Privacy Policy

Last updated: January 17, 2026

1. Introduction

Masco ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mascot generation service. We comply with the General Data Protection Regulation (GDPR) and French data protection laws.

2. Data We Collect

Account Information

Email address, username, and authentication credentials when you create an account.

Payment Information

Payment details are processed securely by Stripe. We do not store your full credit card information on our servers. We only retain transaction IDs and billing history.

Usage Data

Information about how you use our service, including generated assets, API calls, feature usage, and interaction logs to improve our service.

Technical Data

IP address, browser type, device information, and cookies for analytics and service optimization.

3. How We Use Your Data

  • To provide and maintain our mascot generation service
  • To process payments and manage your subscription
  • To communicate with you about your account and updates
  • To analyze usage patterns and improve our service
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

Contract: Processing necessary to provide you with our service.

Consent: For marketing communications and cookies (you can withdraw anytime).

Legitimate Interest: For service improvement and fraud prevention.

Legal Obligation: For tax and accounting requirements.

5. Data Sharing

We share your data only with:

  • Stripe: For payment processing
  • Analytics providers: For service improvement (anonymized where possible)
  • Cloud infrastructure: For hosting and data storage

We never sell your personal data to third parties.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request limited processing

To exercise these rights, contact us at paul@masco.dev. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. After account deletion, we keep necessary records for legal compliance (typically 5 years for financial records). Generated assets are deleted within 30 days of account closure.

8. Cookies

We use essential cookies for authentication and session management. We also use analytics cookies to understand how you use our service. You can manage cookie preferences in your browser settings.

9. Contact

For privacy-related inquiries:

Email: paul@masco.dev

You also have the right to lodge a complaint with the French data protection authority (CNIL) if you believe your rights have been violated.