Privacy Policy

This Privacy Policy explains how Publeey ("we", "us", "our", or the "Service") — operated under the domain publeey.com — collects, uses, stores, and shares information about you ("you", "user") when you access or use the Service. By using Publeey, you consent to the practices described in this Policy.

1. Information We Collect

1.1 Information you provide directly

• Account data: email address, password (stored as a one-way bcrypt hash — we never see your plaintext password).
• Payment data: we use PayPal to process payments. PayPal handles your card/bank data — we only receive the payment confirmation (order ID, amount, currency, payer email). We do not store full card numbers or banking credentials on our servers.
• Prompts and inputs: the text prompts, themes, book titles, author names, and other content you submit to our generators.
• Generated content: ebooks, covers, coloring books, puzzle books, journal books, and other artifacts produced by the Service for you. These are stored in your account library so you may re-download them.

1.2 Information collected automatically

• Usage data: generation logs, credit transactions, login timestamps, IP address at signup and login (used for fraud detection and rate limiting).
• Cookies: a single session cookie (PUBLEEY_SID) used solely to keep you signed in. We do not use third-party advertising or analytics cookies.

2. How We Use Your Information

• Provide, operate, and maintain the Service.
• Process your purchases and grant credits.
• Generate content via AI providers based on your prompts (your prompts are sent to the provider executing the request — see Section 4).
• Store your generated assets in your library so you can re-download them without re-spending credits.
• Detect, prevent, and respond to fraud, abuse, illegal activity, or violations of our Terms of Service.
• Communicate with you about your account (verification, password reset, important service notices).
• Comply with legal obligations.

3. Legal Basis for Processing (where applicable)

Where the General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases:

• Contract: processing is necessary to deliver the Service you signed up for.
• Legitimate interests: fraud prevention, service improvement, security.
• Consent: for any optional processing — you may withdraw consent at any time.
• Legal obligations: tax records, response to lawful requests.

4. Third-Party Services and Data Sharing

We share data only with the providers strictly necessary to deliver the Service:

• PayPal — payment processing. Subject to PayPal's privacy policy.
• Anthropic (Claude AI) — text generation. Your text prompts are transmitted to Anthropic to produce ebook content. Subject to Anthropic's privacy terms.
• Pollinations / KIE AI — image generation. Your image prompts are transmitted to the chosen provider.
• Hosting infrastructure — our VPS provider hosts the database and application servers in their data centers.

We do not sell your personal data, your prompts, or your generated content to advertisers, data brokers, or any third party.

5. Data Retention

• Account data is retained while your account is active. If you request account deletion, we will permanently delete your account and associated assets within 30 days, except where retention is legally required (e.g. financial transaction records for tax purposes).
• Pending signup data (email + password hash submitted before payment) is automatically deleted after 7 days if payment is not completed.
• Credit transaction history is retained as long as you have an account, to support audit and refund processes.
• Server logs (IP addresses, timestamps) are retained for up to 90 days for security purposes, then anonymized or deleted.

6. Your Rights

Subject to applicable law, you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate information (e.g. update your email).
• Deletion — request that we delete your account and personal data.
• Restriction — limit how we use your data.
• Portability — receive your data in a structured, commonly used format.
• Withdrawal of consent — where consent is the legal basis.
• Complaint — lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us via the email listed in Section 11.

7. Security

We use industry-standard measures to protect your data: HTTPS encryption in transit, bcrypt password hashing, secure server configurations, and least-privilege database access. However, no system is 100% secure — we cannot guarantee that breaches will never occur. You are responsible for keeping your password confidential and notifying us promptly of any unauthorized account access.

8. Children's Privacy

Publeey is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a minor has provided us with personal data, contact us immediately and we will delete it.

9. International Transfers

Our servers and third-party processors operate across multiple jurisdictions. By using the Service, you consent to the transfer of your data to those jurisdictions, which may have different data-protection laws than your home country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account or via a notice on the Service. The "Effective date" at the top of this page indicates the latest revision. Continued use after a change constitutes acceptance.

11. Contact

Questions or requests regarding this Privacy Policy may be sent to support@publeey.com.