Privacy Policy
Last updated 9 June 2026. Plain-language on purpose. Questions:
Discord.
1. Who we are
SpriteLab (spritelab.dev) is operated from the United Kingdom and processes personal data under UK GDPR.
2. What we collect
- Account data. Email address, name and avatar, handled by our sign-in provider (Clerk). If you sign in with Google or Discord, we receive the basic profile they share.
- Your content. Prompts you type, images you upload, and the sprites you generate, stored so your history and retuning work.
- Billing data. Payments run through Stripe. We never see or store your card number; we keep records of your plan, credit balance and credit transactions.
- Usage analytics, including session replay. We use PostHog to understand how the app is used, and that includes recording in-app sessions (clicks, navigation, what's typed into the app's inputs, with passwords masked). This is genuinely how we find bugs and fix confusing UI.
- Technical data. IP address and basic request logs, including at signup, used for security and to prevent free-credit farming and other abuse.
3. How we use it
- Running the service: generating sprites, keeping your history, billing you correctly.
- Preventing abuse and fraud.
- Improving the product (analytics, session replay, aggregate stats).
- Emailing you: transactional messages, plus occasional product updates and offers. Marketing email always has an opt-out.
We don't sell personal data.
4. Who processes it for us
- Clerk (authentication and account storage)
- Stripe (payments and subscriptions)
- PostHog (analytics and session replay, EU-hosted)
- AI model providers: your prompts and uploaded images are sent to the third-party AI services that perform generation, only as needed to produce your result.
- Railway (application hosting)
5. Retention and deletion
- Account data is kept while your account exists.
- Your sprite history is yours to manage: you can delete individual sprites or wipe your entire history in the app at any time.
- Credit transaction records are retained for accounting and fraud-prevention purposes.
- To delete your account entirely, ask on Discord and we'll remove it along with your stored content.
6. Cookies and local storage
We use essential cookies for sign-in sessions (Clerk), analytics cookies (PostHog), and browser local storage for app preferences and offline fallbacks. No third-party advertising cookies.
7. Your rights
Under UK GDPR you can ask for a copy of your data, correction, deletion, or restriction of processing, and you can object to marketing at any time. Ask on Discord and we'll handle it. You can also complain to the ICO (ico.org.uk) if you think we've got something wrong, though we'd appreciate the chance to fix it first.
8. Changes
If this policy changes materially, we'll note it here with a new date. Continued use after changes means you accept them.