1. Introduction
Studio Heights ("we," "us," or "our") operates Palate ("the Service"), available at mypalate.io. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
2. Information We Collect
Information You Provide
- Account information: email address, name, and password
- Restaurant details: name, cuisine type, location, menu items, brand description
- Content: photos, captions, and Instagram post templates you upload or create
- Brand voice samples: Instagram captions you provide for voice learning
Information Collected Automatically
- Usage data: features accessed, actions taken, and timestamps
- Device information: browser type, operating system
- Cookies: authentication tokens stored as HTTP-only cookies
Third-Party Data
- Google Drive: when you connect Google Drive, we access file names, folder structures, and photo content from your selected folder only. We store OAuth tokens to maintain the connection.
3. How We Use Your Information
- To provide and operate the Service, including generating AI-powered captions
- To authenticate your identity and secure your account
- To process your photos through AI for content analysis and caption generation
- To learn your brand voice from captions you provide
- To sync photos from your connected Google Drive folder
- To send content to reviewers through approval links you generate
- To improve the Service and fix issues
4. AI Processing
We use Anthropic's Claude AI to analyze your photos and generate captions. When you generate posts, your photos and restaurant context are sent to Anthropic's API for processing. Anthropic's data handling is governed by their own privacy policy and terms.
We do not use your content to train AI models. Your photos and captions are processed solely to generate your requested content and are not retained by Anthropic beyond the API request.
5. Data Storage and Security
- Your data is stored on Vercel's infrastructure (Neon PostgreSQL database and Vercel Blob storage)
- Passwords are hashed using bcrypt with a cost factor of 12
- Authentication uses signed JWT tokens stored in HTTP-only, secure cookies
- All data is transmitted over HTTPS
- Google Drive OAuth tokens are stored encrypted in the database
6. Data Sharing
We do not sell your personal information. We share data only with:
- Anthropic — photos and restaurant context are sent for AI processing
- Vercel — hosting provider that stores your data
- Google — when you connect Google Drive, to access your photos
- Approval link recipients — people you share approval links with can view proposed posts and images for that brand
7. Your Rights
You have the right to:
- Access your personal data through your account dashboard
- Update your email, name, and password through account settings
- Delete your account and all associated data through account settings
- Disconnect third-party services like Google Drive at any time
- Export your data by contacting us
8. Data Retention
We retain your data for as long as your account is active. When you delete your account, all associated data (brands, photos, posts, templates, and approval links) is permanently deleted within 30 days. Google Drive OAuth tokens are revoked upon disconnection or account deletion.
9. Cookies
We use a single essential cookie ("token") to maintain your authenticated session. This is an HTTP-only, secure cookie that contains your encrypted session token. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
For privacy-related questions or to exercise your data rights, contact us at hello@mypalate.io.
Studio Heights
Florida, USA