Privacy Policy

"Addvoxen", "we", "us" refer to the Addvoxen team operating the Addvoxen Creative Suite at addvoxen.com and related sub-domains. This policy covers the website, the in-browser editor, the marketplace and any API or email we send.

Contact: support@addvoxen.com

We collect three buckets of data:

• Account data — the email address and (optional) display name you sign up with, profile bio / handle / website / social links if you choose to add them, and a hashed password (we never see or store the plaintext, only a scrypt+salt digest).
• Product data — the designs you create, the templates you save and (if you publish to the marketplace) the public copies of those templates. We also keep usage counters such as monthly export counts and AI credits.
• Telemetry — banner-level events (views, clicks, CTA opens, exports) that power your analytics dashboard. IP addresses are hashed before storage so we can apply rate-limiting without keeping the raw address. We never sell telemetry to third parties.

• To deliver the service you signed up for — render designs, run AI generations, export files, send emails about your account.
• To enforce plan quotas (e.g. monthly export caps) and prevent fraud / abuse.
• To improve the product — usage metrics inform what we build next.
• To answer your support requests.

We do not sell personal data and we do not use customer designs to train AI models without an explicit opt-in.

We use a small set of vendors to run the service. Each is bound by a data processing agreement.

• Paddle — payment processing, tax compliance, invoicing. Handles your card / PayPal details. We never see the raw payment instrument.
• PayPal — direct PayPal payment option (if you choose it). Processes the transaction; we receive only the capture confirmation + payer email.
• Resend — transactional email (account verification, password reset, support replies). Receives your email address and the email body.
• Cloudflare R2 / Hetzner — file hosting + compute. Stores your designs and runs the application.
• Anthropic Claude — AI text generation (if you use that feature). Prompts and responses pass through the Anthropic API; Anthropic stores them per their privacy policy and does not use them to train models when called through the paid API.

We use a minimal cookie set:

• Session cookie (essential) — keeps you signed in. Set by Better-Auth, HttpOnly + Secure.
• Preference cookies (functional) — remember your theme, language and country. Stored in localStorage, not sent to any server.

We do not run third-party advertising or analytics cookies on the marketing surface. Telemetry from inside the product is first-party only.

If you are in the EU / UK (GDPR), California (CCPA), or another jurisdiction with similar protections, you have the right to:

• Access the personal data we hold about you.
• Correct anything that is inaccurate.
• Delete your account and the personal data tied to it.
• Export your data in a portable format.
• Object to certain processing (e.g. marketing email).

Email support@addvoxen.com with your request. We respond within 30 days.

Account and design data is kept for as long as your account is active. When you delete your account we remove your personal data within 30 days and your designs immediately, except for records we are legally required to retain (e.g. tax invoices kept for 7 years).

Banner-event telemetry is anonymised after 13 months — we keep aggregates, not row-level events.

Addvoxen is built for adult professionals. We do not knowingly collect data from anyone under 16. If you believe we have, write to support@addvoxen.com and we will delete the account.

Our infrastructure is hosted in the EU (Hetzner, Germany) and our payment processor (Paddle) operates globally. By using Addvoxen you consent to your personal data being transferred to and processed in the EU and, where Paddle requires, the United Kingdom or United States, under standard contractual clauses.

Passwords are stored as scrypt+salt digests, never plaintext. Sessions use HttpOnly + Secure cookies. Database access is limited to the application service and locked behind a private network. We patch dependencies on a rolling basis and run automated security audits on each release.

We'll update this Privacy Policy as our product and vendors change. The date at the top tells you the current version. For material changes we'll email active accounts at least 14 days before the change takes effect.

Privacy questions, data requests, or anything else: support@addvoxen.com