1. Who we are
Ombryth is an AI image and caption generation tool operated by an individual developer based in Hungary, European Union. If you have any questions about this policy or your data, please contact us at hello@ombryth.com.
2. What data we collect
We collect only what is necessary to provide the service:
- Account information. Your email address and a password hash. Authentication is handled by Supabase Auth — we never store your password in plaintext.
- API keys. The AI provider API keys you choose to add (e.g. OpenAI, Anthropic, Google, Replicate, Stability AI, BytePlus). These are encrypted with AES-256 before being stored in our database. They are never transmitted in plaintext, never logged, and are used solely to make generation requests on your behalf.
- Uploaded images. Style reference images and product photos you upload to start a generation. These are processed server-side and stored in Supabase Storage under your account.
- Generated images. Images produced by AI models are stored in Supabase Storage and associated with your account. They are accessible via URL.
- Billing information. Payments are handled entirely by Stripe. We store only your Stripe Customer ID so we can manage your subscription — we never see or store your card number, CVV, or other payment card data.
- Usage data. We track the number of generations you have used so we can enforce the free tier limit of 10 generations.
3. What we do not collect
We have made a deliberate choice to keep Ombryth free of surveillance infrastructure:
- No analytics or tracking pixels of any kind
- No advertising networks or retargeting
- No location data or IP logging beyond what Supabase and your hosting infrastructure record at the network level
- No device fingerprinting
- No sale or sharing of your data with third parties for marketing purposes
4. Third-party services we use
Ombryth relies on a small number of trusted third-party services to operate:
- Supabase — provides authentication, the PostgreSQL database where your account and encrypted API keys are stored, and the file storage for your uploaded and generated images. Supabase is configured in an EU region.
- Stripe — handles all subscription billing. When you subscribe, you interact with Stripe's payment interface directly. Stripe's privacy policy applies to data you share with them.
- AI providers you connect — when you initiate a generation, your API key and the relevant image/text inputs are sent to the AI provider you have selected (e.g. OpenAI, Anthropic, Google, Replicate, Stability AI, BytePlus). Each provider's own privacy policy governs how they handle those requests. We do not pay for or resell AI credits — your key, your costs.
5. Data retention
- Account data (email, encrypted API keys) is kept until you delete your account.
- Uploaded and generated images are kept until you delete them from your account.
- Billing records (Stripe Customer ID and transaction history) are retained for 7 years as required by EU accounting law.
6. Your rights under GDPR
As a user based in the EU (or interacting with an EU-based operator), you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your account and all associated data.
- Portability — request your data in a machine-readable format.
You can delete your account at any time via Settings → Account. For other data requests, contact us at hello@ombryth.com.
7. Cookies
Ombryth sets a single session cookie used by Supabase Auth to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across other websites. We do not use advertising cookies, analytics cookies, or any other tracking cookies.
8. Security
We take reasonable technical measures to protect your data:
- All API keys are encrypted at rest using AES-256 before storage.
- All data in transit is encrypted via HTTPS/TLS.
- Database access is protected by Supabase Row-Level Security (RLS) — your data is only accessible by your account.
No system is completely secure. If you discover a security issue, please contact us immediately at hello@ombryth.com.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Your continued use of Ombryth after any changes constitutes your acceptance of the revised policy.
10. Contact
Questions about this Privacy Policy or your data? Email us at hello@ombryth.com.