NanoFlash

Privacy Policy

Last updated: March 24, 2026

1. Information We Collect

When you create an account, we collect your email address and authentication credentials (via email/password or Google OAuth). When you use the service, we collect the images you upload and the text prompts you provide for transformations.

2. How We Use Your Information

  • To provide and maintain the NanoFlash service
  • To process your image transformations using AI (Google Gemini)
  • To manage your subscription and process payments via Stripe
  • To send transactional emails (welcome, monthly digest) via Resend
  • To monitor usage limits and prevent abuse

3. Data Storage

Your data is stored securely using Supabase (PostgreSQL database and object storage). All data is protected by row-level security policies ensuring you can only access your own data. Images are stored in Supabase Storage.

4. Third-Party Services

We share data with the following third-party services as necessary to operate:

  • Google Gemini — processes your images and prompts for AI transformations
  • Stripe — processes subscription payments
  • Supabase — hosts our database and file storage
  • Resend — sends transactional emails
  • Vercel — hosts the application and provides analytics

5. Data Retention

Your transformation history is retained as long as your account is active. You can delete individual transforms from your gallery at any time. When you delete your account, all associated data (profile, transforms, images, subscription) is permanently removed.

6. Your Rights

You have the right to:

  • Access your personal data through the app
  • Delete individual transforms from your gallery
  • Delete your entire account and all associated data (GDPR-compliant)
  • Export your data by downloading images from your gallery

7. Cookies

We use essential cookies for authentication and session management. We use Vercel Analytics for privacy-friendly, aggregated usage analytics with no personal data tracking.

8. Security

We implement industry-standard security measures including encrypted connections (HTTPS), row-level security on all database tables, and secure authentication via Supabase Auth.

9. Children's Privacy

NanoFlash is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes via email or in-app notification.

11. Contact

For privacy-related questions, contact us at kristine.walgermo@gmail.com.