel.ai.

We collect the following:

• Account info: email address, a hashed (bcrypt) password, account creation date.
• Billing info: handled by Stripe. We store a Stripe customer ID and subscription ID; we do not store your card number, CVV, or bank details.
• Generated content: the prompts you submit, the images returned by the model, the boxes you draw, and the final packaged files — stored so you can access, re-slice, and re-download them.
• Usage data: basic server logs (IP address, user-agent, timestamps) for security, rate limiting, and debugging. Retained for up to 30 days.

We use the data above to:

• Provide the service (generate, store, and deliver your packs)
• Authenticate you and keep your account secure
• Bill you and honor your subscription
• Respond to your support requests
• Improve the service (aggregated and anonymized analytics only)
• Comply with legal obligations

• Stripe, Inc. — processes your payment, stores card details, handles the billing portal. Subject to Stripe's Privacy Policy.
• OpenAI, LLC — receives your prompts and generates images via their API (currently gpt-image-2). Subject to OpenAI's Privacy Policy.
• Google LLC — receives your prompts when using Gemini (the "nano-banana" image model) for generation or reference-image iteration. Subject to Google's Gemini API Terms.
• Hosting / infrastructure — our servers and database run on third-party cloud infrastructure, under standard industry contracts requiring appropriate security measures.

We do not sell, rent, or share your personal data for marketing purposes with any third party. We do not use your data to train AI models (ours or anyone else's).

We use a single session cookie to keep you signed in while you're using the app. It expires when you sign out or when your session times out. We don't use third-party analytics, advertising, or cross-site tracking cookies.

Depending on where you live, you may have rights to:

• Access — request a copy of the personal data we hold about you.
• Correct — ask us to fix inaccurate data.
• Delete — ask us to delete your account and associated data.
• Export — request your data in a portable format.
• Object / restrict — object to certain processing (EU/UK GDPR only).

To exercise any of these, email hello@mindmarvel.ai. We'll respond within 30 days. We won't discriminate against you for exercising a right (California CCPA).

• Account data: kept while your account is active, plus up to 60 days after you delete the account (for billing reconciliation).
• Generated packs: kept while your account is active. Deleted on account deletion.
• Server logs: up to 30 days.
• Billing records: retained for 7 years as required by tax and accounting laws.

We take reasonable measures to protect your data: HTTPS for all traffic, bcrypt (cost 12) for password hashes, Stripe for card handling (we never see your card), limited internal access to production systems. No system is perfectly secure — we can't guarantee absolute security. If we become aware of a breach affecting your data, we'll notify you without undue delay.

Mindmarvel isn't directed at children. You must be at least 13 years old (16 in the EEA/UK) to create an account. If we learn that we've collected personal data from a child below that age, we'll delete it.

We're based in the United States; our infrastructure and third-party processors (Stripe, OpenAI, Google) operate globally. By using Mindmarvel you consent to your data being processed in the United States and other countries where our processors operate. Where applicable we rely on standard contractual clauses or other lawful transfer mechanisms.

We may update this policy from time to time. For material changes we'll notify you by email or in-app banner at least 30 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

Email hello@mindmarvel.ai for any privacy-related question or request. See also our Terms of Service.