Privacy Policy

1. Overview

begen.space ("we", "us", "the Platform") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and other applicable laws.

2. Data We Collect

Account data

Email address, display name, alias, avatar, and profile bio -- provided by you during registration.

Authentication data

We use Supabase for authentication. If you sign in with email, we store your email. If you sign in with Google OAuth, we receive your name, email, and profile picture from Google. We do not store your Google password.

Content data

Images, videos, prompts, workflows, and metadata you upload. Media files are stored on Cloudflare R2 (cloud storage). Metadata is stored in our Supabase (PostgreSQL) database.

Usage data

Page views, feature interactions, and session data collected for analytics and improving the Platform. We do not use third-party tracking scripts or sell usage data.

Payment data

Payments are processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers, bank details, or other payment credentials.

3. How We Use Your Data

• To provide and operate the Platform
• To display your portfolio to other users
• To process payments and manage subscriptions
• To send transactional emails (magic links, notifications)
• To improve the Platform based on aggregated usage patterns
• To enforce our Terms of Service and Community Guidelines

We do not use your content or personal data to train AI models. We do not sell your data to third parties.

4. Legal Bases (GDPR)

We process your data under the following legal bases:

• Contract -- to provide the service you signed up for
• Legitimate interest -- to improve the Platform and prevent abuse
• Consent -- for optional features like marketing emails (you can withdraw at any time)
• Legal obligation -- to comply with applicable laws

5. Data Sharing

We share data only with:

• Supabase -- authentication and database hosting (EU region)
• Cloudflare -- media storage and CDN delivery
• Stripe -- payment processing
• Google -- only if you choose Google OAuth sign-in

All processors are bound by data processing agreements. We do not sell, rent, or trade your personal data.

6. Your Rights (GDPR)

As an EU resident, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Delete your account and all associated data
• Export your data in a portable format
• Object to processing based on legitimate interest
• Restrict processing in certain circumstances
• Withdraw consent at any time

To exercise these rights, email hello@begen.space. We will respond within 30 days.

7. Cookies

We use essential cookies only -- session authentication cookies required for the Platform to function. We do not use advertising cookies, analytics cookies, or third-party tracking cookies. No cookie consent banner is required because we only use strictly necessary cookies (GDPR Art. 5(3) ePrivacy Directive).

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your personal data and media files within 30 days. Anonymized aggregate data (e.g., total platform statistics) may be retained indefinitely.

9. Data Security

We use industry-standard security measures including HTTPS encryption, secure authentication tokens, row-level security on our database, and access controls on media storage. No system is 100% secure, and we cannot guarantee absolute security.

10. Children

The Platform is not intended for users under 16. We do not knowingly collect data from children. If we learn we have collected data from a child under 16, we will delete it promptly.

11. Changes

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the Platform. Your continued use after changes constitutes acceptance.

12. Contact

For privacy inquiries, contact us at hello@begen.space.