SpriteCookSpriteCook
Back

Privacy Policy

Effective date: October 11, 2025

This Privacy Policy explains how SpriteCook ("we", "us", "our") collects and uses information when you use the Service at spritecook.ai. We operate from the European Union and aim to handle personal data in line with the GDPR.

1. Information We Collect

  • Personal Data: identifiers and contact details you provide (e.g., name, email). If you sign in via third parties (e.g., Google or GitHub), we receive your basic profile information from them.
  • Usage and Device Data: IP address, device and browser type, operating system, time zone, and interaction data (pages viewed, features used). We collect this to operate, secure, and improve the Service.
  • Content Data: prompts, references, and uploads you submit to generate outputs.

2. How We Use Information

  • Provide, maintain, and improve the Service and its safety.
  • Process prompts and assets to generate outputs using third‑party AI model APIs (OpenAI, Google Gemini, xAI).
  • Authenticate users, manage accounts, usage limits, and credits.
  • Communicate about updates, security notices, and support.
  • Comply with legal obligations and enforce our Terms.
  • Use aggregated and de‑identified data for analytics and product improvement.

3. Legal Bases (GDPR)

We process personal data based on: performance of a contract (providing the Service), legitimate interests (security, product improvement, fraud prevention), legal obligations, and, where applicable, your consent (e.g., certain analytics or marketing communications).

4. Sharing and Transfers

  • Service Providers and Sub‑processors: cloud hosting, logging, error monitoring, and model API providers.
  • AI Model Providers: prompts and content may be sent to OpenAI, Google (Gemini), and xAI to generate outputs; their terms and policies apply.
  • Legal and Safety: we may disclose data to comply with law or protect rights, safety, and security.

Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses, as applicable.

5. Data Retention

We retain personal data only as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. We may retain aggregated or de‑identified data for longer.

6. Your Rights (EEA/UK)

  • Access, rectification, erasure, restriction, portability, and objection, subject to conditions.
  • Where we rely on consent, you can withdraw it at any time without affecting prior processing.
  • You may lodge a complaint with your local supervisory authority.

7. Security

We implement reasonable technical and organizational measures to protect personal data. However, no method of transmission or storage is completely secure.

8. Children

The Service is not directed to children under 13 (or applicable local minimum age). We do not knowingly collect personal data from children.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the effective date and, where appropriate, providing notice within the Service.

10. Contact

For privacy inquiries or to exercise your rights, contact privacy@spritecook.ai.