Privacy Policy

1. Introduction

[COMPANY_LEGAL_NAME] ("we", "us", "our") operates LogoNuri. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

The short version: your images never leave your browser. We only collect the minimum data needed for authentication and billing.

2. Data We Collect

When you create an account or subscribe to Pro, we collect:

• Email address — Used for passwordless magic link authentication and service notifications.
• Stripe customer ID — Created when you first start a checkout. Stored in our database to manage your subscription.
• Session cookie (ll_session) — A functional authentication cookie. The token is SHA-256 hashed before storage.
• Request metadata — IP addresses are used for rate limiting. Rate limit records are keyed by minute-bucket and automatically deleted after one hour.

3. Data We Do NOT Collect

We also do not collect:

• File contents, filenames, or generated output files
• Individual user analytics or behavioral tracking data
• Third-party tracking cookies

4. How We Use Your Data

• Authentication — Your email receives magic links for passwordless sign-in.
• Billing — Your Stripe customer ID links your account to your subscription for payment processing.
• Session management — The ll_session cookie maintains your authenticated state.
• Rate limiting — IP-based rate limiting protects the service from abuse.

5. Third-Party Services

We share limited data with the following third parties, each governed by their own privacy policies:

• Stripe — Processes payments. Receives your email address and payment information.
• Resend — Sends transactional email. Receives your email address to deliver magic links.
• Cloudflare — Hosts the application, CDN, D1 database, edge compute infrastructure, and provides cookie-free aggregate web analytics.

6. Cookies

We use a single cookie:

We do not use tracking cookies or third-party cookies. We use Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies, does not track individual users, and does not collect personal data. It provides only aggregate page view and visit counts.

7. Data Retention

• Sessions — Expire after 30 days. Expired sessions are deleted via periodic cleanup.
• Magic links — Expire after 15 minutes. Expired records are deleted within 1 day.
• Rate limit records — Keyed by minute-bucket and deleted when older than 1 hour.
• Stripe event IDs — Stored for 7 days for webhook idempotency, then automatically deleted. Contains only the event ID and timestamp (no personal information).
• Account data — Retained while your account is active.

8. Data Deletion

You may request deletion of your account and all associated data by contacting us at [CONTACT_EMAIL]. Upon request, we will delete your email address, Stripe customer ID, sessions, and all associated records from our database.

9. Children's Privacy

LogoNuri is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

10. International Data

Your data is processed on Cloudflare's global edge network. By using LogoNuri, you consent to the processing of your data in the jurisdictions where Cloudflare operates.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated effective date. For material changes, we will notify you via the email address associated with your account.

12. Contact

If you have questions about this Privacy Policy, contact us at [CONTACT_EMAIL].