← BatchGen.io | Terms of Service · Privacy Policy · Refund Policy · Acceptable Use Policy · API Key Handling

BatchGen Privacy Policy

Effective date: June 11, 2026

Data controller: Crafted Motion LLC ("BatchGen," "we," "us")

1. What we collect

Account data — your email address and a hashed password (managed by Supabase Auth; we never see your plaintext password), plus your plan and entitlement status (paid subscription, Academy membership, comped access).

Billing data — payments are processed by Stripe. We store your Stripe customer ID, subscription ID, and subscription status. We never see or store your card number — that stays with Stripe.

Content you create — prompts, generation settings, reference images you upload, and generated images, stored so your galleries, storyboards, builds, and favorites work.

Usage and technical data — standard server logs (IP address, timestamps, requested routes) for security, rate limiting, and abuse prevention; and usage events (e.g., a generation happened, a download happened) for operating and improving the service. These events never include your API key.

What we deliberately do NOT collect

Your Gemini API key is never stored on BatchGen servers. It is used in memory to perform the requests you ask for and is not written to our database, logs, or analytics. In your browser it is held in page memory only — refreshing the page clears it. See How BatchGen Handles Your API Key.
We run no third-party advertising or cross-site tracking on the workspace.

2. How we use your data

To provide the service (authentication, generation, galleries, exports); to bill you (subscription management via Stripe); to keep the service safe (rate limiting, abuse detection, security monitoring); and to communicate with you (receipts, password resets, important service notices — marketing email only with your consent).

We do not sell your data, and we do not use your prompts, references, or generated images to train AI models.

3. Who processes your data (subprocessors)

Supabase — authentication and database (email, account/profile data, content metadata)
Stripe — payment processing (email, payment details held by Stripe)
Google (Gemini API) — image generation via your own API key (prompts and reference images you submit)
Cloudflare — DNS, TLS, and proxying (IP address, request metadata)
Hostinger — server hosting (all server-side data above)

When you generate images, your prompts and reference images are sent to Google's Gemini API under your own API key and Google account. Google's handling of that data is governed by Google's terms and privacy policies, not ours.

4. Cookies and local storage

BatchGen uses first-party cookies only: a session cookie to keep you logged in and a security (CSRF) cookie that protects your account from forged requests. Both are HttpOnly, Secure, SameSite cookies. No advertising or third-party tracking cookies are set.

Your browser's local storage holds non-sensitive UI preferences only (gallery filters, favorites, storyboard and build progress). Your API key is never written to local storage.

5. Data retention

Account and content data are retained while your account is active.
If you close your account, your stored content and personal data are deleted within 30 days, except records we must keep for legal or accounting reasons (e.g., Stripe invoice records).
Server logs are retained for 90 days.

6. Your rights

Depending on where you live (e.g., EU/UK GDPR, California CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing.

To exercise any of these, email [email protected] from your account email. We respond within 30 days. You can also delete generated images and uploads directly in the app at any time.

7. Security

All traffic is encrypted in transit (HTTPS). Galleries are private by default and image access is ownership-checked on the server. Passwords are hashed by Supabase Auth. API keys are never stored server-side, never logged, and are scrubbed from error messages.

No system is perfectly secure. If we learn of a breach affecting your personal data, we will notify you without undue delay as required by law.

8. Children

BatchGen is not directed at children under 18, and we do not knowingly collect their data. If you believe a minor has created an account, contact us and we will delete it.

9. Changes to this policy

We may update this policy. For material changes we'll notify you by email or in-app notice before they take effect.