1 Information We Collect
We collect information necessary to provide and improve the Toon It! Service. This includes:
Account Information
- Email address — used for authentication, communication, and account recovery.
- Password hash — your password is cryptographically hashed; we never store plaintext passwords.
- Account metadata — creation date, credit balance, and usage history.
Content Data
- Uploaded photographs — images you submit for transformation.
- Generated videos & images — the storybook-style outputs created by our AI pipeline.
- Transformation metadata — timestamps, processing parameters, and status information.
Technical Data
- Browser type and version, device type, operating system.
- IP address and approximate geographic location.
- Pages visited, features used, and interaction patterns.
Payment Data
- Transaction IDs and purchase history (managed by Stripe).
- We do not store full credit card numbers, CVVs, or banking details on our servers.
2 How We Use Information
We use the information we collect to:
- Provide the Service — process your photo transformations and deliver generated content.
- Manage your account — authenticate your identity, track credit balances, and process payments.
- Improve the Service — analyze usage patterns to enhance performance, features, and user experience.
- Communicate with you — send transactional emails (receipts, account alerts) and, with your consent, product updates.
- Ensure safety & security — detect fraud, prevent abuse, and enforce our Terms of Service.
- Comply with legal obligations — respond to lawful requests and protect our legal rights.
3 Third-Party Services
Toon It! relies on trusted third-party providers to deliver the Service. Each provider has access only to the data necessary for their specific function:
🔒 Supabase
Purpose: Authentication & Database
Stores your account credentials (hashed), profile data, credit balances, and transformation records.
☁ Cloudinary
Purpose: Media Storage & Delivery
Stores and delivers your generated storybook videos and transformed images via a secure CDN.
💳 Stripe
Purpose: Payment Processing
Handles all credit purchases, payment card processing, and billing. Stripe is PCI DSS Level 1 certified.
🎨 Venice AI
Purpose: Image Transformation & Generation
Your uploaded photos are sent to Venice AI for artistic style transformation and video generation. Venice AI processes images to generate creative outputs.
Each third-party service operates under its own privacy policy. We encourage you to review them:
4 Data Storage & Security
We take the security of your data seriously and implement industry-standard measures to protect it:
- Encryption in transit — all data transmitted between your browser and our services uses TLS (HTTPS).
- Encryption at rest — stored data is encrypted using AES-256 or equivalent standards provided by our infrastructure partners.
- Password security — passwords are hashed using strong, salted cryptographic algorithms; plaintext passwords are never stored.
- Access controls — internal access to user data is restricted to authorized personnel on a need-to-know basis.
- Infrastructure security — our third-party providers (Supabase, Cloudinary, Stripe) maintain SOC 2, ISO 27001, or equivalent certifications.
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.
5 User Rights
You have the following rights regarding your personal data:
Right to Access
You may request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format within 30 days of your request.
Right to Delete
You may request deletion of your account and associated personal data. Upon request, we will:
- Delete your account and authentication credentials.
- Remove your uploaded photographs from our systems.
- Remove your generated videos and images from our storage.
- Anonymize or delete associated usage records.
Note: Some data may be retained as required by law (e.g., financial transaction records for tax compliance).
Right to Export
You may download your generated content (videos and images) at any time through your account dashboard. You may also request a full data export by contacting us.
Right to Correction
You may update your email address and account information through your account settings or by contacting support.
To exercise any of these rights, contact privacy@toonit.ai.
6 Cookies & Local Storage
Toon It! uses a minimal set of cookies and browser local storage to operate the Service:
Essential Cookies & Storage
- Authentication tokens — session and refresh tokens stored in local storage or secure cookies to keep you logged in.
- CSRF protection — security tokens to prevent cross-site request forgery.
Functional Storage
- User preferences — theme settings and UI preferences stored locally.
- Session state — temporary data to maintain your workflow during a session.
Analytics (if applicable)
- We may use privacy-respecting analytics to understand aggregate usage patterns. No personally identifiable information is shared with analytics providers.
We do not use advertising cookies or sell your data to advertisers.
7 Children’s Privacy
Toon It! is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
If we become aware that we have inadvertently collected data from a child under 13, we will take immediate steps to delete that information from our systems.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@toonit.ai so we can take appropriate action.
Users between the ages of 13 and 18 should review these terms with a parent or guardian before using the Service.
9 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:
- We will update the "Effective Date" at the top of this page.
- For material changes, we will notify registered users via email at least 30 days before the changes take effect.
- A summary of changes will be posted prominently on the Service.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
10 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Privacy Inquiries: privacy@toonit.ai
General Support: support@toonit.ai
We aim to respond to all privacy-related inquiries within 30 days. For data access or deletion requests, we will confirm receipt within 5 business days and fulfill the request within 30 days.