Privacy Policy

Last Updated: December 2024

Appforgelabs LLC ("we," "us," or "our") operates the Spinny Duck website (https://spinnyduck.com) (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several types of information for various purposes to provide and improve our Service to you.

A. Personal Data

When you create an account using Google OAuth, we collect the following personal information:

  • Full Name
  • Email Address
  • Google Profile ID (a unique identifier from your Google account)

When you make a purchase, we also store a Stripe Customer ID to associate your account with your payment history. We do not collect or store your credit card number or other sensitive payment details.

B. User-Generated Content

  • Uploaded Images: We collect and store the images you upload for processing.
  • Generated Content: We store the final 3D figurine images generated by the AI.

C. Technical and Session Data

  • Session Information: We use cookies and a Redis data store to manage your login session and authentication status. This includes temporary tokens related to the Google login process.
  • Server Logs: Our servers automatically record standard log information, which may include your IP address, browser type, request timestamps, and other metadata.

2. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide and Maintain the Service: To authenticate you, manage your account, maintain your credit balance, and generate figurines from your uploaded images.
  • To Process Transactions: To facilitate the purchase of Credits via our payment processor, Stripe.
  • To Communicate With You: To send you information related to your account or transactions.
  • To Secure Our Service: To monitor for fraudulent or unauthorized activity and to implement security measures like rate limiting.

3. Data Sharing and Third-Party Services

We do not sell your personal information. However, we share information with third-party service providers who perform services on our behalf.

  • AI Service Providers (Google Gemini, OpenAI): To generate the figurines, we send your uploaded images and technical prompts to our AI partners. These partners process the images to create the final output. We may use other providers like FAL.ai for future features.
  • Payment Processor (Stripe): To process payments, we share your email address and necessary metadata with Stripe. All payment card information is provided directly to Stripe, which is PCI DSS compliant. We encourage you to review Stripe's Privacy Policy.
  • Authentication Provider (Google): We use Google OAuth 2.0 for account creation and login. When you log in, you are interacting with Google's authentication system. We encourage you to review Google's Privacy Policy.
  • Infrastructure Providers: Our application data, including your profile information and uploaded content, is stored in databases (PostgreSQL) and session stores (Redis) managed by our infrastructure partners.

4. Data Storage, Security, and Retention

  • Security Measures: We implement reasonable security measures to protect your information, including using HTTPS for data in transit, implementing security headers (via Helmet.js), and validating all inputs to our system.
  • Data Storage: Your uploaded images and generated content are stored on our server's local filesystem. Please be aware that generated images are accessible via a public URL if the link is known.
  • Data Retention: We do not have an automatic deletion policy. Your account information, uploaded images, and generated content are retained indefinitely unless you request deletion. Session data expires automatically. Payment transaction records are kept for accounting purposes.

5. International Data Transfers

Our Service and its third-party providers (like Google, OpenAI, and Stripe) operate globally. Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. By using our Service, you consent to this transfer.

6. Your Data Rights

Depending on your location (e.g., GDPR in Europe, CCPA in California), you may have certain rights regarding your personal data, including the right to access, correct, or delete your information.

Currently, we do not offer automated tools for data management. To exercise any of your data rights, please submit a request to us directly via email. We will process your request manually in a reasonable timeframe.

7. Cookies and Tracking

We use cookies for essential functions:

  • Session Cookies: To keep you logged in to your account.
  • OAuth Cookies: Temporary cookies used to secure the Google login process.
  • Consent Cookies: To remember your cookie preferences.

We do not use third-party analytics or advertising trackers like Google Analytics or Facebook Pixel. However, our third-party partners like Google (for OAuth) and Stripe (for payments) may set their own cookies during their respective processes.

8. Children's Privacy

Our Service is not intended for use by anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Appforgelabs LLC
1209 MOUNTAIN ROAD PL NE STE N, Albuquerque NM 87110 USA
Email: [email protected]