Privacy Policy

Legal Notice

This Privacy Policy follows Waffo Pancake merchant review guidance. Before launch, replace all bracketed merchant details, retention periods, vendor names, jurisdictions, and contact addresses with final legal information. This page does not constitute legal advice.

1. Data Controller

The data controller for MapleSprite is [legal entity or individual merchant name], located at [registered or business address].

Privacy contact: [privacy contact email]

Data Protection Officer: [DPO name/contact or "not appointed"]

2. Personal Information We Collect

We collect information needed to provide, bill, secure, and improve MapleSprite.

Information you provide:

• Account details such as name, email address, password credentials, organization name, and account preferences.
• Billing details such as selected plan, transaction amount, payment status, invoices, and tax-related information.
• User content such as prompts, reference images, masks, generated assets, feedback, and workflow settings.
• Support messages, refund requests, billing questions, survey responses, and other communications.

Information collected automatically:

• Device and network data such as IP address, browser type, operating system, time zone, language, and approximate location inferred from network data.
• Usage data such as pages viewed, features used, generation events, credit balance changes, session duration, logs, and error reports.
• Security data such as authentication events, rate-limit events, suspicious activity signals, and audit logs.
• Cookies and similar technologies used for login sessions, preferences, analytics, and fraud prevention.

Payment card data is processed by Waffo Pancake or its payment infrastructure. MapleSprite does not store full card numbers on its servers.

3. How We Use Personal Information

We use personal information to:

• Provide and maintain the service.
• Create accounts, authenticate users, and manage sessions.
• Process payments, subscriptions, credits, invoices, taxes, refunds, and billing support.
• Generate, store, display, and let users manage digital outputs.
• Provide customer support and respond to requests.
• Send service notices about billing, security, policy updates, and account activity.
• Detect abuse, fraud, security incidents, and violations of the Terms.
• Improve performance, reliability, product design, and user experience.
• Comply with tax, accounting, legal, regulatory, and card-network obligations.
• Send marketing communications only where permitted by law or consent.

We may aggregate or de-identify data so it no longer identifies a specific person. We may use that data for analytics and product improvement.

4. Cookies and Tracking

MapleSprite uses strictly necessary cookies for login, security, routing, language preferences, and checkout. These cannot be disabled without affecting the service.

We may also use functional cookies for preferences, analytics cookies for product usage measurement, and marketing cookies only if enabled and lawful.

You can manage cookies through your browser settings or any cookie preference tool we provide. Blocking some cookies may limit functionality.

Analytics tools: [analytics provider names and privacy policy links]

5. Sharing and Disclosure

We do not sell personal information.

We share personal information only when needed for the service or when legally required:

• Payment processing: Waffo Pancake processes checkout, card payments, invoices, refunds, taxes, and payment status.
• Service providers: hosting, database, storage, email, authentication, analytics, support, monitoring, and security vendors.
• AI and workflow providers: providers that process prompts, images, masks, settings, or outputs to deliver generation features.
• Legal and regulatory recipients: courts, regulators, tax authorities, law enforcement, or card networks when required.
• Business transfers: if MapleSprite is involved in a merger, acquisition, financing, reorganization, or sale of assets.
• Consent: any other sharing that you explicitly authorize.

Service providers must process information only for contracted purposes and must protect it with appropriate safeguards.

6. Security

We use reasonable technical and organizational measures to protect personal information, including HTTPS/TLS, access controls, password hashing, audit logs, least-privilege access, backups, and security reviews.

No internet service is completely secure. You are responsible for safeguarding account credentials and notifying us of suspected unauthorized access.

If a security incident materially affects your rights, we will notify affected users and regulators as required by law, such as within [incident notification period, e.g. 72 hours] where applicable.

7. Retention

We retain personal information only as long as needed for the purposes described in this Policy.

• Account data: kept while the account is active and for [period] after closure.
• Transaction and invoice data: kept for [period] as required for tax, accounting, payment, and fraud-prevention obligations.
• User content and generated assets: kept until deleted by the user or for [period] after account closure, unless needed for security or legal reasons.
• Support records: kept for [period].
• Security and audit logs: kept for [period].

When retention ends, data is deleted, anonymized, or securely archived if lawful retention is required.

8. Your Rights

Depending on your location, you may have the right to:

• Know what personal information we collect and how we use it.
• Access a copy of your personal information.
• Correct inaccurate or incomplete information.
• Delete personal information.
• Restrict or object to certain processing.
• Receive data in a portable format.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications.

To exercise rights, contact [privacy contact email]. We will respond within [response period, e.g. 30 calendar days] unless law allows more time.

You may also have the right to complain to your local data protection authority.

9. Marketing Communications

If you opt in or if law otherwise permits, we may send product updates, offers, and educational messages. You can unsubscribe through email links, account settings, or by contacting support.

Unsubscribing from marketing does not stop service messages such as security notices, invoices, policy updates, and support responses.

10. International Transfers

MapleSprite, Waffo Pancake, and service providers may process information in [primary regions, e.g. United States, Singapore, European Union].

Where cross-border transfer rules apply, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, data processing agreements, or equivalent protections.

11. Children

MapleSprite is not directed to children under [13/16/18]. We do not knowingly collect personal information from children below that age. If you believe a child provided personal information, contact us and we will delete it where required.

12. Third-Party Links and Services

The service may link to or integrate with third-party websites, payment pages, AI providers, storage providers, or authentication services. Their privacy practices are governed by their own policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced at least [notice period, e.g. 15 days] before they take effect when practical. The updated date at the top of this page identifies the current version.

14. Contact

• Privacy: [privacy contact email]
• Support: [support contact email]
• Legal entity: [legal entity or merchant name]
• Mailing address: [street address, city, country]
• Service hours: [support hours and time zone]

Use of MapleSprite after this Policy takes effect means you acknowledge how personal information is handled as described here.