Last Updated: February 18, 2026 · Effective: February 18, 2026
This Privacy Policy explains how DoodleWerks LLC ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use PressForge AI at pressforge.ai (the "Service"). By using the Service, you consent to the data practices described in this policy.
This Privacy Policy should be read together with our Terms of Service and Cookie Policy.
Account Information: Full name, email address, username or display name, and password. Passwords are hashed using industry-standard algorithms and are never stored in plain text.
Profile Information (optional): Profile picture, bio, website or social links, and business information for marketplace sellers.
User Content: AI generation prompts and text inputs, uploaded images and files, design creations and modifications, canvas editor data (layers, elements, text), marketplace listings, and communications with our support team.
Payment processing is handled by Stripe, a PCI-DSS compliant third-party processor. Stripe collects your credit/debit card details and billing address directly. We never store full payment card details on our servers. We retain only your Stripe customer ID (a tokenized reference), transaction records (amounts, dates, subscription status), and the last 4 digits of your card for display purposes.
Technical Data: IP address, browser type and version, operating system, device type, screen resolution, referring website, pages visited, navigation paths, time spent on pages, and click patterns.
Service Usage Data: Feature usage frequency, AI generation statistics (number of prompts, models used), design creation and edit history, export/download activity, error logs, crash reports, and performance metrics.
We use cookies, session storage, and local storage. See our Cookie Policy for detailed information.
PressForge AI uses Google Vertex AI (Imagen) for image generation. When you submit a prompt:
We share data with the following third parties, limited to what is necessary for their function:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Vertex AI / Imagen | AI image generation | Prompts, generation parameters |
| Firebase Authentication | User authentication | Email, user ID, auth tokens |
| Firebase Analytics | Usage analytics | IP (anonymized), page views, device info |
| Stripe | Payment processing | Name, email, billing address, payment info |
| Google Cloud Platform | Hosting & infrastructure | All service data (encrypted) |
We may share data in the event of a business transfer (merger, acquisition, or sale of assets — you will be notified); when required by law, court order, or legal process; or to protect our rights, property, safety, or our users.
We use essential cookies (authentication, security, session), functional cookies (theme, language, editor preferences), and analytics cookies (Firebase Analytics). See our Cookie Policy for full details, including how to manage and disable cookies.
Under the California Consumer Privacy Act, California residents have additional rights:
To exercise CCPA rights, email info@doodlewerks.io with the subject "CCPA Request." We must verify your identity before processing. Response time: 45 days (may extend an additional 45 days if needed).
| Category | Collected | Sold | Disclosed to Service Providers |
|---|---|---|---|
| Identifiers (name, email, IP) | Yes | No | Yes |
| Commercial info (purchases, subscriptions) | Yes | No | Yes |
| Internet activity (browsing, clicks) | Yes | No | Yes |
| Geolocation (general, from IP) | Yes | No | Yes |
| Sensory data (AI-generated images) | Yes | No | Yes |
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:
Legal bases for processing: Contract performance (service delivery), consent (marketing, optional features), legitimate interests (security, improvement), and legal obligations (tax, law enforcement).
To exercise GDPR rights, email info@doodlewerks.io with the subject "GDPR Request."
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 90 days after deletion request |
| Designs and images | Until you delete them, or 90 days after account closure |
| AI prompts | Not stored long-term; used for generation then discarded (unless you save as favorite) |
| Payment records | 7 years (tax and financial compliance) |
| Support communications | 2 years or until resolved |
| Analytics data | Aggregated and anonymized — retained indefinitely |
| Marketplace listings | While active; archived after removal |
You can initiate account deletion through account settings. There is a 30-day grace period for account recovery. After the grace period, your data is permanently deleted within 60 days. Some data may persist in encrypted backups for up to 90 days before permanent removal. Aggregated, anonymized data that cannot identify you may persist indefinitely.
In the event of a data breach that affects your personal information, we will notify affected users without unreasonable delay and within 72 hours of becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, the data affected, steps we are taking, and recommended actions for you.
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it immediately. If you are a parent or guardian and believe your child under 13 has provided us with information, please contact us at info@doodlewerks.io. Users aged 13–17 are encouraged to obtain parent or guardian consent before using the Service.
We implement reasonable technical and organizational measures to protect your data, including:
No method of data transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for choosing a strong password and keeping your credentials confidential.
Data is processed and stored in the United States (Google Cloud US region). If you are located outside the US, you consent to the transfer of your data to the US, which may have different privacy laws than your country. For EU users, we rely on Standard Contractual Clauses (SCCs) or applicable adequacy decisions for transfers.
Some browsers offer "Do Not Track" (DNT) signals. Currently, there is no universal standard for honoring DNT signals, and we do not currently respond to them. You can control tracking through our cookie settings and browser extensions.
We may update this Privacy Policy periodically. Material changes will be announced via email, in-app notification, or prominent notice on the website. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.
For questions, concerns, or requests regarding your privacy:
We will respond within 30 days (45 days for CCPA/GDPR requests).