Privacy Policy

Account and access data can include name, email address, password authentication data, login sessions, remember-me state, password reset tokens, workspace memberships, roles, invitations, invitation tokens, inviter details, acceptance status, and expiration dates.

Workspace and production data can include projects, game objects, blueprints, reusable prompts, negative prompts, visual identity names, palettes, locked rules, reference images, generated files, official asset selections, curation status, review decisions, queue items, generation events, and export-related metadata.

Technical and operational data can include IP address, user agent, session payload, last activity time, logs, failed jobs, queue diagnostics, storage paths, checksums, file size, MIME type, dimensions, provider identifiers, model settings, credit balance, credit transactions, and usage records.

We use information to authenticate users, route them to the correct workspace, enforce permissions, send invitations and password reset emails, run generation jobs, keep asset libraries synchronized, display official outputs, manage curation and review workflows, and maintain service reliability.

We use credit and transaction records to meter paid or included generation capacity, show balances in the interface, prevent accidental overuse, investigate failed generations, and reconcile billing once paid checkout is enabled.

For current AI features, prompts, visual identity instructions, negative prompts, reference images, and generation settings may be sent to OpenAI. If additional providers such as Google Gemini are enabled later, the same type of task-specific content may be sent to the provider selected for that model or project.

Provider processing is governed by the applicable provider terms, data processing terms, retention rules, abuse-monitoring policies, and account configuration. Users should avoid submitting confidential, sensitive, or third-party material unless they have permission and the configured provider terms support that use.

Assets Studio uses essential cookies and similar storage to keep users signed in, protect requests from cross-site request forgery, remember authentication where requested, and route users through onboarding or workspace flows.

The application may also use browser storage for interface preferences and workflow state, such as selected views, sidebar or panel state, refresh state, and other convenience settings. These are used to operate the product, not for third-party advertising.

Workspace information is visible to collaborators according to their workspace role and project permissions. Removing a user from a workspace removes their access to that workspace but does not delete the workspace's assets or projects.

We may use infrastructure, database, object storage, email delivery, AI model, logging, queue, analytics, and payment providers only as needed to run requested features, maintain security, process billing, and support the service.

Workspace records are retained while the workspace is active and as needed for recovery, audit, security, billing, dispute handling, legal compliance, and operational continuity. Generated assets and references may remain in object storage until deleted by workspace controls or an authorized operator process.

Assets Studio does not currently expose every privacy request as a self-service control. To request access, correction, export, deletion, or restriction, use the contact route provided on the website, inside the product, or in the agreement connected to your workspace.