Privacy Policy

This Privacy Policy explains how DrawPic ("we", "us") collects, uses, stores, and shares information generated while you use the Service. We respect your privacy and handle your data in accordance with this policy.

Account Information: email address, hashed password (if you register via email), or public Google profile data (if you sign in with Google).

Usage Data: prompts you submit, reference images you upload, generated images, credit transaction logs, generation parameters (model, size, quality).

Payment Information: collected and processed solely by Dodo Payments. We do not touch your card details — we only receive order status and amount.

Technical Data: IP address (used for language detection), browser type, access timestamp, device type.

• Provide and maintain Service features (image generation, gallery storage, credit deduction);
• Process orders and refunds;
• Auto-detect default language based on IP;
• Troubleshoot, prevent abuse and fraud;
• Communicate about service updates and security incidents;
• Comply with legal obligations.

We do not sell your personal information. We share data only with the following:

• Supabase — database and file storage, hosted in EU/US.
• Dodo Payments — Merchant of Record for payments; collects billing information at checkout.
• DMX API (dmxapi.cn) — your prompts and reference images are sent to this AI aggregation service to perform generation.
• Vercel — hosts the frontend and edge functions; records access logs.
• Google — if you use Google Sign-In, we receive the profile fields you authorize.
• Legal Requirements — when required to comply with a subpoena, court order, or to prevent serious violations.

We use cookies and browser local storage to maintain your login session and remember language preferences. We do not use third-party advertising tracking cookies.

• Account data: retained while your account exists; deleted within 30 days of account deletion.
• Generated images and gallery: retained alongside your account unless you delete them.
• Payment records: retained for at least 5 years per tax regulations.

You have the right to:

• Access, correct, or export the personal data we hold about you;
• Delete your account and associated data (some data may be retained to meet legal obligations);
• Withdraw consent to data processing;
• Lodge a complaint with your local data protection authority.

To exercise these rights, email ray5197@foxmail.com.

We protect your data using HTTPS in transit, Supabase Row-Level Security policies, and encrypted keys at rest. Please note that no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to children under 13. If we discover that we have inadvertently collected information from a child under 13, we will delete it promptly.

This policy may be updated from time to time. For material changes, we will notify you by email or in-app notice. Continued use of the Service constitutes acceptance of the updated policy.

Questions about this policy? Contact ray5197@foxmail.com.