Legal

Privacy Policy

Last updated: April 19, 2026

This policy explains exactly what ailegs collects, why, how we store it, and the rights you have over your data. Short version: tool uploads never leave your browser, and we collect as little as possible everywhere else.

The short version

  • Tool inputs never leave your device. All image, PDF, and video processing happens in your browser via WebAssembly.
  • We never sell your data. Ever.
  • Analytics and ads only run with your consent. You set this in the cookie banner.
  • You can request deletion of anything we hold. Email privacy@ailegs.io and we'll handle it within 30 days.

What we collect

1. Tool usage events

When you run a tool, we record an anonymized event: the tool slug, approximate file size, whether it succeeded, and a salted hash of your IP address. The IP hash cannot be reversed to identify you personally.

We do not log the files themselves, their contents, or any metadata inside them. Files are processed entirely client-side.

2. Account data (admins only)

If you sign in to manage content, we collect your email address and a magic-link token (no password is ever stored). This is handled by Supabase (our auth provider).

3. Blog comments

When you leave a blog comment, we store your chosen display name, a hash of your email (never the email itself), and your comment text. Comments are moderated before appearing publicly.

4. Newsletter subscribers

If you subscribe to our newsletter, we store your email address and confirmation status until you unsubscribe.

5. Cookies

See our Cookie Policy for a full list of cookies and how to manage them.

What we don't collect

  • The files you process — they never touch our servers.
  • Your full IP address (we hash it before storage).
  • Your real name, address, or phone number.
  • Biometric data, location data, or behavioral profiles.

Third parties we share data with

  • Supabase (database + auth) — stores your admin profile, blog content, and anonymized usage events. Data hosted in AWS Sydney (ap-southeast-2).
  • Cloudflare (CDN + DDoS) — sees your IP address at the edge. See Cloudflare's policy.
  • Google (AdSense + Analytics) — only loads if you consent to marketing/analytics cookies. Managed via Google's Consent Mode v2.
  • Microsoft (Clarity) — only loads if you consent to analytics cookies. Used for anonymized heatmaps.
  • Sentry (error tracking, admin-triggered only) — PII scrubbed before transmission.

We never sell your data to advertisers or data brokers. If we add a new third party, we'll update this page.

Your rights (GDPR, CCPA, and beyond)

Wherever you're based, you can ask us to:

  • Tell you what data we hold about you
  • Correct any data that's wrong
  • Delete your data entirely ("right to be forgotten")
  • Export your data in a common format
  • Withdraw consent for analytics or marketing cookies at any time
  • Object to specific processing

Email privacy@ailegs.io with your request. We aim to respond within 7 days and complete the action within 30.

Data retention

  • Usage events: 90 days, then aggregated and anonymized.
  • Admin accounts: until you delete them.
  • Blog comments: until you or we delete them.
  • Newsletter subs: until you unsubscribe.
  • Server logs (Cloudflare): per their standard retention, typically 7 days.

Children

ailegs is not directed at children under 13. We don't knowingly collect data from anyone under 13; if you believe a child has provided data, email us and we'll delete it.

Changes to this policy

We'll update the "last updated" date at the top when this page changes. Material changes (new third parties, significant new data collection) will be announced on the homepage or via email for logged-in users.

Contact

Privacy questions: privacy@ailegs.io
General contact: hello@ailegs.io

We use cookies to improve your experience

Necessary cookies keep the site running. Analytics and marketing cookies help us understand what's working. Read our Privacy Policy.

Privacy Policy | ailegs