← Back to home

Privacy Policy

Last updated: March 2026

We built MascotVibe to be useful, not creepy. This policy explains what data we collect, why we collect it, and how we keep it safe. No legalese walls — just plain English.

Who we are

MascotVibe is a product of Soft Focus Apps. If you have any questions about this policy, email us at david@softfocusapps.com.

What we collect

We only collect what we need to make the service work:

  • Account info — your email address and a hashed password (we never store your password in plain text)
  • Uploaded images — photos or logos you upload to generate mascots from
  • Generated content — the mascots and animations we create for you, stored so you can download them later
  • Website URLs — if you use our website scanner feature, we process the URL to extract brand colours and assets
  • Payment info — handled entirely by Stripe. We never see or store your card details — only a Stripe customer ID and subscription status
  • Usage data — credit balance, generation history, and basic account activity

How we use your data

Your data is used to:

  • Run the service — authenticate you, process generations, deliver results
  • Handle billing and subscriptions via Stripe
  • Send transactional emails (account creation, receipts) — no marketing spam unless you opt in
  • Showcase anonymised examples in our marketing (e.g. a gallery of mascot styles) — we won't identify you or your brand without permission

Third-party services

We use trusted third parties to run MascotVibe. Each handles your data according to their own privacy policies:

  • Supabase — database and file storage (EU region)
  • Stripe — payment processing (PCI-DSS compliant)
  • fal.ai — AI video generation (your images are processed to create animations)
  • Google Gemini — AI image generation
  • Modal — serverless compute for processing tasks
  • Vercel — hosting and CDN

We don't sell your data to any third party. Ever.

Cookies

We use a single session cookie set by NextAuth to keep you logged in. That's it. No advertising cookies, no tracking pixels, no third-party analytics that follow you around the web.

See our Cookie Policy for details.

Data retention

We keep your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Backups may retain data for up to 90 days after that.

Generated mascots and animations are stored until you delete them or close your account.

Your rights (GDPR)

If you're in the UK or EU, you have rights over your data. You can ask us to:

  • Export your data — we'll send you everything we have on you
  • Delete your account and data — the right to be forgotten
  • Correct inaccurate data
  • Restrict processing in certain circumstances

To exercise any of these rights, email david@softfocusapps.com. We aim to respond within 30 days.

Security

We take security seriously. Passwords are hashed, data is encrypted in transit (HTTPS), and we use industry-standard practices for storing sensitive information. That said, no system is 100% bulletproof — if you notice anything suspicious, please let us know immediately.

Changes to this policy

If we make significant changes, we'll let you know by email or via an in-app notice. Minor updates (like fixing a typo) won't warrant a notification, but the "Last updated" date at the top will always reflect the latest version.

Questions? Email david@softfocusapps.com. We're real people and we read every email.