Privacy Policy

Logonaut provides an AI-powered logo generation service where users can purchase credits and generate logos for personal or commercial use.

• Controller: Karel Talich (solo-operated)
• Contact: [email protected]
• Primary jurisdiction: Czech Republic (EU)
• Address: Nalepkova 298, 405 05 Decin

Account & Identity Data

• Email address (collected at registration or via OAuth sign-in with Google or Facebook).
• Basic profile data returned by the OAuth provider (typically your email and, where available, display name and avatar).

Service Data

• Credit balance, generation history, and your library of generated logos.

Technical & Security Data

• Basic request/connection data (e.g., IP address, user agent, timestamps) necessary to operate, secure, and troubleshoot the Service.
• No behavioral tracking. We do not use Google Analytics, Hotjar, or similar tools.

We process your information to:

• Provide and maintain the Service (create and manage accounts, run logo generations, display/download your logo library).
• Communicate with you about your account and transactions (transactional/system emails only—no newsletters or marketing emails unless you opt in later).
• Secure and improve the Service (fraud prevention, abuse detection, performance and reliability).
• Comply with legal obligations (e.g., tax and accounting records for purchases).

No profiling for advertising and no sale of personal data.

We use Stripe to process payments. Your payment card details are submitted directly to Stripe and are not stored on our servers. We receive limited payment metadata from Stripe (e.g., transaction IDs, amounts, status) to credit your account and maintain purchase records.

For Stripe’s privacy practices, please refer to Stripe’s own privacy documentation.

Your generated logos are stored privately on Cloudflare R2 (S3-compatible) in a private bucket. Access is provided via temporary signed URLs so that your files are not publicly accessible by default.

We use Cloudflare as a reverse proxy and for essential security/performance. Cloudflare may process IP addresses and basic request data to block malicious traffic and provide high-level, privacy-respecting analytics. We do not use cookies or tools to track users across sites, and no behavioral analytics (e.g., Google Analytics) are implemented.

Where GDPR applies, we rely on the following legal bases:

• Contractual necessity: To create your account, provide logo generation, maintain your logo library, and process payments.
• Legitimate interests: To secure and operate the Service, prevent abuse, and improve reliability—balanced against your rights and freedoms.
• Legal obligation: To maintain records required by tax/accounting laws and to respond to lawful requests.

• We retain account data, credits, and your logo library indefinitely while your account remains active.
• If you delete your account (see Section 10), we begin a 14-day grace period. After this period, your account and associated data (including logos) are permanently deleted unless you cancel deletion within the grace window.
• We may retain certain transaction records as required by law (e.g., tax and accounting) even after account deletion.

We do not sell your personal data. We share data only with essential service providers that enable the Service:

• OAuth providers: Google and Facebook (for sign-in).
• Stripe: payment processing.
• Cloudflare: security, performance, and basic privacy-centric analytics.
• Cloudflare R2: secure storage of generated logos.

Each provider processes data only on our instructions or as an independent service you choose (e.g., OAuth sign-in) and under their respective privacy terms. We may disclose information if required by law, to protect our rights, or to prevent fraud/abuse.

Access, Correction, Deletion

• You can access and update your account details in the app or by contacting [email protected]
• You can delete your account either:
  • In Account Settings (confirm deletion with your password), or
  • By contacting [email protected]
• After confirming deletion, a 14-day grace period begins. You can sign in and cancel deletion during this time. After 14 days, your account and associated data (including logos) are permanently deleted.

GDPR (EU/EEA) Rights

Where GDPR applies, you may have the right to: access, rectify, erase, restrict processing, object to processing based on legitimate interests, and data portability. You also have the right to lodge a complaint with your local data protection authority.

Do-Not-Track / Marketing

We do not run behavioral tracking or marketing cookies. We do not send marketing emails unless you opt in.

We may process or store data with providers that operate globally. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards (e.g., EU Commission adequacy decisions or Standard Contractual Clauses).

We use HTTPS for data in transit and private cloud storage with temporary signed URLs for your logos. We apply access controls and other reasonable technical/organizational measures to protect your data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact [email protected] so we can take appropriate action. If local law sets a higher age of consent for online services, we comply with that age in the relevant jurisdiction.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date. If you continue using the Service after changes take effect, you agree to the updated Policy.

If you have questions or requests regarding your personal data, please contact us at [email protected]. We will do our best to respond in a timely manner and address your needs.