Open Clade Design

Legal

Privacy Policy

This policy explains what personal data Open Clade Design collects, why we use it, who processes it, and how long different categories are retained.

Operator
Nexu Labs
Last updated
Support
cladedesign@purelymail.com
Do not upload highly sensitive personal data, regulated health data, payment card numbers, government identifiers, or secrets unless you have a lawful basis and the data is necessary for your project.

1. Controller and contact

Open Clade Design is operated by Nexu Labs. For privacy requests, account deletion, data export, or questions about this policy, contact cladedesign@purelymail.com.

2. Personal data we collect

We collect the following categories of personal data when you use the Service:

  • account data, such as email address, authentication identifiers, and profile metadata;
  • workspace data, such as project names, prompts, chats, uploaded files, generated files, previews, exports, and design settings;
  • billing data, such as customer ID, subscription ID, plan, billing email, invoice status, refund status, and payment provider metadata;
  • technical data, such as IP address, request identifiers, browser details, device information, logs, error reports, and security events;
  • support communications, including messages, screenshots, attachments, and related account context.

We do not intentionally collect full card numbers or card security codes. Those details are handled by the payment provider during checkout.

3. How we use personal data

We use personal data to:

  • create and secure accounts;
  • provide hosted design generation, file storage, previews, imports, exports, and project history;
  • process subscriptions, invoices, renewals, cancellations, refunds, disputes, and tax records;
  • detect fraud, abuse, service errors, and security incidents;
  • respond to support, privacy, billing, and legal requests;
  • maintain, debug, and improve the Service.

4. Service providers and sharing

We share personal data only as needed to operate the Service, comply with law, protect the Service, or complete a customer request. Current categories of processors include:

  • authentication, database, and file storage providers, including Supabase;
  • payment processors, including Stripe;
  • hosting, deployment, logging, queue, and infrastructure providers;
  • AI model and agent runtime providers used to generate requested design output;
  • email and support tools used to respond to customers;
  • professional advisors, authorities, or counterparties when required for legal, tax, fraud, dispute, or compliance reasons.

We do not sell personal data. We do not use customer project content for third-party advertising.

5. Cookies and local storage

The website uses cookies, browser storage, and similar technologies for sign-in sessions, authentication state, language preferences, billing flow state, and product settings. You can clear browser storage, but doing so may sign you out or reset local preferences.

6. Data retention

We keep personal data only as long as reasonably needed for the purposes described above, unless a longer period is required for legal, tax, fraud, chargeback, accounting, or security reasons.

Data categoryTypical retention
Account profile and authentication recordsFor the life of the account, then deleted or anonymized after account deletion unless retention is required.
Projects, prompts, chats, uploaded files, generated files, and exportsUntil you delete them, delete your account, or request deletion, subject to backup and legal retention limits.
Operational logs, request IDs, run events, error reports, and security recordsNormally up to 24 months, or longer if needed to investigate abuse, fraud, disputes, or security incidents.
Billing, invoice, subscription, tax, refund, and dispute recordsNormally up to 7 years, or longer if required by tax, accounting, anti-fraud, payment network, or legal obligations.
Support communicationsNormally up to 3 years after the last interaction, unless needed for an active issue or legal obligation.
BackupsUsually overwritten within 90 days. Deleted data may remain in backups until the backup expires.

7. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, HTTPS, provider-side security controls, authentication, and operational logging. No internet service can guarantee absolute security.

8. International transfers

We and our providers may process data in countries other than where you live. When required, we rely on contractual, technical, and organizational safeguards for these transfers.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, export, delete, or restrict processing of personal data, and to object to certain processing. You can request help by emailing cladedesign@purelymail.com. We may need to verify your identity before acting on a request.

10. Children

The Service is not directed to children under 13. If you believe a child provided personal data to us, contact us so we can review and delete it where appropriate.

11. Updates

We may update this Privacy Policy as the Service, providers, legal requirements, or data practices change. The latest version will be posted on this page with a revised last updated date.