Privacy Policy

This Privacy Policy explains how svgdiagram.ai collects, uses, stores, shares, and protects information when you use the website, workspace, diagram generation tools, API access, billing features, and related services.

In this policy, “svgdiagram.ai,” “we,” “us,” and “our” mean the operator of the svgdiagram.ai service. Controller: the operator of svgdiagram.ai. If you have questions or requests, email support@svgdiagram.ai.

For controller identity questions, privacy requests, or legal notices related to this policy, email support@svgdiagram.ai.

We may collect information you provide directly, including your email address, the password you submit for authentication, authentication setup information, account details, billing actions, support messages, prompts, instructions, and other content you submit to generate diagrams. Passwords are stored as password hashes, not plaintext.

If you use API access, we may process API key metadata, key names, creation and revocation records, last-used timestamps, request information, and related account usage data. Raw API keys are shown only when created; after that, only key hashes are stored.

If you contact us, we may collect your message, contact details, account email, billing details you choose to provide, and any context needed to answer or investigate the request.

When you generate diagrams, the service may store prompts, generated source, rendered SVG output, selected templates, model information, generation status, error details, credit usage, refund status, timestamps, workspace history, and related metadata.

Your workspace may keep generated diagrams so you can view, reuse, export, restore, or delete them. Deleted generations may be moved to trash before permanent removal, and some operational records may remain for billing, security, backups, dispute handling, legal compliance, or reliability.

Do not submit secrets, credentials, sensitive personal data, regulated data, or confidential material unless you have the right to process it through the service and accept the risks of using hosted infrastructure and AI systems.

We may collect technical information such as IP address, browser and device information, pages visited, referral information, session information, authentication events, API request metadata, rate-limit events, error logs, security events, and approximate timestamps.

We may collect product usage information such as generation attempts, successful and failed generations, credit ledger entries, subscription state, feature usage, client-side events, and performance diagnostics.

Payments, checkout, invoices, subscriptions, and billing portal features may be handled by Stripe. We may receive and store billing-related records such as customer identifiers, subscription state, plan information, invoice status, payment status, checkout status, and webhook events.

We do not need to store full payment card numbers. Stripe may collect and process payment details according to its own terms and privacy policy.

We use information to provide accounts, authenticate users, process diagram generations, render and store SVG output, manage workspace history, provide API access, track credits, process refunds for failed generations, manage billing, prevent abuse, and maintain service reliability.

We also use information to troubleshoot errors, respond to support requests, improve product performance and user experience, secure the service, enforce terms, detect fraud or misuse, comply with legal obligations, and protect users and the service.

For users in the European Economic Area, we process personal data under legal bases that depend on the purpose. Account access, diagram generation, workspace history, API access, support, credit accounting, and billing are generally processed to perform the contract or to take steps you request before entering into a contract.

Tax, accounting, chargeback, and compliance records may be processed to meet legal obligations. Security, abuse prevention, fraud detection, reliability, diagnostics, product improvement, and business operations may be processed under legitimate interests. Optional analytics, marketing, and non-essential cookies are processed with consent where consent is required.

To generate diagrams, prompts, instructions, templates, generated source, SVG output, and related metadata may be processed by AI model providers, rendering systems, and infrastructure providers used by the service.

AI systems may produce inaccurate, incomplete, similar, or unexpected output. Review generated diagrams before publishing or relying on them, especially in professional, regulated, or high-stakes contexts.

We do not claim ownership of your private workspace content. We use your content as needed to provide, secure, troubleshoot, and improve the reliability and usability of the service.

We do not use private workspace content to train a separate svgdiagram.ai model. Third-party AI providers may process prompts and generated content to provide the generation service and may handle that information under their own service terms, data-processing terms, and privacy policies.

We may share information with service providers that help operate svgdiagram.ai, including AI model providers such as Google Gemini, payment processors such as Stripe, infrastructure and rendering providers such as Cloudflare and hosting providers, database providers, email delivery services, analytics or diagnostics tools, security tools, and support tools.

These providers may process information only as needed to provide services to us, comply with law, secure their systems, or meet their own legal obligations. Provider availability, rules, and processing locations may affect the service.

We may share information with service providers, when you direct us to do so, as part of billing and payment flows, to comply with law or legal process, to enforce terms, to prevent fraud or abuse, to protect rights and safety, or as part of a business transfer such as a merger, acquisition, financing, reorganization, or sale of assets.

We do not sell personal data. We also do not make your private prompts or generated diagrams public unless you choose to publish, export, share, or disclose them.

svgdiagram.ai may use providers and infrastructure located outside the Netherlands or outside the European Economic Area. This means information may be processed in countries with different data protection laws from where you live.

When required, we rely on appropriate safeguards or legal mechanisms for international transfers, such as standard contractual clauses, provider transfer frameworks, adequacy decisions, or other lawful transfer mechanisms.

We keep information for as long as needed to provide the service, maintain workspace history, manage billing and credits, comply with legal or accounting obligations, resolve disputes, enforce terms, prevent abuse, maintain security, and operate backups.

Retention periods may vary by data type. Workspace content may remain until you delete it or your account is deleted, subject to trash retention, backups, and operational records. Deleted generations may remain in trash for up to 30 days before permanent purge.

Billing, tax, invoice, payment, chargeback, fraud-prevention, security, and dispute records may be kept longer where needed or legally required. Backups and security logs are retained for limited operational periods based on reliability, security, and recovery needs.

We use technical and organizational measures intended to protect information, such as authentication controls, hashed API keys, access restrictions, rate limits, logging, and provider security features.

No online service can be perfectly secure. You are responsible for keeping your password, sessions, devices, and API keys secure. If you believe your account or API key has been compromised, revoke affected keys when possible and email support@svgdiagram.ai.

You can choose what content you submit, manage account usage through the product, delete or trash workspace items where available, revoke API keys, and manage billing through the billing portal when available.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.

If you are in the European Economic Area, you may also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

To make a privacy request, email support@svgdiagram.ai. We may need to verify your account or identity before fulfilling a request. We generally respond to GDPR requests within one month, unless an extension is allowed by law.

The service may use strictly necessary cookies, local storage, session storage, or similar technologies for authentication, session management, security, preferences, product functionality, diagnostics needed to operate the service, and fraud prevention.

Optional analytics, marketing, or other non-essential cookies are used only where enabled and where the required consent has been obtained. You can control cookies through your browser settings, but blocking required cookies may prevent sign-in, workspace access, billing flows, or other core features from working correctly.

You control what you submit in prompts and API requests. If you submit personal data about other people, you are responsible for having a valid legal basis, giving required notices, and making sure the data is appropriate for processing through the service.

Unless a separate data-processing agreement says otherwise, svgdiagram.ai provides the service as described in this policy and the Terms, and the service is not intended for processing highly sensitive, regulated, or special-category personal data.

The service uses automated systems to generate diagrams, select templates, detect errors, rate limit requests, protect security, prevent abuse, manage credits, and process billing events.

We do not use solely automated decision-making intended to produce legal or similarly significant effects about you. Some automated security, fraud, payment, or rate-limit systems may restrict service access to protect the service, users, or providers.

The service is not intended for children who are too young to form a binding contract or use online services under the laws that apply to them. Do not use the service if you are not legally allowed to do so.

If you believe a child has provided personal data through the service without appropriate permission, email support@svgdiagram.ai.

We may update this Privacy Policy from time to time. When we do, we will update the date on this page. If changes are material, we may provide additional notice through the service or by other reasonable means.

Your continued use of the service after an updated Privacy Policy takes effect means the updated policy applies to your use of the service.

For privacy questions, data requests, account requests, billing privacy questions, or security concerns, email support@svgdiagram.ai.