PomoraPomora

Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Pomora ("we", "us", or "our") collects, uses, and shares personal information when you use our website and service.

1. Information we collect

  • Account information: email address, name (optional), and authentication credentials managed by our auth provider Clerk.
  • Usage data: prompts you submit, images you generate, department tags you select, credit-balance changes, and API usage metrics.
  • Billing information: purchase history and subscription status. Payment card details are processed by Paddle and never stored on our servers.
  • Technical data: IP address, browser type, device identifiers, and cookies necessary for session management.

2. How we use your information

  • Provide, maintain, and improve the Service.
  • Deliver image generation and process prompts.
  • Process payments and manage subscriptions.
  • Communicate about your account, updates, and support issues.
  • Detect and prevent fraud and abuse.
  • Comply with legal obligations.

3. Third-party services

To provide the Service, we share limited data with the following processors:

  • Clerk — authentication and user management.
  • Neon — database hosting (EU and US regions available).
  • Paddle — payment processing and Merchant of Record.
  • fal.ai — image generation (your prompts are transmitted to fal.ai; generated images are returned and stored).
  • Anthropic — prompt enhancement using Claude (your prompts are transmitted; no conversation history is retained by Anthropic for model training).
  • Vercel — website hosting and CDN.

4. Data retention

We retain account information for as long as your account is active. Generated images and prompt history are retained according to your plan (7 days for free, 90 days for paid subscriptions) unless you delete them earlier. Billing records are retained as required by applicable tax and accounting law.

5. Your rights (GDPR, CCPA)

Depending on your location, you have the right to access, correct, delete, or export your personal data, and to object to or restrict its processing. You may also withdraw consent where processing is based on consent. To exercise any of these rights, contact privacy@pomora.ai.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies or third-party trackers for marketing purposes.

7. Security

We use industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not directed at children under 18. We do not knowingly collect information from anyone under 18.

9. International transfers

Your data may be processed in countries other than your own. We rely on standard contractual clauses and other legally approved mechanisms to protect transferred data.

10. Changes

We will notify you of material changes to this Privacy Policy via email or in-app notice.

11. Contact

Privacy questions? Email privacy@pomora.ai.