1. Information We Collect
1.1 Account Information
When you sign in with Google OAuth, we collect:
- Name
- Email address
- Profile picture
- Google account ID
1.2 Usage Data
We automatically collect:
- IP address
- API endpoint accessed
- Timestamp of requests
- User agent and browser information
2. How We Use Your Information
We use collected information to:
- Provide and maintain the service
- Authenticate your identity
- Track API usage and enforce rate limits
- Display usage statistics in your dashboard
- Prevent abuse and ensure fair use
- Improve our service
3. Data Storage
3.1 Location: All data is stored on secure servers in Germany/EU.
3.2 Duration: We retain usage logs for 90 days. Account data is kept until you delete your account.
4. Data Sharing
We do not sell or rent your personal information. We may share data with:
- Google: For authentication purposes (OAuth)
- Pexels: Your requests may be logged by image providers
- Cloudflare: For CDN and DDoS protection
- Law enforcement: When required by law
5. Cookies and Tracking
We use essential cookies for:
- Authentication (NextAuth session cookies)
- Security (CSRF protection)
We do not use tracking cookies or analytics beyond basic server logs.
6. Your Rights
You have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and associated data
- Portability: Export your data in JSON format
- Objection: Object to processing of your data
7. Security
We implement industry-standard security measures:
- HTTPS encryption for all connections
- Encrypted database credentials
- Regular security updates
- Rate limiting to prevent abuse
8. Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect data from children.
9. Changes to Privacy Policy
We may update this policy. Continued use after changes constitutes acceptance.
10. Contact
For privacy concerns or data requests, contact us through GitHub or email.