Textlino ("we", "us", "our") operates the website textlino.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
- Service: Textlino
- Website: textlino.com
- Contact: info@textlino.com
2. Information We Collect
2.1 Account Data (via Google OAuth)
When you sign in with Google, we receive and store:
- Your Google account ID (unique identifier)
- Your display name
- Your email address
- Your profile picture URL
We do not receive or store your Google password. Authentication is handled via the standard OAuth 2.0 protocol.
2.2 Content You Provide
When using the text generation feature, we process:
- The text input (prompt) you submit describing your music, artist, or project
- Your selected options: content type, tone, length, and language
2.3 Usage Data
We automatically collect:
- Credit usage and generation counts (linked to your user ID)
- Timestamps of your requests
2.4 Technical Data
Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, referring pages, and access timestamps. We do not use this data for tracking or profiling.
3. Legal Basis for Processing (GDPR Art. 6)
We process your personal data based on the following legal grounds:
- Contract performance (Art. 6(1)(b)): Processing your account data and prompts is necessary to provide you with the text generation service.
- Legitimate interest (Art. 6(1)(f)): Usage logging and credit tracking to prevent abuse and maintain service quality.
- Consent (Art. 6(1)(a)): For optional cookies beyond strictly necessary ones (see our Cookie Policy).
4. How We Use Your Data
- Service delivery: Your text inputs are sent to OpenAI's API to generate the content you requested. This is the core functionality of Textlino.
- Account management: Your Google profile data is used to identify you, maintain your session, and track your credit balance.
- Abuse prevention: We monitor usage patterns to detect automated abuse, bot traffic, and policy violations.
- Service improvement: Aggregated, anonymized usage statistics help us improve prompts and features.
5. Third-Party Data Processors
We share your data with the following service providers, strictly for the purposes described:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenAI | Text generation (AI processing) | Your text prompt and selected options | USA |
| Neon | Database hosting (PostgreSQL) | Account data, credits, session tokens | USA/EU |
| Vercel | Website hosting and edge delivery | Server logs, IP addresses | Global (Edge) |
| OAuth authentication | Authentication tokens (during sign-in only) | USA |
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
6. International Data Transfers
Some of our processors are located in the United States. Where personal data is transferred outside the EEA, we rely on:
- The EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
7. Data Retention
- Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Generation prompts: We do not permanently store the full text of your prompts. Metadata (type, tone, timestamp) may be retained for up to 12 months for analytics.
- Session data: Authentication sessions expire automatically. Expired session records are purged periodically.
- Server logs: Retained by Vercel according to their data retention policy (typically 30 days).
8. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate data.
- Erasure — Request deletion of your account and all associated data ("right to be forgotten").
- Data portability — Receive your data in a structured, machine-readable format.
- Restriction — Request we limit how we process your data.
- Objection — Object to processing based on legitimate interest.
- Withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at info@textlino.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data in transit is encrypted via TLS/HTTPS
- Database access is restricted and credentials are stored as environment variables, never in source code
- Authentication sessions use HTTP-only, secure cookies to prevent XSS attacks
- Input data is sanitized and validated before processing
- API endpoints are protected by rate limiting and anti-bot measures
10. Children's Privacy
Textlino is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on our website. The "Last updated" date at the top reflects the most recent revision.
12. Contact
For any privacy-related questions or requests:
- Email: info@textlino.com
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.