Last updated: March 15, 2026
At Catalogstory, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we secure it when you use the platform to generate visual content.
1. Information We Collect
We collect information you provide directly when you register for an account, update your profile, or contact support. This includes your email address, account details, uploaded images and assets, prompts, generated outputs, and billing-related information associated with your use of the service.
2. Razorpay and Payment Data
Payments are processed by Razorpay. Catalogstory does not store full card numbers, UPI credentials, or other full payment instrument details on its own servers. We do receive and store limited payment and subscription metadata from Razorpay, including identifiers such as Razorpay customer IDs, subscription IDs, order IDs, payment status, plan IDs, billing interval details, and webhook event records needed to activate subscriptions, grant credits, detect duplicate webhook deliveries, handle failed payments, and support your account.
3. How We Use Your Data
We use your information to create and secure your account, process payments, deliver generated content, maintain subscription and credit balances, respond to support requests, send transactional emails, detect abuse or fraud, and improve the reliability of the platform.
4. How We Use Your Content
Uploaded images, prompts, and related assets are used to provide the service to you, including sending data to third-party processing providers involved in generation workflows. We do not sell your raw assets to advertisers or data brokers.
5. Service Providers and Sharing
We share data only as needed to operate the service. This includes providers such as Supabase for authentication and database infrastructure, Razorpay for billing, Resend for transactional email, and generation providers used to create outputs from your uploads and prompts. We may also disclose information if required by law, to enforce our terms, or to protect the security of the platform.
6. Retention
We retain account records, uploaded assets, generated outputs, and billing metadata for as long as reasonably necessary to operate the service, comply with legal obligations, resolve disputes, and enforce our agreements. Some billing and audit records may be retained even after account closure where required for compliance or fraud prevention.
7. Security
Accounts are secured through Supabase authentication. Database records are protected with Row-Level Security so users can only access their own profiles, uploads, generations, templates, and related records in normal app usage. No system can guarantee absolute security, but we use reasonable administrative, technical, and organizational measures to protect data under our control.
8. Questions and Requests
For privacy questions or deletion requests, contact our contact form.
Need the product overview first? Review the public plans and workflows before creating an account.