Your Privacy Matters

Privacy Policy

Last Updated: October 17, 2025

GDPR Compliant
CCPA Compliant
LGPD Compliant

Welcome to Isometricon! This Privacy Policy explains how Isometricon by PromptCrafter.id ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our AI-powered 3D isometric icon generator service (the "Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Brazil's Lei Geral de Proteção de Dados (LGPD).

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, username (collected via Clerk authentication)
  • Payment Information: Billing details processed through Mayar payment gateway
  • Generation Prompts: Text prompts you submit for icon generation
  • Uploaded Images: Photos or images you upload for image-to-icon conversion
  • Feedback & Testimonials: Reviews, ratings, and testimonials you submit
  • Support Requests: Communications when you contact customer support

1.2 Information Collected Automatically

  • Usage Data: Generation history, feature usage, interaction patterns
  • Technical Data: IP address, browser type, device information, operating system
  • Cookies & Tracking: Authentication cookies (Clerk), session data, analytics cookies (Google Analytics)
  • Log Data: Server logs, error reports, performance metrics

1.3 Information from Third-Party Services

We integrate with the following third-party services that may collect or process your data:

  • Clerk (Authentication): Account creation, login sessions, user profile data
  • Supabase (Database): User data storage, generation logs, payment records
  • UploadThing (Storage): Icon file storage and delivery
  • Google Gemini AI: Image and text processing for icon generation
  • Mayar (Payment Gateway): Transaction processing for Indonesian market
  • Google Analytics: Website usage analytics and performance monitoring

2. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: Generate icons based on your prompts and uploaded images
  • Account Management: Create and maintain your user account, manage authentication
  • Payment Processing: Process credit purchases and maintain transaction records
  • Communication: Send service updates, notifications, and respond to support requests
  • Service Improvement: Analyze usage patterns to improve features and user experience
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Comply with legal obligations and resolve disputes
  • Marketing: Send promotional emails (with your consent, where required)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for specific processing activities (e.g., marketing emails)
  • Contract: Processing is necessary to provide the Service you've requested
  • Legitimate Interests: We have a legitimate business interest (e.g., fraud prevention, service improvement)
  • Legal Obligation: Processing is required to comply with applicable laws

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your data in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

  • Clerk: Authentication and user management
  • Supabase: Database hosting and management
  • UploadThing: File storage and content delivery
  • Google (Gemini AI): AI-powered icon generation
  • Mayar: Payment processing for Indonesian market
  • Google Analytics: Website analytics
  • Vercel: Hosting and infrastructure

4.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect our rights, property, or safety, or that of our users or the public.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: Data in transit is encrypted using TLS/SSL protocols
  • Access Controls: Role-based access controls and Row-Level Security (RLS) policies in our database
  • Authentication: Secure authentication via Clerk with multi-factor authentication options
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Procedures for detecting and responding to security incidents

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and comply with legal obligations:

  • Account Data: Retained until you delete your account
  • Generated Icons: Stored indefinitely in your library until manually deleted
  • Generation Logs: Retained for 90 days for service improvement and troubleshooting
  • Payment Records: Retained for 7 years to comply with financial regulations
  • Support Communications: Retained for 2 years after resolution

When you delete your account, we remove your personal information within 30 days, except where retention is required by law.

7. Your Privacy Rights

7.1 GDPR Rights (EU/EEA Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Users)

  • Right to Know: Request disclosure of collected personal information
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

7.3 LGPD Rights (Brazil Users)

Users in Brazil have similar rights to GDPR, including access, correction, deletion, and portability.

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us atprivacy@isometricon.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication and core functionality (Clerk session cookies)
  • Analytics Cookies: Google Analytics to understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences
  • Local Storage: Store data locally in your browser for improved performance

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework: Our US-based service providers comply with EU-US data transfer mechanisms
  • Standard Contractual Clauses: We use EU-approved contractual clauses with third-party processors
  • Adequacy Decisions: Transfers to countries with adequate data protection as recognized by the EU Commission

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@isometricon.com, and we will delete the information promptly.

11. AI and Data Processing

11.1 AI Training: We do not use your uploaded images, generated icons, or text prompts to train AI models without your explicit consent. Your creative inputs remain private.

11.2 Third-Party AI: We use Google Gemini AI to process your generation requests. Google's processing is subject to their privacy policy and data processing terms.

11.3 Data Minimization: We only send necessary data to AI services to fulfill your generation requests.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through a prominent notice on our Service. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/EEA users, you also have the right to lodge a complaint with your local supervisory authority if you believe we have not addressed your concerns adequately.

⚠️ Important Notice: This Privacy Policy document contains template content based on 2025 GDPR, CCPA, and LGPD compliance standards. Please review and customize all sections with your legal counsel before publishing. Ensure all third-party service integrations and data processing activities accurately reflect your actual practices.