Privacy Policy

Last updated: November 27, 2025

1. Introduction

BuildMyGraphic ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered infographic and visual content generation service (the "Service").

This Privacy Policy applies to all users of the Service worldwide and is designed to address the requirements of data protection laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where applicable.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, password, and basic profile details you choose to provide.
  • User Input and content: text prompts, reference images, uploads, and other materials you provide for AI generation, as well as the resulting images and graphics associated with your account.
  • Support communications: messages you send to our support team, including email content and attachments.
  • Subscription details: your selected plan (Starter, Pro, Scale), subscription type (monthly or yearly), and related preferences.

2.2 Payment and Billing Information

All payments for the Service are processed by our Merchant of Record, Polar Software Inc. ("Polar"). Polar is responsible for collecting and processing your payment information and handling taxes.

  • We receive limited billing-related information from Polar, such as transaction IDs, subscription status, currency, and billing country.
  • We do not store or have access to your full credit card number or complete payment method details. These are handled solely by Polar or its payment partners.

2.3 Automatically Collected Information

  • Device and log data: IP address, browser type, operating system, language settings, and access times.
  • Usage data: pages visited, features used, number of generations, error logs, and interactions with the interface.
  • Technical identifiers: cookies, local storage, session identifiers, and similar technologies used to maintain your session and improve performance.
  • Server and CDN logs: requests handled by our hosting and content delivery providers (such as Cloudflare R2 and related Cloudflare services), including request paths, response codes, and timestamps.

2.4 AI-Related Data and Model Training

We use the paid tiers of the Google Gemini API to provide AI capabilities in the Service. Under Google's terms for paid services:

  • Google does not use your prompts, uploads, or AI-generated outputs from the paid Gemini API to train their general-purpose foundation models or to improve their services for other customers.
  • Google may log prompts and responses for a limited period of time solely to detect abuse, enforce their policies, and meet legal or regulatory requirements.

For image generation, BuildMyGraphic uses Replicate as a compute provider. Under Replicate's Terms of Service, when your requests are processed:

  • your data is used to perform the requested inference or generation;
  • where applicable, Replicate may train customer-specific derivative models based on your data (for example, when a model is explicitly configured for a given customer); and
  • Replicate may create anonymized and aggregated "Resultant Data", which does not include your raw prompts, images, or outputs, and may be used to operate, maintain, and improve the Replicate platform and services.

Replicate does not use your raw Customer Data to train their own general-purpose foundation models or to directly improve models for other customers. BuildMyGraphic does not independently train AI models on your identifiable User Input or AI-generated content. We may, however, use aggregated and anonymized usage statistics (for example, counts of generations or feature usage) to understand how the Service is used and to improve our product.

3. How We Use Your Information

We use the information we collect for the following purposes and legal bases (where applicable):

  • Provide and operate the Service: to create and deliver AI-generated graphics based on your input, manage your account, calculate and deduct credits, and enable subscription features (contractual necessity).
  • Process payments and billing: to confirm subscription status, handle billing issues through Polar, and comply with accounting and tax obligations (legal obligation / contractual necessity).
  • Maintain security and prevent abuse: to detect and prevent fraud, abuse, and content that violates our Terms of Service or the policies of our providers (legitimate interest / legal obligation).
  • Improve and personalize the Service: to analyze usage patterns, fix bugs, optimize AI workflows, and develop new features (legitimate interest).
  • Communicate with you: to send essential service messages (such as account, billing, and security notifications) and, where permitted, optional product updates or marketing communications (contractual necessity / consent).
  • Comply with law: to respond to lawful requests from authorities, resolve disputes, and enforce our legal rights (legal obligation / legitimate interest).

4. Information Sharing and Disclosure

We do not sell your personal information. We share your information only as reasonably necessary to operate the Service, or as required by law, including:

  • Service providers: We share information with trusted subprocessors who help us deliver the Service, such as:
    • Google Gemini API: for processing your prompts and generating AI-based text and images.
    • Replicate.com: as a compute host for Google Gemini image generation.
    • Polar: as Merchant of Record for handling payments, taxes, and invoices.
    • Cloudflare R2 and related Cloudflare services: for storage, infrastructure, and content delivery.
    • Analytics and logging tools: for analyzing usage and ensuring reliability.
  • Legal requirements: We may disclose information if we believe it is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of us, our users, or others.
  • Business transfers: If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate confidentiality safeguards.
  • With your consent: We may share information with third parties when you explicitly authorize or request us to do so.

Our subprocessors are bound by data protection agreements and may only process your information to the extent necessary to perform their functions on our behalf.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (e.g., HTTPS/TLS).
  • Industry-standard security practices provided by our hosting and infrastructure partners, such as Cloudflare.
  • Access controls and authentication mechanisms for internal tools.
  • Regular updates and security patches to our software stack.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in and maintain your session.
  • Remember your preferences and settings.
  • Measure and analyze usage of the Service.
  • Improve performance and user experience.

You can control cookies through your browser settings. If you choose to disable cookies, some features of the Service may not function properly.

7. Your Privacy Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:

  • Access: Request confirmation of whether we process your personal data and receive a copy of that data.
  • Correction: Request that we correct or update inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data, subject to certain legal exceptions (for example, where we must retain data for tax or accounting purposes).
  • Restriction: Request that we restrict the processing of your data in certain circumstances.
  • Portability: Request a copy of your data in a commonly used, machine-readable format where technically feasible.
  • Objection: Object to certain processing activities based on legitimate interests, and to receiving marketing communications at any time.
  • Withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We may ask you to verify your identity before responding to your request.

If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable law.

8. Data Retention

We retain your personal information only for as long as reasonably necessary to provide the Service, fulfill the purposes outlined in this Privacy Policy, and comply with our legal and contractual obligations.

  • Account and profile data are retained while your account is active and for a limited period after deletion, unless we are required to keep them longer.
  • User Input and AI-generated content may be stored in your account until you delete them or close your account.
  • Technical logs and analytics data are typically retained for a shorter period (for example, 30–180 days), unless needed for security, fraud prevention, or legal purposes.
  • Billing and transaction records received from Polar may be retained for the period required by tax and accounting laws.

9. Children's Privacy

The Service is intended for individuals who are at least 18 years old and is not directed to children or minors. We do not knowingly collect personal information from anyone under the age of 18. If you believe that someone under 18 has provided us with personal information, please contact us so that we can take appropriate action, such as deleting the information and closing the account.

10. International Data Transfers

We operate with service providers and infrastructure that may be located in countries other than your own (for example, the United States and other regions where Google, Replicate, Cloudflare, and Polar operate data centers).

Where required by law (such as under the GDPR), we ensure that appropriate safeguards are in place for international data transfers, such as the use of Standard Contractual Clauses (SCCs), data processing agreements, and industry standard security measures, to protect your information to a level essentially equivalent to that in your home jurisdiction.

11. Third-Party Links

The Service may contain links to third-party websites, services, or content that are not operated by us. We are not responsible for the privacy practices or the content of those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, if appropriate, by providing additional notice (such as an in-app notification or email).

Your continued use of the Service after the revised Privacy Policy becomes effective constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should stop using the Service.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

General Support: [email protected]