FxCanvas Privacy Policy
Effective Date: 2025-12-31
Summary (non-legally binding)
This summary is provided for convenience only and does not replace the Privacy Policy below.
If there is any conflict between this summary and the Policy, the Policy controls.
- We don’t sell your data: FxCanvas does not sell your personal data.
-
Essential cookies only: We use only strictly-necessary cookies (or similar mechanisms) to make the Service work
(for example session/login and abuse prevention).
-
API token storage: FxCanvas does not store your API token in plaintext on our servers (you should still treat tokens as secrets).
-
Public by design: All assets served by the CDN are public (anyone with the URL can access them).
Do not store sensitive or regulated data in images.
-
Cache artifacts may be public: Some intermediate/cache images may also be publicly accessible by URL
(the endpoint isn’t intentionally advertised, but you should note that URLs could be included in some logs).
-
Cross-border processing: Data may be processed in multiple countries. Even if you select EU storage for stored images,
some caching/operational processing may occur outside the EU (including in Eastern North America).
-
Retention: Stored images can remain until you request deletion (during Alpha: via email). Operational and metering logs
follow the retention of our infrastructure/logging/analytics providers.
-
Contact: Privacy requests/questions: compliance@fxcanvas.com.
This Privacy Policy explains how FxCanvas (“FxCanvas”, “we”, “us”) collects, uses, discloses, and protects information when you access or use
FxCanvas (the “Service”). FxCanvas is operated by Daniel Belohlavek (Buenos Aires, Argentina). This Policy is intended to be readable and
applicable to users globally.
This Privacy Policy is not legal advice.
1. Scope
This Policy applies to:
- our API/RPC rendering service;
- storage and CDN delivery features for Stored Images;
- our support communications (email);
- any websites or documentation we publish that link to this Policy.
This Policy does not cover third-party services you use alongside FxCanvas.
2. Key Definitions
- “Account Data” means information used to create and manage your account (e.g., email, name/handle, organization, billing status).
- “API Data” means data processed when you call the API, including Inputs, Outputs, and related request metadata.
- “Inputs” means data you submit to the Service (e.g., canvas instructions, assets, images, fonts, text).
- “Outputs” means data produced by the Service (e.g., rendered images).
- “Stored Images” means Outputs you choose to store using FxCanvas storage/CDN.
- “Transient Mode” means requests where the final Output is returned in the response and not intentionally stored as a Stored Image.
- “Operational Data” means logs, metrics, traces, and security/abuse-prevention signals.
- “Metering Data” means usage records used for billing or usage measurement (e.g., request counts, storage usage, CDN request counts, AI generation counts).
- “Cache Artifacts” means intermediate and/or final render artifacts stored temporarily in internal caches for performance, reliability, debugging, abuse prevention, security, third-party-service operation, and improvement.
- “Public Asset” means an image or artifact that is retrievable without authentication (for example via a direct URL).
3. Information We Collect
3.1 Information you provide
- Account Data: your email address and any information you provide in communications with us.
- Support Data: the content of emails you send to support, including attachments and troubleshooting information you choose to share.
-
Billing-related identifiers: we may receive limited billing-related information from our payment provider (see Section 8),
such as subscription/transaction identifiers and payment status. We do not intend to store full payment card details.
3.2 Information processed when you use the Service (API Data)
- Inputs you submit for rendering, AI generation, storage, or delivery.
- Outputs produced by the Service (including Stored Images).
- Request metadata: timestamps, request sizes, rate-limit events, error codes, and related technical metadata.
- CDN/storage access events for Stored Images (e.g., request counts, object operations).
3.3 Cookies and similar technologies
- We use only essential cookies (or similar strictly-necessary mechanisms) needed for the Service to function (for example to keep you logged in, maintain session state, and help protect against abuse).
- We do not use cookies for advertising tracking.
3.4 Authentication data (API tokens)
- API tokens are used to authenticate requests to the Service.
- We do not store your API token in plaintext on our servers. (You should still treat tokens as secrets and store them securely on your side.)
4. Public Nature of CDN-Served Assets and Cache Artifacts (Important)
FxCanvas provides storage and CDN features where assets are delivered as public URLs.
4.1 Stored Images served via CDN are public
All assets served by the CDN are public. This means that anyone with the URL may be able to access the content, and the content is not
protected by authentication or access controls at the CDN layer.
You are responsible for ensuring you do not store or publish sensitive, confidential, personal, or regulated data in Stored Images unless you
are comfortable with that data being publicly accessible.
4.2 Cache Artifacts may also be public
Some intermediate render artifacts and other Cache Artifacts may also be public and retrievable without authentication. These Cache Artifacts
are used for operational and third-party-service integration purposes (for example, to support rendering workflows that depend on intermediate
images).
While the underlying bucket/object endpoint for Cache Artifacts is not intentionally advertised and is not intended to be accessed by a wide
public audience, you should assume that Cache Artifacts are public and may be accessed by anyone who obtains the URL.
Accordingly, you should not include sensitive, confidential, personal, or regulated information in Inputs if the resulting Outputs or Cache
Artifacts would contain that information.
5. How We Use Information
We use collected information to:
- Provide and operate the Service (rendering, storage, CDN delivery).
- Authenticate requests, manage API tokens, enforce rate limits, and prevent abuse.
- Maintain, debug, and improve the Service (including reliability, performance, quality, and feature development).
- Measure usage for metering and billing support.
- Communicate with you (service announcements, changes to Terms/Policy, support responses).
- Comply with legal obligations and enforce our Terms of Service.
Alpha note: During the invite-only Alpha, use of Inputs and Outputs for service improvement is required as described in the
Terms of Service.
6. Storage, Caching, and Retention
6.1 Stored Images (long-term storage)
If you enable storage, your Stored Images may be retained long-term until you request deletion, your account is terminated, or we otherwise
delete them in accordance with the Terms and this Policy.
During Alpha, deletion of Stored Images is handled via email to
compliance@fxcanvas.com.
6.2 Transient Mode
In Transient Mode, FxCanvas does not intentionally store the final Output as a Stored Image. However, FxCanvas may still create and
temporarily retain Cache Artifacts and Operational Data.
6.3 Cache Artifacts (intermediate/internal caching)
The Service may retain Cache Artifacts for as long as needed for performance, reliability, debugging, abuse prevention, security,
third-party-service operation, and service improvement. Cache Artifacts are not intended to be user-accessible and are not treated as Stored
Images, even if they include intermediate or final render outputs.