Lemmi StudioLemmi Studio

Privacy Policy

Effective October 14, 2025

This Privacy Policy explains how Lemmi Studio ("we," "us," "our") collects, uses, shares, and protects information when you use our platform for generating app store copy, marketing visuals, and landing-page assets ("Service"). By using the Service, you agree to the practices described here. If you do not agree, you must stop using the Service.

1. Information We Collect

1.1 Account and Authentication Data

  • Email address, name, and profile data from Google or GitHub OAuth during Supabase authentication.
  • Workspace identifiers, project ownership metadata, and activity timestamps.

1.2 Project and Generation Data

  • Screenshots, visuals, prompts, app metadata, localized strings, and other User Content you upload or create.
  • AI-generated outputs such as copy suggestions, landing-page drafts, and marketing images.
  • Autosave payloads, serialized canvas states, and export bundles stored in Supabase Postgres or Supabase Storage.

1.3 Usage and Device Information

  • Log files capturing API requests, autosave events, error traces, and performance diagnostics.
  • Limited device and browser information collected via standard HTTP headers.

1.4 Payment and Billing Data

If you subscribe to a paid plan, we may collect subscription tier details, invoice records, and billing history from our payment processor. We do not store full payment card data on our servers.

2. How We Use Information

  • Operate and maintain the Service, including autosave, project duplication, exports, and landing-page builds.
  • Deliver AI-assisted features you initiate, such as Gemini prompts, copy generation, and image rendering.
  • Improve performance, reliability, and user experience through analytics, debugging, and feature development.
  • Communicate with you about updates, security alerts, billing events, and support responses.
  • Enforce our Terms of Service and prevent fraud, abuse, or policy violations.

3. Legal Bases for Processing

Where required by law, we rely on contract, legitimate interests, and consent to process personal data. Contract relates to providing the Service, legitimate interests cover improvements and safety, and consent applies to optional communications or specific data uses.

4. How We Share Information

  • Service providers: Supabase, Google Gemini, Google OAuth, GitHub OAuth, Vercel, and other vendors process data under contractual safeguards.
  • Payment processors: Billing data is shared with compliant processors to complete transactions.
  • Legal requirements: We may disclose information to comply with laws or protect rights, safety, or users.
  • Business transfers: Information may transfer during mergers, acquisitions, financing, or asset sales, subject to confidentiality obligations.

We do not sell personal information.

5. Data Retention

Project data, generated assets, and logs are retained while your account is active and for a reasonable period afterward for restoration, audits, and compliance. Temporary artifacts processed through our tmpService pipeline are purged regularly. We may anonymize or aggregate data for analytics or product improvement.

6. Data Security

We implement access controls, encryption in transit, logging, and least-privilege permissions throughout Supabase and supporting infrastructure. No system is entirely secure, so maintain strong credentials and notify us of any suspected compromise.

7. International Data Transfers

Providers may store or process information in the United States or other countries. By using the Service, you consent to transfers to jurisdictions that may have different data protection standards.

8. Your Choices and Rights

  • Update account details and project metadata inside the Service.
  • Request access to or deletion of personal information, subject to legal or operational constraints.
  • Opt out of non-essential communications via unsubscribe links or by contacting us.
  • Control publication or downstream use of AI-generated content after reviewing outputs.

If your jurisdiction grants specific data subject rights (e.g., GDPR, CCPA), contact us to exercise them and we will respond in accordance with applicable law.

9. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. Contact us if you believe a child has provided personal information so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on the Service and update the effective date. Continued use after updates means you accept the changes.

11. Contact

For privacy questions or requests, reach out through the in-app support channel or the contact information on our landing page.