← Back to home

Privacy Policy

Last updated: May 2026

1. Data Controller

The data controller responsible for your personal data is Intelener Srl, a company registered in Italy. For any privacy-related enquiries, please contact our Data Protection contact at privacy@craftyia.com.

2. Information We Collect

We collect the following categories of personal data:

  • Account data: email address, display name, and authentication credentials.
  • Brand data: brand name, description, logo, colour palette, and content you create within the platform.
  • Payment data: billing details are processed directly by Stripe and are not stored on our servers.
  • Usage data: AI generation logs (tokens used, provider, cost) for billing and abuse prevention purposes.
  • OAuth tokens: access tokens for connected services (Meta, LinkedIn, Buffer, Google Drive) stored encrypted in our database.
  • Technical data: IP addresses and request metadata for rate limiting and security monitoring.

3. Lawful Basis for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): Processing your account and content data to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, rate limiting, and service improvement.
  • Legal obligation (Art. 6(1)(c)): Retaining billing records as required by applicable tax and accounting law.
  • Consent (Art. 6(1)(a)): Placing cookies and using analytics technologies (where applicable) based on your consent given via our cookie banner.

4. Third-Party Services

Craftyia integrates with the following third-party processors. By using these integrations you are also subject to their respective privacy policies:

  • Google Firebase — authentication and database hosting (Google Privacy Policy)
  • Stripe — payment processing (Stripe Privacy Policy)
  • Resend — transactional email delivery (Resend Privacy Policy)
  • OpenAI / Anthropic / Google Gemini — AI content generation. Prompts may be used by these providers subject to their data processing terms.
  • Meta, LinkedIn, Buffer, Google Drive — social publishing integrations (used only when you explicitly connect your account)

5. Data Storage and Security

Your data is stored in Google Firebase infrastructure (Firestore and Cloud Storage), hosted in the European Union where possible. We implement appropriate technical and organisational measures including encrypted transport (TLS), server-side authentication verification, and strict access controls.

6. Data Retention

  • Account and content data: retained for as long as your account is active.
  • Billing records: retained for 7 years to comply with Italian and EU accounting law.
  • Rate-limiting logs: automatically deleted after 48 hours.
  • AI usage logs: retained for 12 months for billing reconciliation, then deleted.
  • Upon account deletion, all personal data is deleted within 30 days except where retention is legally required.

7. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

  • Right of access (Art. 15): request a copy of your personal data.
  • Right to rectification (Art. 16): correct inaccurate data via your profile settings.
  • Right to erasure (Art. 17): delete your account and all associated data from your profile settings page or by contacting us.
  • Right to restrict processing (Art. 18): request that we limit how we use your data.
  • Right to data portability (Art. 20): receive your data in a machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests.
  • Right to withdraw consent: withdraw cookie consent at any time by clearing your browser storage.

To exercise any of these rights, contact us at privacy@craftyia.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use essential cookies required for authentication (Firebase Auth session tokens) and payment processing (Stripe). We display a cookie consent banner on your first visit. You can withdraw consent at any time by clearing your browser's local storage for this site.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice within the application. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For privacy enquiries, data subject requests, or to contact our Data Protection contact:

Intelener Srl
Email: privacy@craftyia.com