Your data, and how we handle it.
This policy explains what myda collects when you use our site, why we collect it, who processes it on our behalf, and the choices you have. We keep it deliberately short and specific.
Who we are
myda (“we”, “us”) is an AI visualisation studio for designers. For any privacy question, or to exercise your rights, contact us at hello@myda.ai.
What we collect
- Account details. myda handles authentication via Supabase. We store your email address, and — if you sign in with Google — your name.
- Your Google API key. You need your own Google API key to generate images. If you add one, we store it encrypted and use it only to generate on your behalf. We never hold it in plain text and never send it back to your browser — see our security page.
- Images & prompts. In the free solo studio, generation is ephemeral — we store no image and keep no record of the prompt; results live only in your browser session. On Pro projects, images and prompts are saved to your project so your team can use them.
- Usage analytics. With your consent, we use PostHog (EU) to understand how the product is used. You can accept or decline in the cookie banner and change it any time via “Cookie preferences”.
- Waitlist. If you join the waitlist, we keep your email address (and role, if given) to contact you about access.
- Payment Details. If you use the free version, we don’t take payment details — you pay Google directly for generation on your own key, so there is no card on file with us. If you use the Pro plan, we use FastSpring to process payments. We do not store your card details; FastSpring does.
Who processes it
We rely on a small set of processors, each handling only what its job requires: Supabase (accounts & database, EU), Google (Gemini generation on your key, and Cloud KMS to encrypt it), Cloudflare R2 (image storage for Pro projects), PostHog (analytics, EU, with consent), Resend (transactional email) and Vercel (hosting).
Where it lives, and for how long
Our database and analytics are hosted in the EU. We keep your account data while your account exists; delete your account and we remove it. Waitlist entries are kept until you ask us to remove them.
Your rights
You can ask us to access, correct, export or delete your personal data, or object to a particular use. Email hello@myda.ai and we’ll action it. You can also remove your stored API key yourself at any time in your account settings. When you remove it, the encrypted text associated with it is also deleted from our database, and you can no longer generate images until you add a new key.
Children
myda is not intended for children under 18, and we don’t knowingly collect their data. If you believe a child has given us personal data, email us and we’ll remove it.
Changes
If we make a material change to this policy, we’ll update the date above and, where appropriate, let you know in the app.
