LEGAL

Privacy Policy

Last updated: May 29, 2026

1. Information We Collect

We collect the following information when you use TaroVault: • Account information: your email address and password (stored securely via Supabase Auth). • Profile information: your display name, if you choose to provide it. • Usage data: the prompts you submit, decks you generate, and credits you purchase. • Payment information: processed entirely by Stripe. We never see or store your card details. • Technical data: IP address, browser type, and usage analytics to improve the Service.

2. How We Use Your Information

We use your information to: • Provide and operate the Service (account management, generation, billing). • Send transactional emails such as payment receipts and password reset links. • Improve the Service through aggregated, anonymised usage analysis. • Respond to support requests. We do not sell your personal information to third parties.

3. Your Generated Content

Prompts you submit and images generated from your account are associated with your account for the purpose of saving and displaying your decks. We do not use your prompts or generated images to train AI models. You retain full ownership of your generated content.

4. Data Sharing

We share data only with the following trusted third parties, strictly to operate the Service: • Supabase — database and authentication hosting. • Stripe — payment processing. • Google Cloud — AI image generation via the Imagen API. • Vercel — application hosting and infrastructure. All third parties are bound by their own privacy policies and data processing agreements.

5. Cookies

We use essential cookies to maintain your login session. We do not use advertising or tracking cookies. You may disable cookies in your browser settings, but this may prevent you from using the Service.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your profile and saved decks are permanently deleted within 30 days. Payment records may be retained for legal and accounting purposes.

7. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise any of these rights, contact us at hello@tarovault.com. We will respond within 30 days.

8. Security

We take reasonable measures to protect your data, including encrypted data transmission (HTTPS), secure password hashing, and row-level security on our database. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice in the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or data requests, contact us at hello@tarovault.com.

Terms of ServiceBack to home