1. Information we collect
Information you provide. Account details (name, email, profile), wallet addresses you connect, prompts and inputs you submit to generation services, files you upload, license metadata, support requests, and contact form submissions.
Payment information. When you pay through Stripe, Stripe collects and processes your card or bank details directly. We receive limited payment metadata (transaction ID, last four digits, billing country, status). On-chain payments record your wallet address, transaction hash, network, and amount on a public blockchain.
Usage information. Logs of your activity in the Services including IP address, device and browser data, timestamps, page or endpoint accessed, referrer, and error data. Agent commerce calls log the calling agent identity, request fingerprint, and result status.
Cookies and similar technologies. We use a small number of cookies and local storage entries for authentication, session continuity, preference storage, and basic analytics. You can control cookies through your browser settings.
Information from third parties. We may receive information from Stripe, wallet providers, x402 facilitators, identity providers (such as sign-in providers), and analytics providers in connection with your use of the Services.
2. How we use information
- Provide, operate, and improve the Services, including generation, ownership records, royalty tracking, and agent commerce
- Authenticate users and wallets, prevent fraud, enforce our Terms, and protect the Services
- Process payments, credits, refunds, and on-chain settlement
- Maintain proof-of-creation, license, and provenance records you create through Suede
- Communicate with you about your account, transactions, support requests, and product updates
- Comply with legal obligations and respond to lawful requests
We do not sell your personal information.
3. Generated content and provenance
When you register a work, mint, or publish through Suede, the resulting record may include a content hash, metadata, license terms, your declared author identity or wallet address, and a timestamp. These records are designed to be verifiable by third parties and may be public or written to public blockchains. Once published, these records are intended to be persistent and may not be deletable.
Inputs and outputs of generation may be retained to operate the Services, run safety systems, and resolve disputes. We may use de-identified or aggregated data to evaluate and improve the Services.
4. How we share information
- Service providers. Cloud hosting, database (Supabase), storage (including IPFS pinning providers), RPC providers, email delivery, customer support, analytics, and security tools that process data on our behalf under contractual confidentiality and security obligations.
- Payments. Stripe and other processors for fiat payments. Public blockchains and x402 facilitators for on-chain payments.
- Compliance and protection. Law enforcement, regulators, courts, or other parties when we believe disclosure is required by law, necessary to enforce our Terms, or necessary to protect rights, safety, or property.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
- With your direction. When you choose to publish, share, or register a work, the corresponding metadata may be made public.
5. International transfers
Suede AI operates globally. Your information may be processed in the United States or other countries that may have different data protection laws than your country of residence. Where required, we use appropriate safeguards for international transfers.
6. Retention
We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. On-chain records, content hashes, and provenance metadata are intended to be persistent and may remain on public networks indefinitely.
7. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including row-level security on our databases, encryption in transit, scoped API keys, and access controls. No method of transmission or storage is perfectly secure. You are responsible for protecting your wallet keys, API keys, and account credentials.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, or to object to certain processing and to lodge a complaint with a supervisory authority. To exercise these rights, email info@suedeai.org. We may need to verify your identity before responding.
California residents. If you are a California resident, the CCPA/CPRA may give you additional rights including the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.
EEA, UK, and Swiss residents. Where the GDPR or UK GDPR applies, our legal bases for processing include contract performance, legitimate interests, consent, and compliance with legal obligations.
On-chain records. We cannot delete information that has already been written to a public blockchain. Where we control off-chain copies, we will honor valid deletion requests for those copies.
9. Children
The Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps.
10. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date above and, where appropriate, give additional notice.
11. Contact
Privacy questions or requests? Email info@suedeai.org or use our contact page.