Privacy Policy

Last updated: April 9, 2026

Tanfust ("we," "us," or "our") operates TanStart (tanstart.app). This Privacy Policy explains how we collect, use, and protect your information when you use our token-based launch asset workbench.

Our Privacy Philosophy

TanStart is built with a minimal-data approach. We collect only what is necessary to deliver the service, process payments, and improve the product. Your generated assets belong to you. We do not sell, share, or harvest your data for marketing purposes.

Definitions

For the purposes of this Privacy Policy:

  • Company (referred to as "Tanfust", "We", "Us" or "Our") refers to Tanfust, operating the TanStart launch asset workbench.
  • Service refers to the TanStart website and tools accessible at tanstart.app.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Usage Data refers to data collected automatically about how you use our Service.
  • Account means a unique account created for accessing the Service.
  • Tokens means the unit of currency used to access asset generation features within the Service.
  • Generated Assets means icons, OG images, legal documents, device mockups, copywriting, meta reports, and other non-code launch materials created using our Service.
  • AI-Generated Content means assets produced with assistance from artificial intelligence models.

What Data We Collect

Account Information

When you create an account, we collect:

  • Email address (via email/password or OAuth providers through Supabase Auth)
  • OAuth profile information (name, avatar) if using social login
  • Account preferences and project settings
  • Token balance and purchase history

An account is required to use TanStart. All new accounts receive free tokens to get started.

Project Data

When you use our asset generation features, we collect:

  • Project names and descriptions you provide
  • Inputs you supply for asset generation (brand names, colors, URLs, descriptions, uploaded images)
  • Generated assets, which are stored for download and future access

Usage Data

We automatically collect limited usage data to improve our service:

  • Browser type and version
  • Device type and operating system
  • Pages visited, features used, and time spent
  • Referring website
  • General location (country/region level only)

We use PostHog for product analytics.

Payment Information

All payment processing is handled by Stripe, Inc. We do not directly collect, store, or process your payment card details. When you purchase tokens, your card information is sent directly to Stripe through their secure checkout. We never have access to your full card number, CVV, or other sensitive payment details.

Stripe may collect:

  • Name and billing address
  • Payment method details (handled securely by Stripe)
  • Transaction data (amount, currency, timestamp)
  • Device and browser information for fraud prevention

We receive only:

  • Customer ID (Stripe reference)
  • Purchase history and token balance
  • Billing email

For details on how Stripe handles your data, see Stripe's Privacy Policy.

Error and Performance Data

We use Sentry for error monitoring and performance tracking. Sentry may collect:

  • Error stack traces (no personal data included)
  • Browser and operating system information
  • Performance metrics

How We Use Your Data

We use your information only for:

  • Service Delivery: Generating launch assets based on your inputs (icons, OG images, legal documents, mockups, copywriting, meta reports)
  • AI Processing: Sending your inputs to AI models to generate assets (see AI Data Processing section)
  • Image Processing: Server-side image generation and manipulation
  • Account Management: Managing your account, token balance, projects, and authentication
  • Service Improvement: Understanding how people use TanStart to make it better (via PostHog)
  • Security: Detecting and preventing abuse, fraud, and security issues
  • Transactional Communication: Sending account-related emails (via Resend)
  • Legal Compliance: Meeting our legal obligations

We do NOT use your data for:

  • Marketing or promotional emails (unless you explicitly opt-in)
  • Selling or sharing with third parties for their marketing
  • Tracking you across other websites
  • Building advertising profiles

Server-Side Processing

TanStart processes your inputs on our servers to generate assets. This means:

  • Text inputs, uploaded images, and project data you provide are sent to our servers
  • Image processing (icon generation, OG images, mockups) runs on serverless functions
  • Generated assets are stored on our infrastructure for you to download and access
  • AI-powered features send your inputs to third-party AI providers (see below)

AI Data Processing

Certain TanStart features use artificial intelligence to generate assets:

  • Icon generation uses AI image models (via Replicate) to create brand icons from your prompts and style preferences
  • Legal document generation uses large language models (via Vercel AI SDK) to produce privacy policies, terms of service, and other legal documents based on your project details
  • Copywriting generation uses large language models to create landing page copy, app store descriptions, and other marketing text

What data is sent to AI providers:

  • Project name and description
  • Text prompts and style preferences you provide
  • Selected service categories and questionnaire answers (for legal docs)

What is NOT sent to AI providers:

  • Your email address or password
  • Payment or billing information
  • Analytics or usage data

We do not use your inputs to train our own AI models. Third-party AI providers may have their own data processing policies — see the Third-Party Services section for links to their privacy policies.

Important: AI-generated content, especially legal documents, is provided as a starting point and should be reviewed by a qualified professional before use. AI-generated content does not constitute legal advice.

Data Retention

  • Account Data: Retained while your account is active; deleted within 30 days of account deletion
  • Project Data & Generated Assets: Retained while your account is active; deleted with your account
  • Token Purchase History: Retained for accounting and tax purposes as required by law
  • Usage Analytics (PostHog): Aggregated data retained for up to 24 months
  • Error Logs (Sentry): Retained for up to 90 days
  • Server Logs: Technical logs retained for up to 90 days for security purposes

Cookies and Tracking

We use minimal cookies:

  • Essential Cookies: Required for the service to function (authentication session via Supabase Auth, CSRF protection)
  • Analytics: PostHog for understanding usage patterns

We do NOT use:

  • Advertising cookies
  • Cross-site tracking cookies
  • Social media tracking pixels

You can disable cookies in your browser settings, though some features may not work properly.

Data Security

We implement industry-standard security measures:

  • All data transmitted over HTTPS encryption
  • Authentication via Supabase Auth with secure session management
  • Row-Level Security (RLS) on all database tables
  • No storage of credit card information (handled by Stripe)
  • Rate limiting to prevent abuse
  • Sentry for monitoring and rapid incident response
  • Regular security audits and updates
  • Limited access to stored data

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but take it very seriously.

Your Rights

Depending on your location, you may have rights including:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdrawal: Withdraw consent at any time

To exercise these rights, contact us at support@updates.tanstart.app

Third-Party Services

We currently use or plan to integrate the following third-party services that may process data:

ServicePurposePrivacy Policy
SupabaseAuthentication, database, file storagesupabase.com/privacy
StripePayment processing, fraud detectionstripe.com/privacy
VercelHosting and serverless infrastructurevercel.com/legal/privacy-policy
PostHogProduct analyticsposthog.com/privacy
ResendTransactional email deliveryresend.com/legal/privacy-policy
SentryError monitoring and performancesentry.io/privacy
Replicate (planned)AI image generationreplicate.com/privacy
LLM providers (planned)AI text generationSee respective provider policies
Upstash (planned)Rate limitingupstash.com/trust/privacy

We carefully vet all third parties and ensure they meet our privacy standards.

International Data Transfers

TanStart is hosted on Vercel's global infrastructure. If you access our service from outside the United States, your data may be transferred internationally. We ensure appropriate safeguards are in place for any international transfers.

Children's Privacy

TanStart is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (if you have an account)

We encourage you to review this policy periodically.

GDPR Compliance (EU Users)

If you are in the European Union, we comply with GDPR requirements:

  • We process data lawfully, fairly, and transparently
  • We collect data only for specified, explicit purposes
  • We minimize data collection to what's necessary
  • We keep data accurate and up-to-date
  • We retain data only as long as necessary
  • We ensure appropriate security measures

Our legal basis for processing is typically consent or legitimate interest in providing our service.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal data is collected
  • Right to know if personal data is sold or disclosed
  • Right to opt-out of sale of personal data
  • Right to deletion of personal data
  • Right to non-discrimination

Note: TanStart does not sell personal data.

Contact Us

For any privacy-related questions, concerns, or requests:

Tanfust

We will respond to all requests within 30 days.

Tanfust is committed to transparency and protecting your privacy. Your generated assets are yours. If you have questions about this policy or our practices, please don't hesitate to reach out.