Privacy Policy

Last updated: 2026-03-12

1. Introduction

This Privacy Policy describes how Jacob Pegs ("we," "us," or "our") collects, uses, and protects your information when you use Modern Maker AI Studio ("the Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Full name
• Password (stored as a one-way hash, never in plain text)

Usage Data

When you use the Service, we automatically collect:

• Messages sent to AI assistants (stored to maintain conversation history)
• Message counts and token usage (for billing and analytics)
• Timestamps of interactions
• Theme and display preferences

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, bank account details, or other payment method information on our servers. We store only:

• Stripe customer ID (for subscription management)
• Subscription status and plan type

Technical Data

We may collect:

• IP address (for rate limiting and security, not stored long-term)
• Browser type and version (via standard HTTP headers)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your subscription payments
• Send account-related emails (verification, password reset)
• Enforce usage limits per your subscription plan
• Monitor and prevent abuse or unauthorized access
• Generate aggregated, anonymized analytics for service improvement

We do not use your information to:

• Send marketing emails (unless you separately opt in)
• Sell or rent your personal data to third parties
• Train AI models on your conversations

4. AI Processing and Third Parties

Anthropic (AI Provider)

Your messages to AI assistants are sent to Anthropic's Claude API for processing. Anthropic's data handling:

• Anthropic does not use API inputs/outputs to train their models
• Messages are processed in real-time and not retained by Anthropic beyond what is needed for abuse monitoring
• See Anthropic's privacy policy and usage policy for details

Stripe (Payments)

Payment data is handled by Stripe under their privacy policy. We only receive confirmation of payment status.

Resend (Email)

Transactional emails (verification, password reset) are sent via Resend. Only the recipient email address and email content are shared with Resend for delivery purposes.

5. Data Storage and Security

• Your data is stored in Cloudflare's infrastructure (D1 database and KV store)
• Data is encrypted in transit (HTTPS/TLS)
• Passwords are hashed using PBKDF2 with SHA-256 (100,000 iterations + random salt)
• Session tokens are stored in HttpOnly, Secure cookies with SameSite=Lax
• API keys and secrets are stored as encrypted environment variables, never in code
• Admin access is role-based and verified from the database on every request

6. Data Retention

• Account data: Retained while your account is active. Upon account deletion request, we will delete your account data within 30 days.
• Conversation history: Retained while your account is active. Deleted conversations are soft-deleted (hidden from view) and permanently removed during routine cleanup.
• Usage logs: Retained for up to 12 months for billing and analytics purposes.
• Payment records: Retained as required by applicable tax and financial regulations.

7. Your Rights

You have the right to:

• Access your personal data via your account settings
• Correct your account information (name, email)
• Delete your account and associated data by contacting us
• Export your conversation history by contacting us
• Object to data processing where we rely on legitimate interests

To exercise these rights, contact us at https://forms.google.com/your-support-form.

For EU/EEA/UK Residents

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is:

• Contract performance — providing the Service you subscribed to
• Legitimate interests — security, abuse prevention, service improvement
• Consent — where you have opted in (e.g., account creation)

8. Cookies

We use minimal cookies:

• Session cookie (`studio_session`): Essential for authentication. HttpOnly, Secure, expires after 24 hours.
• Theme preference: Stored in localStorage (not a cookie), persists your display preference.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International Data Transfers

Your data may be processed in countries other than your own through Cloudflare's global infrastructure. By using the Service, you consent to the transfer of your data to these locations. We rely on Cloudflare's data processing agreements and standard contractual clauses for lawful international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via email. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact

For privacy-related questions or to exercise your rights, contact us at https://forms.google.com/your-support-form.