ReleasKit

Privacy Policy

Last updated: January 26, 2026

1. Introduction

ReleasKit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our AI-powered artwork generation platform (the "Service").

By using ReleasKit, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Profile picture (if using OAuth)
  • Authentication data from Google or Spotify (if using OAuth)

Artist Profile Information

To personalize your experience, we collect:

  • Artist name and stage name
  • Music genres and subgenres
  • Mood and style preferences
  • Spotify artist data (if you connect your Spotify account)

Generated Content

When you use our Service, we store:

  • Reference images you upload
  • AI-generated artworks
  • Platform-specific assets (social media images, promotional materials)
  • Prompts and generation parameters

Automatically Collected Information

We automatically collect:

  • Device information (browser type, operating system)
  • IP address (anonymized for analytics)
  • Usage data (features used, pages visited, actions taken)
  • Token transaction history

3. Legal Basis for Processing (GDPR)

If you're in the European Economic Area (EEA) or UK, we process your data based on:

  • Contract performance: Processing necessary to provide the Service you've requested
  • Legitimate interests: Improving our Service, preventing fraud, ensuring security
  • Consent: For analytics cookies and marketing communications (where applicable)
  • Legal obligation: Complying with applicable laws and regulations

4. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your AI artwork generations
  • Manage your account and token balance
  • Personalize your experience based on your artist profile
  • Send important service updates and notifications
  • Analyze usage patterns to improve our Service
  • Prevent fraud and abuse
  • Comply with legal obligations

5. Data Sharing & Third Parties

We share your data with the following service providers who help us operate the Service:

ServicePurposeData Shared
SupabaseAuthentication, database, storageAll user data
Google GeminiAI text and image generationPrompts, images
Google ImagenImage outpaintingImages
Spotify APIArtist search and dataSearch queries
fal.aiVideo generationImages, prompts
PostHog (EU)AnalyticsUser ID, events
StripePayment processingPayment details

We do not sell your personal data. We only share data with service providers who need it to help us operate the Service, and they are contractually obligated to protect your data.

We may disclose your information if required by law, court order, or government request, or if necessary to protect our rights, property, or safety.

6. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country.

For transfers from the EEA and UK, we rely on Standard Contractual Clauses and other appropriate safeguards to ensure your data receives adequate protection.

7. Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account, plus 30 days for complete removal
  • Generated artworks: Until you delete them, or 2 years after account inactivity
  • Session data: 24 hours
  • Transaction records: 7 years (for legal and tax compliance)
  • Analytics data: 2 years (anonymized)

8. Your Rights

GDPR Rights (EEA & UK)

If you're in the EEA or UK, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Restriction: Request limited processing of your data
  • Withdraw consent: Withdraw consent for processing based on consent

CCPA Rights (California)

If you're a California resident, you have the right to:

  • Know: What personal information we collect and how we use it
  • Delete: Request deletion of your personal information
  • Opt-out: Opt out of the sale of personal information (we don't sell data)
  • Non-discrimination: Not receive discriminatory treatment for exercising rights

To exercise any of these rights, contact us at support@releaskit.com. We'll respond within 30 days (or 45 days for CCPA requests).

9. Children's Privacy

ReleasKit is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately at support@releaskit.com, and we will delete the information.

10. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure infrastructure hosted on reputable cloud providers

11. Cookie Policy

We use cookies and similar technologies to operate and improve our Service:

Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled:

  • Supabase authentication cookies: Manage your login session
  • Cookie consent cookie: Remember your cookie preferences

Analytics Cookies

With your consent, we use analytics cookies to understand how you use our Service:

  • PostHog: Tracks anonymous usage patterns to improve the Service

Third-Party Cookies

During OAuth sign-in, third-party cookies may be set by Google or Spotify to facilitate authentication.

You can manage your cookie preferences through the cookie banner or your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

12. AI-Specific Privacy Practices

When you use our AI features, your data is processed as follows:

  • Image processing: Reference images are sent to AI providers for generation. They may be temporarily cached by these providers but are not used to train their models.
  • Prompts: Text prompts are processed by AI providers. We recommend not including personal or sensitive information in prompts.
  • Generated outputs: AI-generated images are stored in our systems and associated with your account until you delete them.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes by email or through a notice on our Service. Your continued use after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: support@releaskit.com

If you're in the EEA and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.