Privacy Policy

Last updated: January 22, 2025

1. Who We Are

SVG AI is a file conversion and AI generation service operated from Canada.

Privacy Contact: [email protected]

2. What Data We Collect

Account Information

  • Email address (required)
  • Name (optional)
  • Authentication data (encrypted)

Service Usage

  • Files you upload for conversion (deleted immediately after processing)
  • AI-generated content you create
  • Converter usage statistics (anonymous)
  • Performance metrics (page load times, errors)

Payment Information

  • Stripe customer ID
  • Subscription status
  • Credit usage
  • We never see your credit card details (handled by Stripe)

3. Legal Basis for Processing (GDPR)

  • Contract: To provide our services to you
  • Consent: For marketing communications (optional)
  • Legitimate Interest: For security and fraud prevention
  • Legal Obligation: To comply with laws and regulations

4. How We Use Your Data

  • Provide file conversion services
  • Process AI generation requests
  • Manage your account and subscription
  • Send service-related communications
  • Improve our services and fix issues
  • Prevent fraud and abuse

5. File Processing Details

Browser-Based Converters (Most Tools)

These converters process files entirely in your browser:

  • PNG ↔ SVG, JPG ↔ SVG, WebP ↔ SVG
  • SVG to PNG/JPG/PDF/ICO
  • Files never leave your device
  • Zero server storage

Server-Based Processing (Complex Formats)

These formats require temporary server processing:

  • AI, EPS, EMF, WMF, AVIF formats
  • SVG to GIF/Video conversion
  • Files encrypted during transfer (HTTPS)
  • Processed and deleted immediately
  • No permanent storage or backups

6. Data Retention

  • Uploaded files: Deleted immediately after conversion
  • Account data: Until you request deletion
  • AI-generated content (SVGs, icons, videos): 7 days (Free/Starter) or 30 days (Pro)
  • Payment records: As required by tax laws (7 years)

Note: Generated content is automatically deleted after the retention period. Download your creations to keep them permanently.

7. Third-Party Service Providers

We share data only with essential service providers for:

  • Infrastructure & Hosting: Cloud database, authentication, and web hosting services
  • Payment Processing: Secure payment gateway (Stripe, Inc.)
  • AI Processing: Machine learning model infrastructure
  • Analytics: Anonymous usage statistics and performance monitoring

We never sell or rent your personal data to third parties.

For California residents: Specific third-party recipients include Stripe for payments and our cloud infrastructure providers. Full list available upon request.

8. Your Privacy Rights

Under GDPR/CCPA/PIPEDA

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and data
  • Portability: Export your data
  • Object: Opt-out of certain processing
  • Withdraw Consent: Unsubscribe from marketing emails via link in email

How to Exercise Your Rights

Email [email protected] with your request. We'll respond within:

  • 30 days (GDPR/PIPEDA)
  • 45 days (CCPA) with possible 45-day extension

Account Deletion Process

  1. Email [email protected] from your registered email
  2. Subject: "Account Deletion Request"
  3. We'll verify your identity
  4. Delete your data within 30 days
  5. Send confirmation when complete

Note: We may retain some data for legal compliance or fraud prevention.

9. International Data Transfers

Your data may be processed in:

  • United States (primary data center)
  • Canada (business operations)

We ensure appropriate safeguards through our service providers' compliance with privacy frameworks.

10. Security Measures

  • HTTPS encryption for all data transfers
  • Encrypted database storage
  • Secure authentication (bcrypt hashing)
  • Row-level security policies
  • Regular security updates
  • Immediate deletion of processed files

11. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

12. Cookies & Tracking

We use minimal cookies for:

  • Authentication: To keep you logged in
  • Security: To prevent fraud
  • Analytics: Anonymous usage statistics (Vercel)

We do not use tracking cookies or third-party advertising cookies.

Do Not Track: We respect browser DNT signals by not using tracking cookies.

13. Marketing Communications

  • Service updates and important notices (always sent)
  • Marketing emails only with your consent
  • One-click unsubscribe link in every marketing email
  • Unsubscribe requests processed within 10 days

Note: You cannot opt out of transactional emails (password resets, payment confirmations, etc.)

14. California Privacy Rights

California residents have additional rights under CCPA:

  • We do not sell or share personal information
  • No "Do Not Sell or Share" link needed
  • Right to know categories of data collected
  • Right to non-discrimination for exercising rights

15. Complaints

If you have privacy concerns:

  1. Contact us at [email protected]
  2. If unresolved, you may lodge a complaint with:
    • Your local data protection authority (EU)
    • Office of the Privacy Commissioner of Canada
    • California Attorney General (CCPA)

16. Changes to This Policy

We'll notify registered users by email of material changes. Continued use after changes constitutes acceptance.

17. Contact Information

Email: [email protected]

Response Time: Within 30 days (or 45 days for CCPA requests)