GDPR Compliant

Privacy Policy

Last updated: January 27, 2026

TL;DR: We collect minimal data, never sell it, process validation content in real-time without storing it, and you can delete everything anytime.
1

Information We Collect

1.1 Information You Provide

Account Information

Email address and optional name when you create an account.

Style Packs

Custom style packs and brand rules you create and store.

Payment Information

Stripe collects payment details. We never store your card number.

1.2 Information Collected Automatically

  • API Usage Data: Endpoints called, request counts, response times, error rates
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session management and authentication tokens
2

How We Use Your Information

Service Delivery
Process validation requests and manage your account
API Management
Track usage, enforce rate limits, prevent abuse
Billing
Process payments and manage subscriptions
Communications
Send transactional emails and service updates
Improvement
Analyze usage patterns to improve the service
Security
Detect and prevent fraud and abuse
3

How We Share Your Information

We never sell your personal information. We only share data as necessary to provide our services.

3.1 Service Providers

ProviderPurpose
SupabaseDatabase hosting and authentication
StripePayment processing
VercelWebsite and API hosting
OpenAIAI-powered rewriting (content not used for training)

3.2 Other Circumstances

  • Legal Requirements: When required by law, subpoena, or to protect rights and safety
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • With Consent: For other purposes with your explicit consent
4

Data Retention

Account Data

Retained while active. Deleted within 30 days of account deletion.

Validation Content

Processed in real-time and immediately discarded. Not stored.

Usage Logs

Aggregated analytics retained indefinitely. Individual logs for 90 days.

Billing Records

Retained for 7 years for tax and accounting purposes.

5

Your Rights and Choices

Access & Export
Download your data from account settings
Correction
Update your information anytime
Deletion
Delete your account and all data
Opt-Out
Unsubscribe from marketing emails

5.1 GDPR Rights (EEA/UK)

If you're in the EEA or UK, you have additional rights including objection to processing, restriction of processing, data portability, and the right to lodge a complaint with your local data protection authority.

5.2 CCPA Rights (California)

California residents have the right to know what personal information we collect, request deletion, and opt out of sales (we do not sell your data).

6

Data Security

EncryptionTLS 1.2+ in transit, AES-256 at rest
API KeysHashed storage, never logged
InfrastructureSOC 2 compliant hosting
AuditsRegular security reviews
While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7

Open Source

The core StyleMCP validation engine is open source under the MIT license. You can review the code, self-host, or contribute at github.com/3DUNLMTD/stylemcp. This transparency allows you to verify exactly how your data is processed.

8

International Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. For EEA/UK users, we use Standard Contractual Clauses to ensure appropriate safeguards.

9

Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

10

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes by posting the new policy here and updating the "Last updated" date. For significant changes, we'll also send email notification.

11

Contact Us

Questions about this Privacy Policy or our data practices?

Privacy Inquiries

[email protected]

General Inquiries

[email protected]