Logotham Privacy Policy
Effective 16 December 2025
Logotham (“we,” “our,” or “us”) operates the logo builder available at https://logotham.app. This policy explains what information we collect through the product, how we use it, and the options you have.
1. Information We Collect
Account & Authentication Data
- Name, email, avatar, provider IDs, OAuth tokens, and verification status required by Better Auth.
- Session metadata (session ID, expiry, IP, user agent) stored in the sessions table.
Social Logins
If you sign in with Google or GitHub, we receive the basic profile details those providers supply. We never see your social passwords.
Subscription & Billing Data
Stripe customer IDs, subscription IDs, plan name, price ID, quantity, status, and cancellation flags stored in subscriptions when you upgrade or manage a plan through the Stripe plugin.
Usage & Credits
- Credit balances, plan name, limits, and reset timestamps cached in Upstash Redis.
- Aggregate counters such as “logos generated” maintained in Upstash.
AI Generation Inputs
Prompts you type plus logo brief metadata are sent to OpenRouter’s API when you run generateLogos. We do not persist those prompts in our database after the request completes.
On-Device Data
- Logo configurations you edit are saved to your browser’s localStorage via useLogoHistory so recent sessions reopen with your last state.
- Cookies set by Better Auth keep you signed in.
Diagnostics & Analytics
- We load @vercel/analytics, which records anonymized page metrics.
- Server logs capture standard request metadata (timestamp, IP) for troubleshooting.
We do not store the actual raster or vector exports you download; they are generated on the fly in your browser.
2. How We Use Information
- Provide the app: Authenticate you, persist editor state, and render logos.
- Process payments: Initiate subscriptions, upgrades, billing-portal sessions, and credit allotments.
- Enforce limits: Deduct credits via consumeCredits before each AI run.
- Improve reliability: Monitor aggregate stats and error logs to keep the service stable.
- Respond to you: Feedback dialogs and support DMs (see Section 9) rely on contact info you provide.
We do not sell or rent personal data.
3. Sharing with Service Providers
We share only what’s necessary with these processors:
| Vendor | Purpose | Data shared |
|---|---|---|
| Stripe | Checkout, subscriptions, billing portal | Name, email, Stripe customer/subscription IDs, plan info. Card data stays with Stripe. |
| OpenRouter | Claude Haiku 4.5 model that designs logos | Prompt text, forced icon/task instructions. |
| Upstash Redis | Credit ledger & aggregate counts | User ID, plan, balance/limit numbers, reset dates. |
| Vercel | Hosting & analytics | Pseudonymous page metrics, truncated IPs. |
| OAuth providers (Google, GitHub) | Account creation / login | Your provider ID, email, and avatar as returned by them. |
Each vendor processes data under its own privacy terms; Stripe and OpenRouter host data in the United States.
4. Cookies & Local Storage
- Better Auth session cookies keep you signed in and protect routes.
- localStorage (key lucide-logo-config) persists the last logo config on your own device only.
- You may clear browser storage to reset local drafts.
5. Data Retention
- Account, session, and subscription records remain until you delete the account or we close it for inactivity.
- Credit ledgers in Upstash keep the latest balance plus reset timestamps; aggregate logo counts are stored indefinitely for historical reporting.
- AI prompts are sent to OpenRouter for immediate processing and not saved in our Postgres database.
- Local storage remains until cleared by you.
6. Security
- PostgreSQL tables are managed through Drizzle ORM with UUID primary keys.
- Secrets (Stripe keys, OpenRouter key, Upstash tokens) stay in .env files and server-side actions only.
- Stripe Checkout and Billing Portal handle payment data directly; we never see full card details.
- All AI calls run from server actions so API keys are not exposed to the browser.
7. Your Rights & Choices
- Access / update: Edit your profile or social accounts inside Settings (/settings).
- Delete account: Use the “Delete account” flow. This queues removal of your user, sessions, accounts, and subscriptions.
- Unsubscribe: Cancel or downgrade in /billing or /pricing; Stripe webhooks update our records automatically.
- Export logos: Use in-app export tools; we do not offer an automated export of raw database data yet, but we’ll respond to reasonable requests.
Email addresses or data from OAuth providers can also be updated by reconnecting the provider.
8. International Transfers
We operate from the United States. When you use Logotham, your data may be processed in the U.S. and any location where our processors (Stripe, Upstash, OpenRouter, Vercel) maintain infrastructure. We rely on Standard Contractual Clauses in our vendor agreements where applicable.
9. Contact
Questions or privacy requests?
- Use the in-app Feedback dialog.
- Or reach us on X/Twitter via @mathaegon. We’ll respond within 30 days.
10. Changes
We’ll update this policy if we add major features (e.g., new data tables or processors). The “effective date” above reflects the latest code-state review. Continued use of Logotham after changes means you accept the updated policy.