c
mascotcraft

Last updated: March 25, 2026

Privacy Policy

This Privacy Policy explains how mascotcraft.ai ("we," "us," or "our") collects, uses, and protects your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Information We Collect

1.1 Account Information

When you register, we collect:

  • Email address
  • Name (if provided)
  • Password (stored in hashed form, never in plain text)
  • Profile preferences

1.2 Payment Information

All payment processing is handled by Paddle, our Merchant of Record. We do not store credit card numbers or banking information on our servers. Paddle may collect your billing address, payment method, and transaction history in accordance with Paddle's Privacy Policy.

1.3 Usage Data

We automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Pages visited and features used
  • Character generation inputs (text prompts, style selections)
  • Session duration and interaction patterns
  • Device information (type, operating system)

1.4 Communications

If you contact our support team, we retain records of that correspondence to provide better service.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (receipts, password resets, account notices)
  • Send product updates and marketing emails (with your consent)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Analyze usage patterns to improve our AI models and features

Legal basis (GDPR): We process your data on the basis of contract performance, legitimate interests, legal compliance, and consent (where applicable).

3. Third-Party Services

We work with the following third-party services:

  • Paddle — Payment processing and subscription management (Merchant of Record)
  • Analytics providers — We may use privacy-respecting analytics tools to understand how users interact with the Service
  • Cloud infrastructure providers — For hosting and computing resources (subject to appropriate data processing agreements)

We ensure all third-party processors have appropriate data protection agreements in place.

4. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for the Service to function (authentication, session management)
  • Analytics cookies: To understand usage patterns (with your consent where required)
  • Preference cookies: To remember your settings and preferences

You can manage cookies through your browser settings. Disabling certain cookies may affect Service functionality.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until account deletion + 30 days
  • Generated Characters: Retained for your account lifetime
  • Payment records: Retained for 7 years (legal requirement)
  • Usage logs: Retained for 12 months
  • Support communications: Retained for 3 years

6. Your Rights

Under GDPR and applicable privacy laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw marketing consent at any time

To exercise any of these rights, contact us at cossmikus@gmail.com. We will respond within 30 days.

7. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at cossmikus@gmail.com and we will delete it promptly.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including countries that may not have the same data protection laws as your jurisdiction. We ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our website. We encourage you to review this policy periodically.

11. Contact Information

For privacy-related questions, requests, or complaints, contact us at:

Email: cossmikus@gmail.com
Website: mascotcraft.ai

If you are in the EU/EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.