Privacy Policy

1. Introduction

CoverStudio ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web-based SaaS platform for generating KDP book cover PDFs.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth or email/password).
• Profile Data: Display name, default cover type, trim size, and paper type preferences you set in your account settings.
• Payment Information: When you subscribe to a paid plan, payment is processed by Paddle. We do not store your full credit card number, CVV, or bank account details. Paddle handles all payment data securely under PCI DSS compliance.

2.2 Information Collected Automatically

• Usage Data: We may collect information about how you interact with the Service, including pages visited, features used, and PDF generation counts.
• Device Information: Browser type, operating system, screen resolution, and language preferences may be collected for analytics and optimization purposes.

2.3 Information We Do NOT Collect

Your cover images and artwork are never uploaded to our servers during PDF compilation.All PDF generation happens entirely client-side in your browser using the pdf-lib library. Your source graphics remain in your browser's memory and are never transmitted to any external server.

If you choose to save a cover design to your cloud catalog, only the cover metadata (title, dimensions, settings) and the compiled PDF file are stored in our Supabase-hosted cloud storage.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process subscription payments and manage your account
• Send transactional emails (account verification, password resets, billing receipts)
• Enforce our Terms of Service and prevent abuse
• Analyze usage patterns to improve features and user experience
• Respond to support inquiries and resolve issues

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share data with:

• Paddle: Our payment processor, which handles subscription billing securely.
• Supabase: Our backend infrastructure provider that hosts user authentication and cloud-saved cover designs.
• Google Fonts: Font files are loaded directly from Google's CDN when you select a Google Font for your spine typography. Google's privacy policy applies to those requests.
• Legal Compliance: We may disclose information if required by law, subpoena, or legal process.

5. Data Storage & Security

Your account data and cloud-saved designs are stored on Supabase's infrastructure with enterprise-grade encryption at rest and in transit (TLS 1.2+). We implement Row Level Security (RLS) policies to ensure users can only access their own data.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account information and cover designs for as long as your account is active. If you delete your account, we will remove your personal data and cloud-saved covers within 30 days. Certain data may be retained longer if required by law or for legitimate business purposes (e.g., billing records).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, commonly used format
• Restriction: Request that we restrict processing of your data
• Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at support@coverstudio.app. We will respond within 30 days.

8. Cookies & Local Storage

CoverStudio uses browser local storage and IndexedDB to persist your theme preferences and temporary cover configurations locally. We do not use third-party tracking cookies. If analytics tools are used in the future, they will be documented here and opt-out mechanisms will be provided.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.

10. International Data Transfers

Your data may be processed in countries other than your own. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us