StructArk

Legal and policy pages

StructArk Policy

Privacy Policy

Effective Date: May 28, 2026

This Privacy Policy explains how StructArk collects, uses, stores, and protects personal information when you use our website, application, AI-enabled features, and related services.

1. Information we collect

1.1 Account information

  • Basic account identifiers such as email address and display name.
  • Authentication metadata needed to maintain secure sign-in sessions.
  • Profile information you choose to provide through account and app settings.

1.2 Usage and technical data

  • Device, browser, operating system, and network-related metadata.
  • Feature usage, page interactions, timestamps, and diagnostics.
  • Security and anti-abuse telemetry used to protect the platform and accounts.

1.3 AI interaction data

  • Text prompts, instructions, and model-edit requests you submit.
  • Files or media you voluntarily upload for AI processing (for example, images, CSVs, or project-related data).
  • AI outputs generated in response to your request, including report and export content.

1.4 Payment and credits data

  • Transaction and billing records required to process payments and manage AI Credits.
  • Purchase history, credit balances, and usage ledger events linked to your account.
  • We do not store full raw card details in our application systems.

2. How we use your information

  • Provide, operate, and maintain StructArk services.
  • Authenticate users and secure account access.
  • Enable paid AI functionality and credit-based usage accounting.
  • Process and complete transactions, receipts, and billing operations.
  • Respond to support requests and service communications.
  • Monitor reliability, troubleshoot errors, and improve product quality.
  • Detect, prevent, and investigate abuse, fraud, and policy violations.
  • Comply with legal obligations and enforce our terms and policies.

3. AI uploads and processing

When you choose to use AI features, uploaded files and request content are processed only to provide the AI functionality you request.

  • AI input data is used for request fulfillment, quality, security, and abuse prevention.
  • We do not sell your uploaded AI content as advertising data.
  • You control whether to use AI upload features. If you do not agree, avoid using those specific features.

4. Cookies and similar technologies

We use cookies and related technologies for authentication, security, functional preferences, diagnostics, and performance. For details, please review the Cookie Policy.

5. How we share information

We share information only as necessary to run the service and comply with law.

  • With infrastructure providers supporting account authentication, data operations, and secure service delivery.
  • With payment providers for transaction processing, fraud prevention, and billing reconciliation.
  • With service providers supporting analytics, communications, and operational reliability.
  • When required by law, legal process, or to protect rights, safety, and platform integrity.
  • In connection with a merger, acquisition, reorganization, or asset sale, subject to appropriate safeguards.

5.1 Sub-processors we use

  • Supabase — authentication, database, and storage of account, credit, and usage records (cloud infrastructure in the EU and/or United States).
  • Google — Google Sign-In (OAuth) and Gemini AI processing of the prompts and files you submit (United States / Google Cloud).
  • Paddle — Merchant of Record for payment processing, billing, and fraud prevention (global).
  • Vercel — application hosting and usage analytics (global edge network).
  • Resend — delivery of transactional emails such as receipts and service notices (United States).

We enter into data processing agreements with these providers and share only the data each needs to perform its function.

We do not sell personal information for third-party advertising purposes.

6. Data storage and retention

  • Account and profile data: kept while your account is active and deleted within 30 days of account deletion (residual backups purged within 90 days).
  • AI usage logs: retained up to 24 months for accounting, support, and abuse prevention, then deleted or anonymized.
  • Payment and credit records: retained as required by tax and accounting law, typically up to 7 years.
  • Consent records: retained for the life of the account plus up to 7 years as legal evidence.
  • AI prompts and uploads: processed transiently to fulfil your request and not retained on our servers afterward.
  • Project and design files: stored locally on your device (OPFS); we never receive or retain them.

7. Security

We use reasonable technical and organizational safeguards designed to protect personal information. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your choices and rights

Subject to applicable law (including the Israeli Privacy Protection Law and the EU GDPR), you have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent at any time.

  • Self-service: open Settings to export your data or permanently delete your account at any time.
  • You can update account details and manage privacy preferences through your account and browser settings.
  • You may control non-essential cookies through the consent banner and your browser/device settings; essential cookies are required for core functionality.
  • To make any other request, email rayanfarhat.sh@gmail.com. We aim to respond within 30 days.
  • You may lodge a complaint with the Israeli Privacy Protection Authority or your local EU supervisory authority.

9. Children's privacy

StructArk is not intended for children under 16 (or under 13 where permitted with verifiable parental consent, or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children below the applicable minimum age.

10. International data transfers

We are based in Israel and use service providers located in Israel, the European Union, and the United States. Where personal data is transferred out of Israel or the EU to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards such as data processing agreements with standard contractual clauses and, where applicable, the consent you give when you sign in and use the service.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post updates on this page and revise the effective date when changes are made. We may not notify you of significant changes in advance. We recommend that you review this Privacy Policy regularly.

12. Contact us

For privacy questions or to exercise your rights, contact us at rayanfarhat.sh@gmail.com. We aim to respond to data-subject requests within 30 days.

We use essential cookies to run StructArk (sign-in, security). With your consent we also use analytics cookies to improve the product. See our Cookie Policy.