Privacy Policy

We collect the minimum we need to run the service, store it on our infrastructure (not sold to third parties), let you delete it when you ask, and never use your prompts or generated images to train machine-learning models.

stipplehub is operated by Voxelgen.io. The data controller for the purposes of GDPR is Voxelgen.io. Privacy questions and data-subject requests go to hello@stipplehub.com.

We collect three categories of data.

Account data — your email address, your authentication method (Google sign-in, etc.), a display name if you set one, and an age confirmation. We get this from Clerk, our authentication provider, when you sign up. We do not see or store your password.

Service-use data — the text prompts you submit, the parameters you select (style, aspect ratio, reference image when provided), the resulting generated images, and the timestamps + cost associated with each generation. This is everything required to render the service back to you.

Billing data — when you subscribe or buy credits, we record the transaction reference, amount, date, and your remaining credit balance. We do not see or store your credit card number; that is handled by our payment processor (RocketGate / SegPay) and never touches our servers. For crypto payments, we record the wallet address you paid from and the transaction hash.

Technical data — IP address, browser fingerprint, and basic request logs that any web service captures for security and abuse prevention.

Account + service-use data: contract performance — we cannot generate images for you without storing the prompts and outputs at least temporarily.

Billing data: contract performance and legal obligation (record-keeping for tax purposes).

Technical data: legitimate interest in protecting the service from abuse and fraud.

We do not rely on consent for any of the above (so you cannot revoke consent and still use the service); for processing outside these legal bases — e.g. marketing emails — we will ask separately, and you can opt out at any time.

Prompts and generated images: stored against your account so you can re-roll, share, or download them. They are deleted when you delete the corresponding generation, or 30 days after you close your account, whichever comes first.

Billing records: retained for the period required by tax law (typically 7 years in the US), even after account closure.

Technical logs: 90 days, then aggregated and deleted.

We do not use your prompts, your generated images, or any uploaded reference images to train machine-learning models — ours, our vendors', or anyone else's. The only AI training stipplehub benefits from is the open-weight models that third parties have already trained and published on Hugging Face.

We do not run analytics tools that profile you across other sites (no Google Analytics, no Hotjar, no Mixpanel) until we publish a separate cookie policy and obtain consent. As of the last-updated date above, we use only first-party essential cookies (session, auth, age confirmation).

Wherever you live, you can email hello@stipplehub.com and ask us to:

• Show you the data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Export your generations and prompts.

If you are in the EEA, UK, or Switzerland, you also have the right to restrict processing, object to processing, and lodge a complaint with your supervisory authority. If you are in California, you have additional rights under CCPA / CPRA (right to know what is collected, right to delete, right to non-discrimination for exercising those rights).

We respond to data-subject requests within 30 days.

Our infrastructure is in the United States. If you access the service from outside the US, your data is transferred there. For users in the EEA, UK, and Switzerland, we rely on the Standard Contractual Clauses and the EU-US Data Privacy Framework as the legal basis for that transfer.

Data in transit is encrypted with TLS 1.2+. Data at rest in Azure storage is encrypted with AES-256. Passwords are hashed by Clerk; we never see them. Database access is restricted to a small set of operators behind two-factor authentication. We will notify affected users within 72 hours of becoming aware of a personal-data breach that materially affects them.

stipplehub is for adults only. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, email hello@stipplehub.com and we will delete the account and all associated data immediately.

We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be emailed to your registered address at least 14 days before they take effect.