Privacy Policy

This Privacy Policy explains how Moonwise Sp. z o.o. (“we”, “us”), the operator of Code to Image (codetoimage.app), collects, uses, and protects personal data. We process data in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Polish law.

1. Data controller

The data controller is Moonwise Sp. z o.o., a company incorporated in Poland with its registered office at Aleja Grunwaldzka 472, 80-309 Gdańsk, entered in the National Court Register (KRS) under number 0000881568 kept by the District Court Gdańsk-Północ in Gdańsk, VII Commercial Division, NIP 8792729470, REGON 388090241. For any privacy matter, contact us at hello@codetoimage.app.

2. What data we collect

• Account data — your email address, and a password hash if you set one.
• Usage data — API keys you create, render request metadata (timestamps, sizes, formats, credit consumption). We do not retain the rendered output or the HTML/CSS you submit longer than needed to return the result.
• Billing data — subscription tier and payment status. Card details are handled by Stripe; we never see or store full card numbers.
• Technical data — IP address, user agent, and cookies/analytics identifiers needed to operate and secure the service.

3. How we use your data

• To provide, maintain, and secure the service and your account.
• To meter usage, enforce rate limits, and prevent abuse.
• To process payments and manage subscriptions.
• To send service-related email (account confirmation, password reset, important notices).
• To comply with legal obligations.

4. Legal bases (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)) — to deliver the service you sign up for.
• Legitimate interests (Art. 6(1)(f)) — to secure the platform, prevent abuse, and improve the product.
• Legal obligation (Art. 6(1)(c)) — e.g. tax and accounting requirements.
• Consent (Art. 6(1)(a)) — where required, e.g. for non-essential analytics cookies.

5. Processors and third parties

We rely on the following processors, who handle data on our behalf under data processing agreements:

• Supabase — authentication and database.
• Vercel — application hosting and edge functions.
• Cloudflare — DNS, CDN, WAF, and bot protection (Turnstile).
• Stripe — payment processing and subscription billing.
• Resend — transactional email delivery.
• Google Analytics — aggregate usage analytics.

6. International transfers

Some processors operate outside the European Economic Area. Where that happens, transfers are safeguarded by the European Commission's Standard Contractual Clauses or an adequacy decision.

7. Data retention

We keep account data for as long as your account is active. Usage and billing records are retained as required for legal and accounting purposes (typically up to 5 years for invoices under Polish law). When you delete your account, we delete or anonymise personal data that we are not legally required to keep.

8. Your rights

Under the GDPR you have the right to:

• access your personal data and obtain a copy;
• rectify inaccurate data;
• erase your data (“right to be forgotten”);
• restrict or object to processing;
• data portability;
• withdraw consent at any time, where processing is based on consent.

To exercise any of these, email hello@codetoimage.app. You also have the right to lodge a complaint with the Polish supervisory authority (Prezes Urzędu Ochrony Danych Osobowych, uodo.gov.pl).

9. Cookies and analytics

We use essential cookies to keep you signed in and to secure the service. With your consent, we use Google Analytics to understand aggregate usage. You can control cookies through your browser settings.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with an updated “Last updated” date.

11. Contact

Questions about this policy or your data? Email hello@codetoimage.app.