WWall StudioWorkshop · Plan · Render
§ Legal · Margin notes

Privacy Policy

Last updated May 26, 2026

This policy explains what we collect, why, and your rights under GDPR, UK GDPR, and CCPA. We are the data controller for personal data processed through Wall Studio.

Data we collect

  • Account data: email, display name, hashed password or OAuth identifier.
  • Usage data: designs you create, images you upload, AI prompts and renders.
  • Billing data: handled by Stripe (we store transaction references and credit balances, not card numbers).
  • Technical data: IP address, browser, basic logs needed to operate the service.

How we use it

  • Provide the service (rendering, design persistence, credit accounting).
  • Process payments and prevent fraud (via Stripe).
  • Send transactional email (receipts, password resets).
  • Comply with legal obligations.

Legal bases (GDPR)

  • Contract: operating the service you signed up for.
  • Legitimate interest: security, fraud prevention, product improvement.
  • Legal obligation: tax records, dispute response.

Subprocessors

  • Supabase — database, authentication, file storage.
  • Stripe — payment processing, tax compliance.
  • Google (Gemini) — AI rendering. Prompts and reference images are sent to the model for the duration of the request.
  • Cloudflare — hosting and edge runtime.

Retention

We keep account and design data while your account is active. Billing records are retained for at least 7 years for tax compliance. You can delete your account at any time from the account page — designs and personal data are removed within 30 days, except billing records we are legally required to keep.

Your rights

  • Access, export, correct, or delete your personal data.
  • Object to or restrict processing.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

You can export your data and delete your account from the account page, or email us — see contact.

International transfers

Our subprocessors may process data outside your country. Where required we rely on Standard Contractual Clauses.

Security

We use TLS in transit, encrypted storage at rest, row-level security in the database, and least-privilege access. No system is perfectly secure; we encourage strong, unique passwords.

Children

The service is not directed at children under 13. We do not knowingly collect their data.

Changes

We will notify you of material changes via the app or email.