Last modified: July 13, 2023
This Privacy Policy (“Policy”) applies to your use of the recraft.ai website and all related services, including, without limitation, any features, content, other websites, or applications offered from time to time by Recraft, Inc. (“Recraft”, “we”, “us”, “our”, etc.) in connection therewith (collectively “Services”). By using the Services in any manner, you agree to be bound by this Policy and Recraft’s Term of Services, which may be found at https://app.recraft.ai/terms (“Terms”). This Policy is part of, and is incorporated into, the Terms.
We will uphold the privacy of our users by fighting against ads, trackers, and other impingements on privacy. We will never profit by monetizing your data but instead seek to fulfill our company mission by delivering a great product and service.
Our commitment to privacy and data protection is reflected in this Policy which describes how we collect and process “personal information” that identifies you, like your name or email address. Any other information besides this is “non-personal information”. If we store personal information with non-personal information, we will consider that combination to be personal information.
Third-party services that we integrate with the Services are governed under their own respective privacy policies.
We collect information about you when you directly provide it to us. We collect your name and contact information, including your email address, as part of the creation of your account. If you make a purchase through the Services or pay for a paid subscription, we collect credit card numbers, financial account information and other payment details. We collect and retain the photos, documents, or other files you send to us in connection with delivering the Services, including via upload, email, or chat.
We collect information about you automatically through our products and services. When you visit our websites, our web servers log your Internet Protocol (IP) address and information about your device, including device identifiers, device type, operating system, browser, and other software including type, version, language, settings, and configuration. Depending on your device and app settings, we collect geolocation data when you use our Services. We log your activity on our website, including the URL of the website from which you came to our websites, pages you viewed on our website, how long you spent on a page, access times, and other details about your use of and actions on our website. We also collect information about which web elements or objects you interact with on our Service, metadata about your activity on the Service, changes in your user state, and the duration of your use of our Service.
We collect information about you when someone else tells us such information. We may collect information about you from third-party applications and services, including without limitation social networks or other services you choose to connect or interact with through the Services. We may also collect information about you from third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
We try and understand more about you based on information you have given to us or we receive from someone else. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we infer your general geographic location based on your IP address.
We use each category of personal information about you:
We share information about you when:
Please note that some of the Services include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy statements.
We may share non-personal information in accordance with applicable law.
We implement physical, business, and technical security measures to safeguard your personal information. In the event of a security breach, we will notify you so that you can take appropriate protective steps. We only keep your personal information for as long as is needed to do what we collected it for. After that, we destroy it unless required by law to maintain it.
We retain personal data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. As part of our normal operations, your information may be stored in computers in countries outside of your home country. By giving us information, you consent to this kind of information transfer. Irrespective of where your information resides, we will comply with applicable law and our commitments herein. We do not want your personal information if you are under 13 years old, and you are not allowed to provide it to us or use the Services if you are under 13 years old. If your child is under 13 years old, and you believe your child has provided us with personal information, please contact us to have such information removed.
The following rights are granted under the European General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”), and Recraft applies these rights to all users of our products, regardless of location: (i) the right to know what personal information we collect from you; (ii) the right to know if your personal information is being shared and to whom; (iii) the right to access your personal information; and (iv) the right to exercise your privacy rights without being discriminated against.
EEA, UK, and Swiss Users: Our lawful bases for collecting and processing personal information under the GDPR and similar regimes include performing our contract with you and providing our services. We receive technical and interaction data of users, which may include IP addresses, for legitimate purposes, including but not limited to improving the security and reliability of the Services, preventing abuse, and understanding where people learn about the Services. Where we ask for your consent to process your information, you can always withdraw such consent.
Under the GDPR, EEA, UK, and Swiss users have additional rights, including: (i) the right to request correction or erasure of personal information; (ii) the right to object to processing your personal information; (iii) the right to right to transfer or receive a copy of the personal information in a usable and portable format, when any automated processing of personal data is based on your consent or a contract with you; and (iv) the rights to withdraw your consent to processing, when the processing is based on your consent. When we are processing data on behalf of another party that is the “data controller”, you should direct any requests about your data to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
California Users: Under the CCPA, California residents have additional rights, including: (i) the right to request personal information about to be deleted, subject to several exceptions; (ii) the right to opt-out of the sale of personal information (note that we do not “sell” personal information as defined by the CCPA and have not done so in the past 12 months; and (iii) the right to designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. To provide or delete specific pieces of personal information, we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
To exercise the rights described above or if you have a question or concern, please contact us at [email protected] and we will try to address or resolve it. If we cannot, you have the right to lodge a complaint with your local data protection authority.
We may need to change this Policy and our notices from time to time. Any updates will be posted online with an effective date. Continued use of the Services after the effective date of any changes constitutes acceptance of those changes.
You can get in touch by emailing us at [email protected].