Effective June 11, 2026
Account data: email address, authentication identifiers, and subscription status. Content: the prompts you submit, the websites you generate, and files you upload (logos, photos). Leads: if visitors submit a contact form on a site you publish, we store that submission (name, email, message) on your behalf. Usage: page views on published sites and basic technical logs (IP address, browser type) for security and rate limiting.
To provide and improve the Service: generating sites with AI models, hosting your published sites, processing subscriptions, capturing leads for you, preventing abuse, and providing support. We do not sell your personal information.
We share data with processors strictly to operate the Service: Supabase (authentication and database), Vercel (hosting), Stripe (payments — we never store full card numbers), AI model providers such as OpenAI and Google (your prompts are sent to generate content), Pexels (stock imagery), and our email provider (transactional emails). Each processes data under its own safeguards and our instructions.
If you signed up through an agency's branded portal, that agency can see your account email, subscription plan, and status in order to provide you service and billing. Payments you make to an agency are processed by the agency's own Stripe account; the agency is responsible for its handling of your billing relationship.
When your published site captures a lead, you are the controller of that visitor's data and responsible for handling it lawfully (including any consent or disclosure obligations to your visitors). We store and forward it (e.g., to your connected CRM) on your instructions.
We use essential cookies for authentication and session management. Published sites include lightweight, cookie-free page-view counting by default; site owners can disable analytics per site.
We keep your data while your account is active. If you delete a site, its content and leads are removed from production systems within a reasonable period. You can request account deletion by contacting support; we delete or anonymize personal data unless retention is legally required (e.g., billing records).
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact us to exercise these rights and we will respond as required by applicable law (including PIPEDA and, where applicable, GDPR).
We use industry-standard safeguards including encryption in transit and access controls. No system is perfectly secure; notify us immediately of any suspected breach of your account. We may update this policy; material changes will be announced via the Service or email.
Privacy questions or requests: support@phosify.app