Privacy Policy

1. Who We Are

noanxiety.me provides an AI-powered poster generator that turns motivational text into vertical 4:5 poster images. In this policy, "noanxiety", "we", "us", or "our" refers to noanxiety.me.

2. Data We Collect

We collect only the information needed to operate accounts, generate posters, manage purchases, and keep the service secure.

• Account data: email address, optional display name, hashed password, account creation time, update time, and account status.
• Authentication data: an essential session cookie that keeps you signed in.
• Poster generation data: the motivational message you enter, selected style, generated prompt, provider prediction ID, generated poster file references, download links, and generation history.
• Billing data: Stripe checkout session IDs, customer IDs, subscription or credit-pack records, price IDs, payment status, amount, currency, billing interval, and purchase timestamps. We do not store full card numbers.
• Usage and security data: sign-in, sign-out, password update, account update, account invitation, and similar activity records. Server logs may also include technical information such as request time, route, browser metadata, or IP address depending on hosting configuration.
• Support communications: information you send to us by email, including your email address and the content of your request.

3. How We Use Data

• To create and manage your account.
• To authenticate you and keep your session active.
• To generate AI posters from your submitted message and selected style.
• To review submitted prompts with content moderation before AI generation.
• To store, display, and let you download generated posters.
• To process payments, credit packs, subscriptions, invoices, cancellations, and billing support.
• To send service emails, including password reset messages and account-related notices.
• To detect errors, prevent abuse, protect the service, and comply with legal obligations.

4. Cookies

We use an essential first-party session cookie named "session" to keep users signed in. This cookie is required for account features and dashboard access. We do not currently use advertising cookies in the application code.

Third-party providers, such as Stripe during checkout or billing portal sessions, may use their own cookies or similar technologies under their own policies.

5. Third-Party Services

We use third-party services to provide core functionality. These providers process data only as needed to deliver their services to us.

• Stripe: payment processing, checkout, customer portal, subscriptions, and billing records.
• Creem: content moderation of submitted prompts before AI generation.
• Replicate: AI image generation based on your poster message and selected style.
• Cloudflare R2: storage and delivery of generated poster files.
• Supabase or PostgreSQL hosting: storage of account, billing, activity, and generation records.
• Resend: password reset and service email delivery when email sending is configured.
• Hosting and infrastructure providers: serving the website, routing requests, logs, and security monitoring.

6. How Long We Keep Data

• Account data is kept while your account exists.
• Generated poster records and files are kept so you can access your generation history and downloads, unless deleted or removed by us according to this policy.
• Billing and transaction records may be kept as required for accounting, fraud prevention, dispute handling, tax, and legal obligations.
• Password reset tokens expire after a limited time and are invalidated after use or when a new reset link is requested.
• Backups and server logs are retained for limited operational periods and then deleted or overwritten according to provider practices.

7. How Users Can Delete Data

You may delete your account from the dashboard security page. Account deletion disables the account and removes the active account membership. Some transaction records may be retained where required for legal, accounting, security, or dispute purposes.

To request deletion of generated posters, generation history, support messages, or other personal data, email us at [email protected] from the email address associated with your account. We may need to verify your identity before completing the request.

8. Security

We use reasonable technical and organizational safeguards, including HTTPS, hashed passwords, access controls, and provider-level security controls. No online service can guarantee absolute security, but we work to protect your information from unauthorized access, loss, misuse, or alteration.

9. Children

noanxiety.me is not intended for children under 13, or the minimum age required by your jurisdiction. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we may provide notice through the website or by email. The updated policy will be effective when posted.

11. Contact

For privacy questions, access requests, deletion requests, or other data concerns, contact noanxiety.me at [email protected].