Privacy Policy

Effective: June 1, 2026 · Softspawt (“we”, “us”)

This Privacy Policy explains what information we collect when you visit softspawt.com or place an order, how we use it, and who we share it with. Plain language, no legalese tricks.

1. What we collect

• Photos you upload to the customizer (your pet, accessories, references).
• Text descriptions you type in the customizer.
• Order details if you place an order: name, email, shipping address, the design you approved, and the size/options you selected.
• Email address if you submit it on the order-status, waitlist, or contact forms.
• IP address for abuse prevention and rate limiting (per-IP generation cap).
• Basic browser data standard server logs collect (user agent, referer, request path). No cross-site tracking pixels are set on the site at this time.

2. How we use it

• Generate your preview. Your uploaded photo and description are sent to Google's Gemini API to produce the AI preview, then returned to your browser.
• Fulfill your order. We use the approved design, your name, and your shipping address to manufacture and ship the product to you.
• Contact you about your order via the email you provided.
• Prevent abuse using rate-limit counters keyed by IP and a global daily cap.

3. Who we share it with

We share data only with the third parties needed to run the service:

• Google (Gemini API) — receives your uploaded photo + text description to generate the preview. Subject to Google's API privacy terms.
• Vercel — hosts the website and serverless functions.
• Upstash — stores per-IP rate-limit counters (no personal data, only a hashed IP key).
• Cloudflare — DNS and inbound email routing for our domain.
• Brevo (Sendinblue) — sends transactional email notifications about your order.
• Stripe (when checkout launches) — processes card payments. We never see or store your full card number.

We do not sell, rent, or trade your information to advertisers or data brokers.

4. How long we keep it

• Uploaded photos & AI previews: processed for your session and returned to you. The Gemini API does not retain content for model training per their commercial API terms. We do not store your raw uploaded photo on our servers beyond the request lifecycle.
• Order records (name, email, address, approved design): retained as long as needed to fulfill the order plus 7 years for accounting and tax purposes.
• Email waitlist signups: kept until you ask to be removed.
• Rate-limit counters: automatically expire (hourly window, 24-hour window).

5. Your rights

You can request a copy of the data we hold about you, ask us to delete it, or correct it. To do so, email hello@softspawt.com with the subject “Privacy request” and we'll respond within 30 days. If you are in the EU/UK, you also have the rights described under GDPR/UK-GDPR including the right to lodge a complaint with your local data protection authority.

6. Cookies & analytics

Our site uses one piece of local storage to remember your language preference (EN / 中文). We use Google Analytics 4 to understand how visitors use the site (pages visited, clicks, traffic source). GA4 uses cookies and processes data per Google's privacy terms; IP addresses are anonymized where possible. We do not set advertising or retargeting cookies at this time. If we add advertising cookies in the future (e.g. Meta Pixel), this policy will be updated and (where required) a consent banner will be shown to users in regions that require one.

7. Children

Our service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, email us and we will delete it.

8. Changes to this policy

We'll update the “Effective” date above when this policy changes. Material changes will also be announced via the website or email.

9. Contact

Questions about this policy or your data: hello@softspawt.com.