Privacy Policy

Our commitment to protecting your privacy and personal data

2025/11/15

Last Updated: November 15, 2025

Introduction

SciDraw ("we," "us," or "our") operates the sci-draw.com website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered scientific illustration platform.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

Information We Collect

Personal Information

When you register for an account or use our Service, we collect:

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Display name, avatar, preferences
  • Payment Information: Processed securely through Stripe (we do not store complete credit card details)
  • Billing Information: Billing address, payment history, subscription status

Usage Data

We automatically collect information about your interaction with the Service:

  • Service Usage: Features used, images generated, prompts submitted, credits consumed
  • Technical Data: IP address, browser type, operating system, device information
  • Analytics Data: Page views, session duration, navigation patterns
  • Interaction Data: Conversations, image edits, template selections, style preferences

User-Generated Content

  • Uploaded Images: Reference images, sketches, or manuscripts you upload for AI processing
  • Text Prompts: Descriptions and instructions you provide for image generation
  • Generated Images: All images created through our AI service
  • Conversation History: Your multi-round editing sessions and feedback

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information.

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery

  • Provide, operate, and maintain the AI scientific illustration Service
  • Process your image generation requests using AI APIs
  • Store and manage your generated images
  • Manage your account, authentication, and authorization

Payment Processing

  • Process subscription payments and credit purchases through Stripe
  • Manage billing, invoicing, and payment verification
  • Handle refunds and payment disputes
  • Prevent fraudulent transactions

Credits Management

  • Track credit usage and distribution
  • Process credit grants, purchases, and expirations
  • Apply subscription benefits and bonus credits

Service Improvement

  • Analyze usage patterns to improve AI model performance
  • Develop new features and templates
  • Optimize user experience and interface design
  • Monitor system performance and reliability

Communication

  • Send service-related notifications and updates
  • Respond to your inquiries and support requests
  • Send marketing communications (with your consent)
  • Deliver newsletter content (if subscribed)
  • Comply with legal obligations and regulations
  • Enforce our Terms of Service
  • Protect against fraud, abuse, and security threats
  • Resolve disputes and enforce our agreements

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers:

  • Stripe: Payment processing and subscription management
  • Google Cloud (Gemini AI): AI-powered image generation and text processing
  • AWS S3 / Cloudflare R2: Secure file storage for uploaded and generated images
  • Resend: Transactional email delivery
  • Vercel: Application hosting and analytics
  • Database Provider (Neon): Secure data storage

All service providers are contractually bound to protect your information and use it only for specified purposes.

We may disclose your information if required by law or in response to:

  • Valid legal requests from government authorities
  • Court orders, subpoenas, or legal processes
  • Protection of our rights, property, or safety
  • Investigation of fraud, security issues, or terms violations

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

We may share your information for any other purpose with your explicit consent.

Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for a reasonable period after account closure
  • Payment Records: Retained for 7 years to comply with financial regulations
  • Generated Images: Retained according to your account type and storage limits
  • Usage Data: Aggregated and anonymized data may be retained indefinitely for analytics
  • Marketing Data: Retained until you unsubscribe or request deletion

You can request deletion of your account and associated data at any time by contacting us.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted is encrypted using SSL/TLS protocols
  • Secure Storage: Personal data is stored in encrypted databases
  • Access Controls: Strict access limitations and authentication requirements
  • Payment Security: PCI DSS compliant payment processing through Stripe
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Monitoring: Continuous monitoring for suspicious activities and security threats

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have the following rights:

Access and Portability

  • Request a copy of your personal information
  • Export your data in a machine-readable format

Correction and Update

  • Correct inaccurate or incomplete information
  • Update your account details and preferences

Deletion

  • Request deletion of your personal information (right to be forgotten)
  • Delete your account and associated data

Restriction and Objection

  • Restrict how we process your information
  • Object to certain types of processing (e.g., marketing)
  • Withdraw consent for marketing communications
  • Opt-out of non-essential data collection

To exercise these rights, please contact us at support@sci-draw.com.

Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell information)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

  • Legal Basis: We process your data based on contract fulfillment, legitimate interests, and consent
  • Data Protection Officer: Contact our DPO at support@sci-draw.com
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

Our Service may contain links to third-party websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We recommend reviewing the privacy policy of every site you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

Your privacy matters to us. We are committed to protecting your personal information and being transparent about our data practices.