Legal · Effective 2026-05-17

Privacy Policy

This Privacy Policy explains how AIDrawIO (“AIDrawIO,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you use aidrawio.com, app.aidrawio.com, and related services (the “Service”). By using the Service you agree to this Policy.

1. Who we are

AIDrawIO is an AI-powered diagram generation service. We are an independent, individually operated project. References to “we” or “AIDrawIO” in this Policy mean the operators of the Service. You can reach us at aidrawio7@gmail.com.

2. Information we collect

We collect the following categories of data:

  • Account information. If you sign in, we collect your email address, name (if provided), avatar URL, and the authentication provider you used (e.g., Google, email). This is provided through our authentication partner Supabase.
  • User content. Diagram prompts, generated diagrams, uploaded files, URLs you paste for parsing, and any text you send to the AI chat interface. We store this so you can access your work across devices.
  • Billing information. If you subscribe, our payment processor Stripe collects and processes your payment details. We never receive or store your full card number. We retain Stripe customer and subscription identifiers, the price you paid, and your subscription status.
  • Usage and device data. Pages viewed, clicks, approximate location derived from IP, device type, browser, operating system, referrer, and timestamps. We may also record anonymized session replays of how the product is used (with sensitive inputs masked).
  • Communications. If you contact us, we keep the contents of your message and your email address.
  • Cookies and similar technologies. See “Cookies” below.

We do not knowingly collect government IDs, health data, precise GPS location, or other sensitive personal information. Please do not include such information in prompts or uploads.

3. How we use your information

  • Provide, operate, secure, and improve the Service, including generating diagrams, preserving your history, and supporting features like cross-device sync.
  • Send transactional messages (account, billing, security, and product notices) via our email provider Loops.
  • Process subscriptions and prevent fraud via Stripe.
  • Understand product usage, measure performance, debug, and improve features through analytics providers such as PostHog. Analytics is opt-in in jurisdictions that require consent.
  • Enforce our Terms of Service and protect the rights, property, and safety of AIDrawIO, our users, and others.
  • Comply with legal obligations and respond to lawful requests.

4. AI processing of your content

When you submit a prompt, file, or instruction, the content is sent to third-party AI providers (such as Google's Gemini API and OpenRouter, which routes to providers including DeepSeek, Meta, Anthropic, OpenAI, Mistral, and others). These providers receive the content only to generate a response. We do not knowingly use your prompts to train AI models, but we cannot guarantee what every downstream provider does with content sent to them. Please review the applicable provider's privacy notices:

If you bring your own API key (“BYOK”), your prompts go directly to the provider you configured under the terms of your own account with that provider.

Do not include confidential, regulated, or sensitive data in prompts. Once content is sent to a third-party AI provider, we cannot recall it.

5. Third-party services we use

We rely on the following processors to operate the Service. Each is bound by its own privacy notice and security obligations.

  • Supabase — authentication, database, file storage. (privacy)
  • Stripe — payment processing and subscription management. (privacy)
  • Google Gemini API — AI inference. (privacy)
  • OpenRouter — AI routing and fallback inference. (privacy)
  • PostHog — product analytics and session replay. (privacy)
  • Loops — transactional and product email. (privacy)
  • Vercel — application hosting and edge delivery. (privacy)

6. Sharing of information

We do not sell your personal information. We share information only:

  • With the processors listed above, strictly as needed to operate the Service.
  • To comply with law, legal process, or lawful requests from public authorities.
  • To enforce our Terms, prevent fraud or abuse, or protect AIDrawIO, our users, or the public.
  • In connection with a merger, acquisition, or sale of assets, in which case continuing privacy protections will apply.
  • With your consent or at your direction.

7. Cookies and tracking

We use the following categories of cookies and similar local storage:

  • Strictly necessary — authentication session, security tokens, preferences such as language and theme. These are always on.
  • Analytics — PostHog uses cookies and local storage to measure usage and improve the product. In the EU/UK and similar jurisdictions, analytics is loaded only after you accept the cookie banner. You may withdraw consent at any time by clearing cookies or contacting us.

8. Data retention

We retain account, content, and billing data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. Anonymized analytics may be retained indefinitely. You can request deletion at any time (see “Your rights”).

9. Security

We take reasonable administrative, technical, and organizational measures to protect your information, including encryption in transit (TLS), encryption at rest where supported by our processors, restricted access, and the use of reputable infrastructure providers. No method of transmission or storage is 100% secure. You use the Service at your own risk.

10. International data transfers

We and our processors operate in the United States and other countries. By using the Service you understand that your information may be processed in jurisdictions whose data-protection laws differ from those of your home country. Where required, our processors maintain appropriate transfer mechanisms such as Standard Contractual Clauses.

11. Your rights

Depending on where you live, you may have rights to access, correct, port, restrict, or delete your personal information, to object to certain processing, and to withdraw consent. To exercise any of these rights, email aidrawio7@gmail.com from the address associated with your account. We will respond within the time required by applicable law.

EU/UK (GDPR). Our legal bases for processing include performance of a contract (operating the Service), legitimate interests (security, analytics, product improvement), consent (analytics where required, marketing), and legal obligations.

California (CCPA/CPRA). We do not sell personal information and do not share it for cross-context behavioral advertising. California residents have the right to know, delete, correct, and limit use of sensitive personal information.

12. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, please contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. The “Effective” date at the top reflects the latest revision. Material changes will be highlighted on the website or by email where we have one.

14. Contact

Questions, requests, or complaints? aidrawio7@gmail.com.

See also our Terms of Service.