Legal · Privacy

Privacy policy.

Effective April 27, 2026Last updated April 27, 2026

This Privacy Policy explains how LogoFactory, Inc. (“LogoFactory,” “we”) collects, uses, shares, and safeguards personal data when you use LogoFactory.ai (the “Service”). It applies to information processed in the course of providing the Service to individuals and to brand owners using the Service.

Scope
What we collect
How and why we use your data
Legal bases (EEA / UK)
When we share data
Service providers
Public gallery for unpurchased marks
AI models & training
Cookies & similar technologies
Retention
International transfers
Security
Your privacy rights
U.S. state privacy notices
Children's privacy
Changes to this policy
Contact us

1. Scope

This policy covers personal data we process as a controller — that is, data we determine the purposes and means for. Some third-party providers we rely on (Stripe, email senders, hosting, model providers) operate as their own controllers or as our processors; we describe those relationships in Section 6.

2. What we collect

Information you provide

Account information: email address, display name (optional), and authentication tokens used to verify sign-ins.
Brand brief content: company name, website URL, descriptions, color preferences, uploaded reference images, and any other text or files you submit to generate or refine logos.
Billing information: when you purchase credits or finalize a logo, our payment processor (Stripe) collects payment details. We receive and store only metadata such as the last four digits of the card, transaction status, and receipt URLs — not full card numbers.
Support communications: the contents of emails, support tickets, and feedback you send us.

Information we collect automatically

Usage data: pages visited, features used, generation requests issued, refinement counts, downloads, approximate timestamps, and the outcomes of those actions.
Device and connection data: IP address, browser type and version, operating system, language preference, and approximate location derived from IP.
Cookies and similar technologies: see Section 9.

Information from third parties

Site analysis: when you provide a website URL in your brief, we (or our model providers on our behalf) retrieve the publicly accessible HTML of that site to extract brand context (description, dominant colors, theme metadata).
Payment events: Stripe sends us webhook events about purchases, refunds, and disputes for your account.

3. How and why we use your data

Purpose	Examples of data used
Provide and operate the Service	Account info, brief content, generation outputs
Process payments and prevent fraud	Billing metadata, IP address, account history
Send transactional email	Email address, account events (sign-in codes, files-ready notifications, receipts)
Customer support	Account info, support communications, related transaction records
Improve product quality and reliability	Aggregated usage data, error logs, performance metrics; see Section 8 on AI training
Comply with legal obligations	Tax records, fraud-investigation requests
Enforce our Terms and protect users	Account info, IP logs, abuse signals
Public “Recently created” gallery	The visual mark only — we do not display your account info, the company name from your brief, the URL you supplied, or any other identifying detail. See Section 7.

4. Legal bases (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR (or UK GDPR):

Performance of a contract — to provide the Service you signed up for (Art. 6(1)(b)).
Legitimate interests — to keep the Service secure, prevent abuse, debug, and improve product quality (Art. 6(1)(f)). You may object at any time (see Section 13).
Consent — for non-essential cookies, certain email marketing, and any feature where we explicitly ask. You may withdraw consent at any time.
Legal obligation — to retain tax and accounting records and to respond to valid legal requests (Art. 6(1)(c)).

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. We disclose personal data only:

to the service providers listed in Section 6, under contracts that require them to protect your data and use it only for the purposes we specify;
to comply with applicable law, valid legal process, or enforceable government requests;
to investigate, prevent, or address suspected fraud, security issues, or violations of our Terms;
with your consent or at your direction; and
in connection with a corporate transaction (merger, acquisition, financing, or sale of assets), in which case we will provide notice and continue to honor commitments made in this policy.

6. Service providers

We rely on the following categories of providers to operate the Service. Each receives only the data needed for its function:

Hosting & infrastructure — runs our application, databases, and file storage.
Payments — Stripe, Inc. processes payments and tax calculation.
Email delivery — sends sign-in codes, transactional notices, and receipts.
AI model providers — generate logo concepts and analyze website content based on your brief. We send the minimum brief content needed to fulfill the request.
Analytics & error monitoring — measures feature usage and captures errors so we can fix bugs.

A current list of subprocessors is available on request — email support@logofactory.ai.

7. Public gallery for unpurchased marks

If you generate a brief and do not purchase a finalized mark within seven (7) days, LogoFactory may select one of the variants generated from your brief and add it to a public gallery on our website (the “Recently created” section). This is described in Section 5 of our Terms. From a privacy standpoint:

What appears in the gallery: the visual mark itself, an AI-generated concept name (e.g. “Forge wordmark”), and a relative timestamp.
What does not appear: your account email, the company name you entered in the brief, the website URL you supplied, your description text, or any other identifying detail tied to you. We do not link gallery entries to your account profile.
Legal basis (EEA / UK): performance of the contract between you and LogoFactory (Art. 6(1)(b)) — the Gallery is a structural part of the Service. Because no personal identifiers are displayed, gallery entries generally do not constitute personal data once published.
Removal: if a published mark resembles a trademark you own, or otherwise infringes your rights, email support@logofactory.ai with proof of rights and we will remove it promptly.
Pre-publication filtering: we apply automated and manual review to exclude marks that present a meaningful risk of trademark or copyright conflict. We do not guarantee that filtering will catch every such issue.

8. AI models & training

We use both first-party and third-party machine-learning models to generate logos and analyze brand inputs. We do not use your brief content, uploaded images, or generated logos to train our own foundation models without your explicit opt-in.

Some third-party model providers may temporarily process your brief content to fulfill the request. We choose providers whose terms commit to not retaining your inputs for their own model training by default, and we configure their APIs accordingly where the option exists.

9. Cookies & similar technologies

We use a small number of strictly necessary cookies (or equivalent local-storage entries) to keep you signed in, remember your theme preference, and maintain a stable session. We do not use third-party advertising cookies.

Where required by law (for example, in the EEA and the UK for non-essential cookies), we will ask for your consent before setting non-essential cookies and will provide a way to withdraw it.

10. Retention

We retain personal data for as long as we need it to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention windows:

Account & project data: for the life of your account, plus a short grace period after closure.
Generated and downloaded logo files: kept indefinitely so you can re-download — we will tell you in advance if we ever change this.
Billing & tax records: retained as required by tax law, generally seven (7) years.
Server and security logs: typically up to ninety (90) days.

11. International transfers

LogoFactory is based in the United States and our service providers operate globally. If you access the Service from outside the United States, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data-protection law as your home country.

When we transfer personal data out of the EEA, the UK, or Switzerland to a country not recognized as providing adequate protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement, or applicable Data Privacy Framework certifications.

12. Security

We use industry-standard administrative, technical, and physical safeguards to protect your data — encryption in transit (TLS), encryption at rest for sensitive fields, access controls, logging, and regular security review. No system is completely secure; you can help by using a strong, unique password equivalent and by reporting any suspected breach to support@logofactory.ai.

13. Your privacy rights

Depending on where you live, you may have rights to:

Access the personal data we hold about you;
Correct inaccurate or incomplete personal data;
Delete your personal data, subject to exceptions (legal obligations, fraud prevention, etc.);
Export a portable copy of your data;
Object to or restrict certain processing, including direct marketing;
Withdraw consent where we rely on it;
Opt out of sale or sharing of personal data (we do not sell or share for cross-context advertising);
Lodge a complaint with a supervisory authority (in the EEA, UK, or Switzerland).

To exercise any of these rights, email support@logofactory.ai from the email address on your account, or use the in-app data export and delete-account controls if available. We will respond within the timeframes required by applicable law (typically 30 or 45 days, with one possible extension).

14. U.S. state privacy notices

This section provides additional disclosures for residents of California, Colorado, Connecticut, Virginia, Utah, Texas, and other U.S. states with comprehensive privacy laws.

In the past twelve months we have collected the categories of personal information described in Section 2. We do not sell or share personal information for cross-context behavioral advertising, and we do not knowingly process the sensitive personal information of consumers under 16 without consent. We use sensitive personal information only as necessary to provide the Service and for the limited purposes permitted under California Civil Code §1798.121.

California residents may designate an authorized agent to make a request on their behalf and have a right not to receive discriminatory treatment for exercising their rights. To submit a request, see Section 13.

15. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to us, please contact us and we will delete it.

16. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email at least seven (7) days before they take effect, except where changes are required for legal or security reasons. The “Last updated” date at the top of this page reflects the current revision.

17. Contact us

For privacy questions, requests, or to designate an authorized agent, email support@logofactory.ai from the address on your account, or use the form on our contact page.

See our Terms of Service for the rest of the agreement governing your use of the Service.