Privacy Policy

Logonaut provides an AI-powered logo generation service where users can purchase credits and generate logos for personal or commercial use.

• Controller: Karel Talich (solo-operated)
• Contact: [email protected]
• Primary jurisdiction: Czech Republic (EU)
• Address: Nalepkova 298, 405 05 Decin

Account & Identity Data

• Email address (collected at registration or via OAuth sign-in with Google or Facebook).
• Basic profile data returned by the OAuth provider (typically your email and, where available, display name and avatar).

Service Data

• Credit balance, generation history, and your library of generated logos.

Technical & Security Data

• Basic request/connection data (e.g., IP address, user agent, timestamps) necessary to operate, secure, and troubleshoot the Service.
• Cookies and similar technologies used for essential functionality (e.g., security, remembering your settings, and storing your cookie consent choices).
• We use Google Analytics 4 (analytics cookies) only if you consent via the cookie banner. If you do not consent, we do not set analytics cookies and do not collect Google Analytics data.

We process your information to:

• Provide and maintain the Service (create and manage accounts, run logo generations, display/download your logo library).
• Communicate with you about your account and transactions (transactional/system emails only—no newsletters or marketing emails unless you opt in later).
• Secure and improve the Service (fraud prevention, abuse detection, performance and reliability).
• Comply with legal obligations (e.g., tax and accounting records for purchases).

No profiling for advertising and no sale of personal data.

We use Stripe to process payments. Your payment card details are submitted directly to Stripe and are not stored on our servers. We receive limited payment metadata from Stripe (e.g., transaction IDs, amounts, status) to credit your account and maintain purchase records.

For Stripe’s privacy practices, please refer to Stripe’s own privacy documentation.

Your generated logos are stored privately on Cloudflare R2 (S3-compatible) in a private bucket. Access is provided via temporary signed URLs so that your files are not publicly accessible by default.

We use Cloudflare as a reverse proxy and for essential security/performance. Cloudflare may process IP addresses and basic request data to block malicious traffic and provide performance/security insights. We also use Google Analytics 4 to understand aggregated usage of the Service (e.g., pages viewed, basic interaction events). Google Analytics is enabled only with your consent via the cookie banner. Google Analytics 4 does not log or store IP addresses. We do not sell personal data.

Where GDPR applies, we rely on the following legal bases:

• Contractual necessity: To create your account, provide logo generation, maintain your logo library, and process payments.
• Legitimate interests: To secure and operate the Service, prevent abuse, and improve reliability—balanced against your rights and freedoms.
• Legal obligation: To maintain records required by tax/accounting laws and to respond to lawful requests.
• Consent: For non-essential cookies and analytics measurement (Google Analytics). You can refuse or withdraw consent at any time via cookie preferences.

• We retain account data, credits, and your logo library indefinitely while your account remains active.
• If you delete your account (see Section 10), we begin a 14-day grace period. After this period, your account and associated data (including logos) are permanently deleted unless you cancel deletion within the grace window.
• We may retain certain transaction records as required by law (e.g., tax and accounting) even after account deletion.

We do <strong>not sell</strong> your personal data. We share data only with essential service providers that enable the Service:

• OAuth providers: Google and Facebook (for sign-in).
• Stripe: payment processing.
• Cloudflare: security, performance, and basic privacy-centric analytics.
• Cloudflare R2: secure storage of generated logos.
• Google (Google Analytics 4): analytics measurement (only if you consent via the cookie banner).

Each provider processes data only on our instructions or as an independent service you choose (e.g., OAuth sign-in) and under their respective privacy terms. We may disclose information if required by law, to protect our rights, or to prevent fraud/abuse.

Access, Correction, Deletion

• You can access and update your account details in the app or by contacting [email protected]
• You can <strong>delete your account</strong> either:
  • In <strong>Account Settings</strong> (confirm deletion with your password), or
  • By contacting [email protected]
• After confirming deletion, a 14-day grace period begins. You can sign in and cancel deletion during this time. After 14 days, your account and associated data (including logos) are permanently deleted.

GDPR (EU/EEA) Rights

Where GDPR applies, you may have the right to: <strong>access, rectify, erase, restrict</strong> processing, <strong>object</strong> to processing based on legitimate interests, and <strong>data portability</strong>. You also have the right to lodge a complaint with your local data protection authority.

Cookie Preferences (Consent)

You can <strong>accept or refuse</strong> analytics cookies in the cookie banner. You can also <strong>change or withdraw</strong> your consent at any time via a “Cookie Preferences” link (or by reopening the cookie banner). Withdrawing consent does not affect processing that occurred before withdrawal.

Do-Not-Track / Cookies / Marketing

We do not run behavioral advertising or marketing cookies. We do not send marketing emails unless you opt in. Analytics cookies (Google Analytics) are used <strong>only with your consent</strong> and can be turned off any time via cookie preferences.

We may process or store data with providers that operate globally (e.g., Cloudflare and Google). Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards (e.g., EU Commission adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms, depending on the provider and transfer context).

We use HTTPS for data in transit and private cloud storage with temporary signed URLs for your logos. We apply access controls and other reasonable technical/organizational measures to protect your data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact [email protected] so we can take appropriate action. If local law sets a higher age of consent for online services, we comply with that age in the relevant jurisdiction.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date. If changes are material, we will take reasonable steps to inform you. Where required by law (e.g., for cookies), we will request your consent again.

If you have questions or requests regarding your personal data, please contact us at [email protected]. We will do our best to respond in a timely manner and address your needs.