Privacy Policy

Last updated: April 5, 2026

Adorie ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, share, and protect your personal information when you use our AI-powered website builder.

1. Information We Collect

We collect the following categories of information:

Account Information

• Name, email address, and profile picture (from Google or Apple OAuth sign-in).
• Account preferences and settings.

Payment Information

• Payment details are processed securely by Stripe. We do not store your credit card numbers, CVV, or full card details on our servers.
• We retain transaction records (amount, date, plan type) for billing and accounting purposes.

Content & Project Data

• Chat messages and prompts you send to build your website.
• Generated website code, HTML, CSS, and files.
• Images you upload or generate through the Service.
• Form submissions received on your published websites.

Usage & Technical Data

• Pages visited, features used, and interaction timestamps.
• IP address, browser type, device information, and operating system.
• Referral source (e.g., referral codes).

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process payments, manage credits, and handle subscriptions.
• Generate websites and AI content based on your instructions.
• Send transactional emails (confirmations, receipts, form submission notifications).
• Improve our AI models and service quality (see Section 3).
• Analyze usage patterns and optimize performance.
• Prevent fraud, abuse, and enforce our Terms of Service.
• Respond to support requests.

3. AI Training & Your Data

As an AI-powered service, we want to be transparent about how your data interacts with our AI systems:

• Chat prompts and generated website code may be used to improve the quality of our AI-powered generation.
• Data used for AI improvement is anonymized and aggregated — it is not associated with your identity.
• Users on paid plans (Pro and above) can opt out of having their content used for AI training by contacting us at the email below.
• We do not sell your data to third-party AI companies.
• Your prompts are sent to AI providers (such as OpenAI or Anthropic) to generate responses. These providers have their own data processing policies.

4. Third-Party Services

We share data with the following third-party service providers, only as necessary to operate the Service:

• Supabase — Database, authentication, file storage, and edge functions.
• OpenAI / Anthropic — AI language models for website generation. Your prompts are sent to these providers.
• DALL·E (OpenAI) — Image generation when you request AI-created images.
• Stripe — Payment processing for subscriptions, top-ups, and Stripe Connect transactions.
• Vercel — Website hosting and serverless function execution.
• Resend — Transactional email delivery (form submission confirmations).
• Google Analytics — Anonymized usage analytics to understand how the Service is used.

We do not sell your personal information to any third party.

5. Cookies & Tracking

We use the following categories of cookies and similar technologies:

• Strictly Necessary — Authentication tokens, session management. Required for the Service to function.
• Analytics — Google Analytics (anonymized). Used to understand usage patterns and improve the Service.
• Functional — Language preferences, theme settings, referral codes stored in localStorage.

We do not use marketing, advertising, or retargeting cookies.

6. Data Retention

We retain your data for the following periods:

• Account data — Retained while your account is active, plus 30 days after deletion to allow recovery.
• Project data (websites, code, messages) — Retained while your account is active. Deleted upon request or account deletion.
• Server logs — 90 days.
• Analytics data — 13 months.
• Payment records — As required by applicable tax and financial law (typically 7 years).

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest.
• JWT-based authentication with server-side verification.
• Row Level Security (RLS) policies on database tables.
• Service role key separation for server-side operations.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights:

All Users

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Export your project data (data portability).
• Opt out of AI training data usage (paid plan users).
• Opt out of marketing communications at any time.

EEA/UK Residents (GDPR)

• Withdraw consent for data processing at any time.
• Object to processing based on legitimate interests.
• Lodge a complaint with your local supervisory authority.

California Residents (CCPA/CPRA)

• Right to know what personal information is collected and how it is used.
• Right to delete personal information.
• Right to opt out of the "sale" of personal information. Note: we do not sell personal information.
• Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

9. International Data Transfers

Your data is processed and stored in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard international transfers.
• Our service providers maintain appropriate data protection certifications and agreements.

10. Legal Basis for Processing (EEA/UK)

For users in the EEA/UK, we process personal data on the following legal bases:

• Contract Performance — To provide the Service you signed up for (account, website generation, hosting).
• Legitimate Interests — To improve our AI, prevent abuse, analyze usage, and ensure security.
• Consent — For analytics cookies, marketing emails, and optional data processing. You can withdraw consent at any time.
• Legal Obligations — To comply with tax, accounting, and fraud prevention requirements.

11. Children's Privacy

Adorie is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, United States.

14. Contact Us

If you have any questions about this privacy policy, wish to exercise your data rights, or want to opt out of AI training, please contact us at hahanonoclaw@gmail.com.

We aim to respond to all data rights requests within 30 days.