1. Who we are
CaseDesign.AI ("we", "us", "our") operates the website at casedesign.ai and the services offered through it. This policy explains what personal information we collect, why we collect it, and the rights you have over it. If you have questions, email [email protected].
2. Information we collect
Information you give us
- Account data: email address, name, and (if you sign in with Google) your Google profile picture.
- Design data: the photos you upload, the AI art style you pick, the phone model you select.
- Order data: shipping address, the order itself, and any customer-support correspondence.
- Payment data: handled entirely by Stripe. We never see or store your full card number — only the last four digits and a Stripe token.
Information we collect automatically
- Usage analytics: page views, clicks, and basic interaction events via our own first-party logs.
- Advertising attribution: TikTok click IDs (ttclid) and conversion events via the TikTok Pixel and Events API.
- Device & network: IP address, approximate location derived from IP, user-agent, and a FingerprintJS device signature used for anti-abuse.
- Cookies: strictly necessary cookies for sign-in and cart state; advertising cookies for TikTok. You can clear them any time in your browser.
3. How we use the data
- Generate your AI case design and fulfill your order.
- Send transactional emails (order confirmation, shipping updates, delivery notification).
- Detect abuse and fraud (repeat generation abuse, chargebacks).
- Measure what's working in our product and in our ads, so we can spend less on the parts that aren't.
- Respond to your questions and support requests.
We do not sell your personal data. We do not use your uploaded photos to train AI models. We do not share your email with third-party marketers.
4. Subprocessors we use
| Service | Purpose | Data region |
|---|---|---|
| Stripe | Payment processing | US / EU |
| Runware | AI image generation | EU |
| Cloudflare R2 | Photo + artwork storage | Global |
| Cloudflare + Railway | Hosting, CDN, DDoS protection | Global |
| Supabase Postgres | Application database | US (us-west-1) |
| Resend | Transactional email | US / EU |
| TikTok Ads | Ad attribution, Pixel, Events API | US / SG |
| Axiom | Server logs | US / EU |
| Google (OAuth + One Tap) | Sign-in | US |
5. How long we keep data
- Uploaded photos: retained for 90 days for re-order convenience, then deleted from R2. You can request earlier deletion at any time.
- Generated case artwork: retained for the lifetime of the order and for 7 years after for print-dispute and accounting obligations.
- Order records: 7 years (tax requirement in most operating jurisdictions).
- Analytics events: 12 months rolling.
6. Your rights
If you are in the EU, UK, or California, or any jurisdiction that grants you similar rights, you can:
- Access the personal data we hold on you.
- Correct anything inaccurate.
- Delete your account and associated data (subject to legal retention obligations for order records).
- Port your data to another service.
- Object to or restrict certain processing.
- Withdraw consent for analytics and advertising cookies at any time.
To exercise any of these, email [email protected]. We respond within 30 days.
7. Children
Our service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has given us data, email us and we'll delete it.
8. International transfers
Data may be transferred to, stored in, and processed in jurisdictions other than your own. Where required, we rely on Standard Contractual Clauses or equivalent legal safeguards to protect those transfers.
9. Changes to this policy
We'll post material changes here and update the "Last updated" date. For significant changes (like adding a new subprocessor type), we'll also notify account holders by email.
10. Contact
Privacy questions, access requests, and deletion requests all go to [email protected].