Privacy Policy

Last Updated: November 13, 2025

1. Introduction

Welcome to CakeCraft AI. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our Service.

CakeCraft AI is operated from Morocco and complies with applicable data protection laws including Morocco's Law 09-08 on the Protection of Personal Data.

2. Information We Collect

2.1 Account Information

When you sign up with Google OAuth, we collect:

  • Name
  • Email address
  • Google profile picture (optional)
  • Google account ID (for authentication only)

2.2 Payment Information

Payment processing is handled by Lemon Squeezy (our Merchant of Record). We do NOT store your credit card details on our servers. Lemon Squeezy collects:

  • Billing name and address
  • Payment card information (stored securely by Lemon Squeezy)
  • Transaction history

2.3 Usage Data

We automatically collect:

  • Design prompts you submit
  • Generated cake designs and recipes
  • Design edits and downloads
  • Subscription tier and usage credits
  • Device information (browser type, IP address, device type)
  • Log data (access times, pages viewed, errors)

2.4 AI-Generated Content

All designs and recipes you generate are stored in your account. We may use anonymized, aggregated data to improve our AI models and Service quality.

3. How We Use Your Information

We use your data to:

  • Provide the Service: Generate designs, process recipes, manage your account
  • Process Payments: Handle subscriptions, billing, and refunds via Lemon Squeezy
  • Improve Service Quality: Analyze usage patterns, fix bugs, develop new features
  • Customer Support: Respond to your inquiries and resolve issues
  • Marketing Communications: Send product updates and promotional offers (you can opt out)
  • Legal Compliance: Comply with laws, regulations, and legal requests

4. Third-Party Services

We share data with trusted third-party providers:

4.1 AI Service Providers

We use advanced AI models to generate designs and recipes. Your prompts are processed by our AI infrastructure. All data is handled in accordance with industry-standard privacy practices and is not stored permanently by third-party providers.

4.2 Lemon Squeezy

Lemon Squeezy processes all payments and handles tax compliance as our Merchant of Record. Lemon Squeezy's privacy policy applies: https://www.lemonsqueezy.com/privacy

4.3 Vercel (Hosting)

Our application is hosted on Vercel. They may collect standard server logs. Vercel's privacy policy: https://vercel.com/legal/privacy-policy

4.4 Supabase (Database)

User data is stored in Supabase's PostgreSQL database. Supabase's privacy policy: https://supabase.com/privacy

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted via HTTPS/TLS
  • Database Security: PostgreSQL with row-level security policies
  • Authentication: Secure OAuth 2.0 authentication via Google
  • Access Controls: Limited employee access to personal data
  • Regular Backups: Automated database backups

However, no system is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

6. Data Retention

We retain your data as follows:

  • Active Accounts: Data stored indefinitely while account is active
  • Cancelled Subscriptions: Account data retained for 90 days after cancellation
  • Account Deletion: All personal data deleted within 30 days of deletion request
  • Legal Requirements: Some data may be retained longer if required by law

7. Your Rights

Under Morocco's Law 09-08 and applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your account and data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing emails
  • Object: Object to processing of your data for certain purposes

To exercise these rights, contact us at: privacy@cakecraftai.com

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Understand how users interact with our Service (anonymized)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

9. Children's Privacy

CakeCraft AI is not intended for users under 18 years old. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us immediately for deletion.

10. International Data Transfers

Your data may be processed in countries outside Morocco (USA for AI Services, Ireland/EU for Vercel/Supabase). We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Privacy Shield certification (where applicable)
  • GDPR compliance for EU data transfers

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or in-app notification.

Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@cakecraftai.com
Support: support@cakecraftai.com
Website: https://cakecraftai.com

By using CakeCraft AI, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.