Legal

Privacy Policy

Last updated: June 2026

The short version: We collect only what we need to run the service. We don't sell your data or use your artwork to train AI. You can request deletion of your data at any time.

1. Who We Are

PosterMock AI is an AI-powered mockup generation service. For questions about this policy, contact us at [email protected].

2. Information We Collect

Account information — when you create an account, we collect your email address. We do not collect your name unless you provide it.

Uploaded images — artwork you upload to generate mockups is sent to OpenAI's API for processing. Images are stored temporarily during generation and then in your account's mockup history if you are a registered user. Guest uploads are not stored after generation.

Generated mockups — if you are a registered user, generated mockup images are saved to your account history in Supabase Storage so you can access them later.

Payment information — billing is handled entirely by Stripe. We never see or store your card number, CVV, or full payment details. We store only your Stripe customer ID and subscription status.

Usage data — we store credit balances, plan type, and generation timestamps to operate the credit system.

Guest sessions — if you use the app without an account, we set a cookie to track your free credits. This data is held in memory and is not persisted to a database.

3. How We Use Your Information

To generate AI room mockups from your uploaded artwork
To manage your account, credits, and subscription
To send transactional emails (password reset, billing receipts via Stripe)
To operate and improve the Service

We do not use your uploaded artwork to train AI models. Images are passed to OpenAI solely for the purpose of generating your requested mockup.

4. Third-Party Services

We use the following third-party services to operate PosterMock AI:

Supabase — user authentication, database, and file storage. Data hosted in EU (Frankfurt). Supabase Privacy Policy
OpenAI — AI image generation (gpt-image-2 model). Your uploaded images are sent to OpenAI's API. OpenAI Privacy Policy
Stripe — payment processing. Stripe Privacy Policy

5. Data Retention

We retain your account data and mockup history for as long as your account is active. If you close your account, we delete your data within 30 days, except where required by law (e.g., billing records).

Guest session data (credits) is held only in server memory and is cleared when the server restarts.

6. Your Rights (GDPR)

If you are based in the EU or UK, you have the right to:

Access — request a copy of the data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and associated data
Portability — request your data in a machine-readable format
Object — object to processing of your data

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Cookies

We use a single session cookie (guest_sid) to track free credits for guest users. Registered users have an authentication session cookie managed by Supabase. We do not use tracking cookies or third-party advertising cookies.

8. Data Security

All data is transmitted over HTTPS. Authentication and database access are managed by Supabase with row-level security policies. Payment data is handled exclusively by Stripe and never passes through our servers.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The date at the top of this page reflects the most recent revision.

11. Contact

For privacy questions or data requests, contact us at [email protected].