Privacy Policy
Last updated: January 2026
1. Introduction
Welcome to strapix ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you use our Strapi plugin and related services, including when you sign in using third-party authentication providers such as Google or GitHub.
2. Information We Collect
We collect information that you provide directly to us, including:
- Account information (email address, name, profile picture)
- Authentication data when you sign in via Google, GitHub, or email/password
- Billing information (processed securely through Stripe, our payment provider)
- Usage data related to the plugin functionality (e.g., number of alt text generations)
- Images temporarily processed for alt text generation
3. Google OAuth & User Data
When you choose to sign in with Google, we access the following information from your Google account:
- Email address – Used to identify your account and for communication
- Name – Used to personalize your experience
- Profile picture – Displayed in your account settings
How we use your Google data:
- To create and authenticate your strapix account
- To display your profile information within the application
- To send you important service-related communications
How we store your Google data:
- Your Google account information is stored securely in our database hosted on Supabase
- We use industry-standard encryption for data at rest and in transit
- We do not store your Google password or access tokens beyond the authentication session
Sharing of Google data: We do not sell, rent, or share your Google user data with any third parties for their marketing purposes. Your Google data is only used internally to provide and improve our services.
4. Google API Services Limited Use Disclosure
strapix's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, we limit our use of Google user data to the practices explicitly disclosed in this privacy policy, and we:
- Only use Google user data to provide and improve user-facing features that are prominent in our application
- Do not transfer Google user data to third parties unless necessary to provide our services, with user consent, for security purposes, or to comply with applicable laws
- Do not use Google user data for serving advertisements
- Do not allow humans to read Google user data unless we have your explicit consent, it is necessary for security purposes, or we are required to do so by law
5. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Authenticate your identity and manage your account
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Respond to your comments, questions, and requests
- Monitor and analyze trends, usage, and activities to improve user experience
- Detect, prevent, and address technical issues and security threats
6. Image Processing
When you use strapix to generate alt text, your images are sent to our secure servers for AI analysis via OpenAI's API. Images are processed in real-time and are not stored on our servers after the alt text has been generated. We do not use your images to train AI models or share them with third parties beyond the processing necessary to generate alt text.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:
- All data transmissions are encrypted using SSL/TLS protocols
- Database encryption at rest
- Regular security assessments and monitoring
- Access controls and authentication requirements for our team
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal or legitimate business purposes. You may request deletion of your account and associated data at any time by contacting us.
9. Your Rights
Depending on your location, you may have certain rights regarding your personal data:
For all users:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your account and data
- Revoke Google OAuth access at any time via your Google Account settings
For users in the European Economic Area (GDPR):
- Object to processing of your personal data
- Request restriction of processing
- Data portability
- Lodge a complaint with a supervisory authority
10. Third-Party Services
We use the following third-party services to operate our platform:
- Supabase – Authentication and database hosting
- Stripe – Payment processing
- OpenAI – AI-powered alt text generation
- Vercel – Application hosting
- Google – OAuth authentication
- GitHub – OAuth authentication
Each of these services has their own privacy policies, and we encourage you to review them.
11. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and, where appropriate, sending you an email notification.
13. Contact Us
If you have any questions about this privacy policy, our data practices, or would like to exercise your data rights, please contact us: