🍌SlapanaBack to Home

Privacy Policy


Effective Date: January 24, 2025


1. Introduction


This Privacy Policy explains what data Slapana collects, how we use it, and your rights. By using Slapana, you agree to this policy.


2. Information We Collect


What you provide:

  • Email address (via Google OAuth authentication)
  • Full name and profile picture (from Google account)
  • Designs and images you upload (stored as data URLs in database)
  • Reference images for Slapana Mode
  • Custom prompts and captions for analysis
  • Product type selections (t-shirt, hoodie, mug, tote, poster, phone-case)
  • Design placement preferences (zone, scale, rotation)
  • Payment information (processed by Stripe—we don't store card numbers)

    • What we collect automatically:

  • Usage data (mockup generations, caption analyses, credits used, gallery views)
  • Generation history (saved mockups, prompts, scores, timestamps)
  • Device info (browser type, IP address, general location)
  • Session data and authentication tokens
  • Cookies for login sessions, preferences, and analytics (via Vercel Analytics)

    • Third-party services that process your data:

  • Stripe: Payment processing and subscription management
  • Supabase: Database, authentication, and file storage
  • Google OAuth: Sign-in authentication
  • Google Gemini AI: Analyzes your designs, reference images, and captions (temporary processing only)
  • Vercel: Hosting, analytics, and performance monitoring

    • 3. How We Use Your Data


    We use your information to:

  • Provide the service (AI mockup generation, caption analysis, viral scores)
  • Store your uploaded designs and generated mockups
  • Process reference images for Slapana Mode with similarity controls
  • Save custom prompts with your generations for future reference
  • Manage your private gallery (10 mockup limit for free tier, unlimited for paid)
  • Process payments and manage subscriptions via Stripe webhooks
  • Reset monthly credits for Pro ($19.99/mo, 100 credits) and Business ($49.99/mo, 300 credits) tiers
  • Send transactional emails (confirmations, password resets, billing notices, account deletion warnings)
  • Enforce 48-hour account deletion grace period and automated cleanup
  • Track usage analytics via Vercel Analytics
  • Improve features and fix bugs
  • Prevent fraud and enforce our Terms
  • Comply with legal requirements

    • We do not sell your data. We do not use your designs, reference images, or content to train AI models.


    4. Legal Basis (GDPR)


    For EU/UK users, we process data based on:

  • Contract: To provide the service you signed up for
  • Legitimate interests: Service improvement, security, and fraud prevention
  • Consent: Optional analytics and marketing (you can opt out)
  • Legal obligations: Compliance with laws (tax records, billing history)

    • 5. Data Sharing


    We do not sell your data. We share data only with:


    Service providers:

  • Supabase: Database (PostgreSQL), authentication (Supabase Auth), file storage (Storage buckets for mockups)
  • Google Gemini AI: Analyzes designs and reference images temporarily to generate mockups and scores (images are not stored by Google)
  • Stripe: Payment processing, subscription management, webhook events
  • Vercel: Hosting (Next.js 15), analytics, cron jobs (automated account cleanup)
  • Google OAuth: User authentication (email, name, profile picture)

    • These providers are contractually required to protect your data.


    Legal requirements:

    We may disclose data to comply with laws, court orders, or to protect our rights and prevent fraud.


    Business transfers:

    If we're acquired, your data may transfer to the new owner. You'll be notified if this happens.


    6. Data Retention


  • Active accounts: Data stored as long as your account exists
  • Uploaded designs: Stored as data URLs in database indefinitely while account is active
  • Generated mockups: Stored in Supabase Storage buckets with URLs in database
  • Custom prompts: Saved with generations for reference
  • After account deletion request:

    • - 48-hour grace period to cancel deletion

    - After 48 hours, automated cron job (runs daily at 2 AM) permanently deletes:

    - User profile and authentication credentials

    - All saved generations and mockup files from storage

    - Credit history and subscription data

    - All uploaded designs and custom prompts

  • Billing records: Kept for 7 years (legal requirement for tax/accounting)
  • Inactive free accounts: May be deleted after 2 years of inactivity

    • 7. Your Rights


    Everyone:

  • Access, correct, or delete your data (use "Delete Account" in profile settings)
  • Export your data (contact support@slapana.com)
  • Opt out of marketing emails (we don't send marketing emails currently)
  • Cancel subscription anytime (via Stripe Customer Portal)

    • EU/UK users (GDPR):

  • Object to processing
  • Restrict processing
  • Lodge complaints with data protection authorities (supervisory authority in your country)
  • Data portability (request data export)

    • California users (CCPA):

  • Request details about data collection
  • Delete personal information (via account deletion)
  • Opt out of analytics (browser settings or contact us)

    • To exercise rights: Email support@slapana.com or use account deletion feature in profile settings.


    We don't sell your data.


    8. Security


    We protect your data with:

  • Encryption: TLS/SSL in transit, at-rest encryption via Supabase
  • Secure authentication: Google OAuth with Supabase Auth
  • Password hashing: Not applicable (we use OAuth, no passwords stored)
  • Row Level Security (RLS): Database policies ensure users only access their own data
  • Limited access: Minimal employee/admin access to user data
  • Optimized RLS policies: Auth checks wrapped in SELECT to prevent per-row re-evaluation
  • Regular security audits: Monitoring via Vercel and Supabase dashboards
  • Secure storage: Private Supabase Storage buckets with RLS policies

    • Payments are processed by Stripe (PCI DSS Level 1 compliant). We don't store credit card numbers.


    No system is 100% secure. You're responsible for keeping your Google account safe (we use OAuth, not passwords).


    9. International Transfers


    Slapana operates from the United States. Your data may be transferred to and processed in the US and other countries where our service providers operate (Vercel, Supabase, Google Cloud). For EU/UK users, transfers are protected by Standard Contractual Clauses approved by the European Commission.


    10. Children's Privacy


    Slapana is for users 18+. We don't knowingly collect data from children. If we discover we have, we'll delete it immediately.


    11. AI & Automated Decisions


    We use Google Gemini AI to:

  • Analyze designs and generate photorealistic mockups
  • Process reference images for Slapana Mode (similarity: 0-100%)
  • Analyze captions for viral potential and generate Slap Scores (0-100)
  • Apply zone-based placement and design positioning

    • AI assessments are automated and may be inaccurate—they're guidance, not guarantees. We don't use your designs, reference images, or content to train AI models. Your images are processed temporarily by Google Gemini AI for generation purposes only and are not stored by Google.


    Significant decisions (account access, billing, subscription changes) are never made solely by AI. Account deletion requires user action and has a 48-hour grace period.


    12. Cookies


    We use cookies for:

  • Essential: Login sessions via Supabase Auth, security, authentication state (always active)
  • Analytics: Vercel Analytics for usage stats, page views, performance monitoring (you can opt out via browser settings or Do Not Track)

    • Disabling essential cookies will prevent service access.


    13. Storage Architecture


    Database storage (Supabase PostgreSQL):

  • User profiles, email, subscription tier
  • Credit balances and usage history
  • Uploaded designs (stored as data URLs/base64 in `generations.design_url`)
  • Custom prompts (stored in `generations.user_prompt`)
  • Mockup metadata and URLs

    • File storage (Supabase Storage):

  • Generated mockup images (stored in `mockups` bucket)
  • File path structure: `mockups/{user_id}/{timestamp}-{product}-mockup.jpg`
  • Protected by Row Level Security (users can only access their own files)

    • Not stored:

  • Credit card numbers (handled by Stripe)
  • Passwords (we use Google OAuth)
  • User designs used to train AI (Google Gemini processes temporarily only)

    • 14. Account Deletion & Data Cleanup


    When you request account deletion from profile settings:

    1. Account marked with `deleted_at` timestamp immediately

    2. 48-hour grace period begins—you can cancel deletion during this time

    3. After 48 hours, automated cron job runs daily at 2 AM to permanently delete:

    - All records from `auth.users` (Supabase Auth)

    - All records from `public.users`, `user_credits`, `subscriptions`, `generations`

    - All mockup files from Supabase Storage buckets

    4. Deletion is permanent and cannot be undone

    5. Billing records retained for 7 years (legal requirement)


    15. Changes to This Policy


    We may update this policy. Material changes will be emailed to you. Continued use means you accept updates. Check the "Effective Date" to see when it was last updated.


    16. Contact Us


    Email: support@slapana.com

    For data requests: Use subject line "Privacy Request" or "Data Deletion Request"

    Response time: Within 30-45 days


    Company: IronWard Industries

    Website: slapana.com

    Country: United States



    Questions? Email support@slapana.com


    Privacy Policy - Slapana