Spritely

Privacy Policy

Last updated: March 1, 2026

Overview

Spritely ("the Service"), operated by Red Road Studio ("we", "us", or "our"), is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

Information We Collect

Account Information

When you create an account, we collect your email address and store a hashed version of your password. This information is used solely for authentication purposes.

Google Sign-In

If you sign in using Google, we receive your name, email address, and profile photo from Google. This information is used solely for authentication and displaying your profile within the Service. We do not share this information with third parties.

Usage Data

We track API usage to calculate billing and prevent abuse. This includes:

  • Number of sprite generations
  • Timestamps of requests
  • Associated costs

Generated Content

Prompts you submit and sprites you generate are processed through third-party AI APIs. We do not permanently store your generated images on our servers - they are stored locally in your browser's IndexedDB.

Google User Data

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only request basic profile information (name, email, profile photo) via Google Sign-In.
  • We do not transfer Google user data to third parties, except to our authentication provider (Supabase) for the sole purpose of managing your account session.
  • We do not use Google user data for advertising or any purpose unrelated to providing the Service.
  • We do not allow humans to read Google user data unless required for security purposes, to comply with applicable law, or with your explicit consent.

How We Use Your Information

  • Authentication: To verify your identity and maintain your session
  • Billing: To track usage and process payments
  • Service improvement: Aggregated, anonymized data may be used to improve the service

Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database hosting
  • AI APIs: Image generation and asset planning
  • Stripe: Payment processing
  • Google Sign-In: OAuth authentication

Each service has its own privacy policy. We encourage you to review them.

Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Hashed password storage
  • Secure session management via HTTP-only cookies

Data Retention

Account data is retained as long as your account is active. Usage logs are retained for billing and audit purposes for up to 2 years. You can request deletion of your account and associated data at any time.

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your account
  • Export your data

Cookies

We use essential cookies for authentication, including session cookies and Google Sign-In OAuth cookies. These cookies are necessary for the service to function and cannot be disabled.

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting a notice on the service or via email.

Contact

For privacy-related inquiries, please contact us at privacy@spritely.dev.