Privacy Policy

OGCanvas (the “Service”) is operated by Nitesh Seram (“we,” “us,” or “our”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the controls you have. By using the Service, you agree to the practices described here.

When you sign up and use the Service, we collect:

• Account info: your email address, name, and avatar (provided by Google when you sign in).
• Content: the designs, layer trees, uploaded images, brand kits, and template variables you create or upload.
• Billing info: handled by Dodo Payments. We store your Dodo Payments customer ID, subscription status, plan, and renewal date. We do not store full card numbers.
• Support requests: anything you send us by email or other channels.

• Device and log data: IP address, user agent, referrer, timestamps, and basic request metadata captured by our hosting and infrastructure providers.
• Server logs: short-lived request logs used to debug issues and monitor performance.
• Cookies: strictly necessary cookies for authentication and session state. We do not use analytics or advertising cookies.

We use the information we collect to:

• Operate, maintain, and improve the Service.
• Render OG images requested through the API and serve them to you and to your end users.
• Authenticate you, secure your account, and prevent fraud or abuse.
• Process subscriptions, billing, and refunds.
• Provide customer support and respond to your requests.
• Comply with legal obligations.

We do not sell your personal information. We share it only with service providers that help us operate the Service, and only as needed:

• Supabase (managed Postgres hosting) for storing accounts, designs, and subscription metadata.
• Vercel for application hosting and serving the editor and render endpoint.
• Cloudflare R2 for object storage of uploads and rendered assets.
• Dodo Payments for payments and subscription management. Dodo Payments may send you transactional emails directly (such as payment receipts) as part of processing your subscription.
• Google as an OAuth provider when you sign in with Google.

We may also disclose information when required by law, to enforce our Terms, to protect the safety of users or the public, or in connection with a business transfer (such as a merger or acquisition).

Our sub-processors may process your data in countries outside your own. By using the Service, you understand your data may be transferred to and processed in such countries.

We retain your account and Content for as long as your account is active. If you ask us to delete your account, we will delete your personal data and Content within a reasonable timeframe, except where we are required to retain it for legal, tax, or accounting reasons.

Depending on where you live, you may have the right to: access the personal data we hold about you, correct inaccurate data, delete your data, restrict or object to certain processing, port your data to another service, and withdraw consent at any time.

To exercise any of these rights, including account or data deletion, email us at [email protected] from the address associated with your account. We will respond within a reasonable timeframe and in line with applicable law.

We use reasonable measures to protect your data, including HTTPS in transit. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the “Effective” date at the top and, for material changes, give reasonable advance notice (such as an in-app banner or email). Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For privacy questions, requests, or complaints, email us at [email protected].