Halftone Maker - Privacy Policy

1. Introduction

Halftone Maker (the "Service") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information is collected in connection with your use of the Service and how it is handled. By using the Service, you agree to this Privacy Policy.

2. Information We Collect

Image Processing

  • Halftone Processing (Client‑Side): Halftone image processing runs in your browser. Your image data is not uploaded to our servers for this feature. We may store your work locally using IndexedDB on your device.
  • Background Remover (Server‑Assisted + Third‑Party Processing): When you use the Background Remover, your image is uploaded to our Supabase Storage. We generate a time‑limited, signed URL and send it to fal.ai, which accesses your image to perform background removal and returns a processed result. We delete the uploaded image from our storage promptly after processing completes. The processed image may be saved to your account for your convenience.

fal.ai may retain your image for at least seven (7) days and may use it to improve its services and AI models, and may disclose it to third parties when legally required, under fal.ai’s own terms and privacy policy. We do not control fal.ai’s independent processing. Do not upload sensitive or confidential images.

Age Attestation and Children’s Data

We may ask you to confirm that you are at least 16 years old. We do not knowingly collect personal information from anyone under 16. If we learn that a user under 16 has provided personal information, we will delete the account and associated data as appropriate. Parents or guardians who believe that a child under 16 has provided personal information may contact us at hello@halftonemaker.com.

Account and Authentication (Supabase; SMS/MFA)

  • When you create an account or log in, we collect information such as your email address, display name (if provided), phone number (if you enable SMS verification), and a user ID. Authentication (including optional SMS-based multi-factor verification) is provided by Supabase and its SMS delivery providers. We do not receive or store plaintext passwords or SMS codes. Session tokens may be stored in your browser (e.g., cookies/localStorage) to keep you signed in. Phone numbers are used only for authentication and security. Message and data rates may apply.
  • We may send essential service communications (e.g., MFA codes, security alerts, account changes and deletion confirmations, and billing/receipt notices) to your registered email or phone. We do not send marketing or promotional messages.

Personal Presets and Sync (Supabase DB + IndexedDB)

  • When logged in, your personal presets (e.g., preset names and parameter settings) are stored in our Supabase database and a local copy is kept in IndexedDB. We sync these to enable backup and cross‑device access. This does not upload your images—only preset metadata.

Preset Sharing (Redis)

  • If you use the preset sharing feature, the preset name and parameters are stored in Redis and are accessible to anyone with the share token/link.

Payments and Billing (Stripe)

  • If you make a purchase, Stripe collects your payment details. We receive limited billing information (e.g., name, email, billing address, last4 and brand of card, expiration month/year, transaction and subscription status). We do not store full card numbers or CVC.

Contact Form (Resend)

  • When you submit the contact form, we collect your email address and message content. This is processed by Resend.

Automatically Collected Information

  • We use Vercel event tracking to collect usage statistics such as errors and operation counts within the application.
  • We do not track user behavior in a way that personally identifies you; analytics are aggregated or pseudonymous and not linked to your identity.
  • We use cookies and localStorage only for strictly necessary purposes (e.g., site routing and authentication/session management). We do not use first-party cookies for behavioral tracking and therefore do not display a cookie consent banner.

3. How We Use Information

We use collected information to:

  • Provide, secure, and improve the Service and user experience
  • Authenticate users and maintain sessions (including SMS-based MFA)
  • Sync and back up personal presets across devices
  • Process payments, manage subscriptions, and provide billing/receipt notices
  • Send essential service communications only (e.g., MFA codes, security alerts, account changes and deletion confirmations). We do not send marketing or promotional communications.
  • Analyze performance and resolve technical issues
  • Prevent fraud and enforce our Terms of Service
  • Provide the Background Remover by uploading your image to Supabase Storage, issuing a signed URL, and transmitting it to fal.ai for processing;
  • Store the processed result in your account if you choose to save it.

We do not use your images for our marketing or promotional purposes. However, fal.ai may retain and use images for service improvement and AI model development under its own policies, which we do not control.

4. Data Retention

  • IndexedDB (local): Retained on your device until you delete it in-app or via your browser’s “Delete site data.”
  • Personal presets (Supabase DB): Retained while your account is active. You can delete presets in-app; deletion removes them from our Supabase DB and stops further sync.
  • Shared presets (Redis): Stored for the period shown at the time of sharing and then automatically deleted.
  • Account and auth data (Supabase): Retained while your account is active; may be kept for a reasonable period after account closure for security, backup, or legal compliance.
  • Billing records (Stripe): Retained as required for accounting, tax, and compliance.
  • Contact form submissions (Resend): Retained for responding and maintaining communication history for a reasonable period.
  • Background Remover (uploads to our storage): Uploaded images are deleted from Supabase Storage promptly after the processing job completes.
  • Background Remover (processed results saved to your account): Retained while your account is active; you can delete them in‑app where available.
  • Background Remover (fal.ai): fal.ai may retain images for at least seven (7) days and may use them for service improvement and AI model development, and may disclose them when legally required, under fal.ai’s policies. Contact us if you need assistance routing a deletion request to fal.ai; we will forward requests where feasible, but we cannot guarantee deletion on their systems.

5. Sharing Data with Third Parties

We may share data with the following third parties:

  • Supabase (Authentication/Database/Storage): Handles account authentication, stores personal presets, and temporarily stores Background Remover uploads (deleted promptly after processing).
  • Stripe (Payments): Processes payments; we do not store full card data.
  • fal.ai (Background Remover): Accesses images via signed URLs to perform background removal. fal.ai may retain images for at least seven (7) days and may use them for service improvement and AI model development, and may disclose them when legally required, under fal.ai’s terms and privacy policy.
  • Vercel (Hosting/Analytics): Collects performance and error data.
  • Redis (Preset Sharing): Stores shared preset data accessible via share token/link.
  • Resend (Email): Processes contact form messages.

We share only what is necessary to operate the Service. We do not sell your personal information or share it with third parties for their own marketing. Some providers (e.g., fal.ai) may process data under their own policies beyond our instructions; please review their terms and privacy policies.

6. User Rights and Choices

Users have the following rights and choices:

  • Browser Controls: Manage cookies via your browser settings.
  • IndexedDB: Delete local data in-app or via your browser’s “Delete site data.”
  • Personal Presets: Add/edit/delete in-app; deletions are reflected in Supabase DB and stop sync.
  • Shared Presets: Public via share token until the retention period ends; early deletion is not available.
  • Account/Data Requests: To access, correct, export, or delete your account data (including account deletion), use in‑app options if available or contact us at the email below.

7. Target Users and Legal Compliance

The Service is intended for users who are 16 years of age or older and is not directed to children. We do not knowingly collect personal information from anyone under 16. If we become aware that we have collected such information, we will delete it and terminate the related account. If your region requires consent for transferring personal data to third‑party processors, you consent to such transfers when you use the Background Remover.

8. Security

We take reasonable measures to protect your data. However, no method of transmission or storage is completely secure.

  • We do not store plaintext passwords; Supabase handles authentication.
  • We do not store full card numbers or CVC; Stripe handles payment data.
  • Preset sharing is public to anyone with the share token/link; avoid including sensitive information in preset names or configurations.
  • We cannot guarantee confidentiality of images transmitted to or processed by third‑party providers as part of the Background Remover. Avoid uploading personal, sensitive, or confidential images.
  • Users under 16 are not permitted to use the Service.

9. Changes to This Policy

We may update this Privacy Policy. If significant changes are made, we will notify you on the site. Your continued use of the Service after changes means you accept the updated Policy. The latest version is available on this page.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at hello@halftonemaker.com.

Last updated: August 25, 2025