This Privacy Policy explains what data KOANimation Studios collects, how we use it, and the rights you have over it. It applies to the koanimationstudios.com website and the KOANimation Studio web application.
1. Data we collect
Information you provide directly
- Account data: your email address and a hashed password (or third-party auth identifier if you sign in with Google/GitHub).
- Profile data: any name or avatar you choose to set.
- Generation data: prompts, reference images, generated outputs, project assignments, and metadata such as model used and credits spent.
- Billing data: payment information is handled by Stripe; we receive only the last 4 digits of your card and your billing country for tax purposes. We do not store full card numbers, CVVs, or bank account numbers.
- Support communications: anything you send to support@koanimationstudios.com or through our contact form.
Information collected automatically
- Session data: cookies needed to keep you signed in.
- Operational logs: timestamps, IP address (truncated where possible), browser type, error reports. Used to debug and secure the Service.
- Optional analytics: only loaded if you accept our cookie banner. We default to refused.
2. How we use your data
- To operate the Service: deliver generations, track credit balances, render your library, send transactional emails.
- To improve the Service: aggregate, de-identified metrics on which features are used. We do not train our own AI models on your prompts or outputs.
- To process payments via Stripe.
- To communicate with you about account, billing, and (with your opt-in) product news.
- To enforce safety: detect abuse, prevent fraud, investigate Terms violations.
3. Third-party processors
We share data only with providers necessary to run the Service:
- Supabase (database + auth + storage) — operated in the EU.
- Stripe (payments) — operated in the US/EU.
- Vercel (web hosting + CDN) — operated globally.
- fal.ai and other AI model providers (OpenAI, Anthropic, Google, ByteDance, Kuaishou, Alibaba) — receive your prompts and reference media to generate the requested output.
- Resend (transactional + digest email).
- Sentry (error monitoring) — receives anonymised stack traces; we configure it to scrub user PII.
Each of these providers is contractually obligated to protect your data and use it only on our instructions.
4. International transfers
We operate the Service from the European Union but some processors (e.g. Stripe, certain AI model endpoints) are based in the United States. Where applicable, we rely on Standard Contractual Clauses to protect your data during cross-border transfers.
5. Data retention
- Generations: kept while your account is active so you can re-download them. Deleted within 30 days of account closure.
- Billing records: retained for the period required by tax law (typically 7 years).
- Support tickets: retained 24 months for context on recurring issues.
- Aggregated analytics: retained indefinitely (they cannot be linked back to you).
6. Your rights
Subject to applicable law (including GDPR for EU/UK residents and CCPA for California residents), you have the right to:
- Access the data we hold about you;
- Correct inaccurate data;
- Delete your data (the "right to be forgotten");
- Export your data in a portable format;
- Object to or restrict certain processing;
- Withdraw consent for optional processing (e.g. analytics);
- Lodge a complaint with your local data protection authority.
You can exercise the delete right directly from /settings/account. For anything else, email privacy@koanimationstudios.com and we will respond within 30 days.
7. Security
We use industry-standard measures to protect your data — TLS for transport, row-level security on the database, hashed passwords, encrypted credentials, and least-privilege access for staff. No system is perfectly secure; in the event of a breach affecting your data we will notify you and the relevant authorities within 72 hours where required.
8. Cookies
We use a small set of strictly-necessary cookies (login session, CSRF protection) by default. Analytics cookies, if any, are loaded only after you accept them in our cookie banner. You can revoke consent at any time from /settings/account.
9. Children
The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe we have collected data from a child, email privacy@koanimationstudios.com and we will delete it.
10. Changes to this Policy
We may update this Policy as the Service evolves. Material changes will be announced by email or in-app notice at least 14 days before they take effect.
11. Contact
Privacy questions, requests to exercise your rights, or notices under this Policy: privacy@koanimationstudios.com.
Note: this Policy is provided as a starting point and has not been reviewed by a licensed data-protection attorney. It should be customized for your specific business and reviewed by qualified legal counsel.