Privacy Policy

This Privacy Policy describes how File Renamer AI ("the Service", "we", "us") collects, uses, and protects information when you access our website and application at filerenamerai.com.

1) Data We Access

We minimize data collection and only access what is necessary to provide the Service:

  • Google user data (OAuth): basic profile information (user ID, email) for sign‑in via Supabase. We do not request or access Google Drive files.
  • Uploaded content: images you voluntarily upload for renaming.
  • Service metadata: logs, timestamps, IP address, and device/browser information used for security and reliability.
  • Billing data: limited information from Stripe (e.g., customer ID, email, subscription status) to manage subscriptions and credits. Card details are never stored by us.

2) How We Use Data

  • Authentication: to sign you in with Google OAuth via Supabase and secure your session.
  • Providing the Service: to process your uploaded images with our vision‑language model and return suggested filenames.
  • Credits & billing: to maintain an account profile (email, credits balance) and apply subscription top‑ups from Stripe webhooks.
  • Security & operations: to detect abuse, debug issues, and improve reliability.

3) Data Sharing

We do not sell personal information. We share data only with service providers acting as processors:

  • Supabase (authentication and database for profiles/credits)
  • AWS (S3 for temporary file storage and results; SQS for job queueing)
  • Stripe (payments and subscription management)

These providers process data under their terms and security controls. We do not grant them permission to use your data for their own marketing purposes.

4) Storage & Protection

  • Uploaded images: stored temporarily in private S3 buckets to run the rename job, then written results (e.g., a JSONL manifest) to S3. All transfers use TLS; S3 data is encrypted at rest by AWS.
  • Google OAuth: handled by Supabase; we do not store your Google OAuth client secrets in the browser or persist Google access tokens on our servers beyond what Supabase manages for session handling.
  • Access control: API endpoints are protected by server‑side keys; the frontend uses a server proxy to avoid exposing secrets.

5) Retention & Deletion

  • Uploaded images: retained only as long as necessary to complete processing and deliver results; we aim to keep these artifacts short‑lived.
  • Results manifest: stored to S3 so you can fetch job results; you may request deletion at any time.
  • Account profile (email, credits): retained while your account remains active to provide the Service.

Deletion requests: email privacy@filerenamerai.com from your account email. Upon verification, we will delete associated stored data (profile/credits and any remaining job artifacts) unless we are required to retain it for legal, security, or billing purposes.

6) Your Choices & Controls

  • Revoke Google access: you can revoke access at any time from your Google Account permissions.
  • Sign out: you may sign out from the app to end your session.
  • Data deletion: contact us to delete stored data as described above.

7) Children’s Privacy

The Service is not intended for children under 13, and we do not knowingly collect information from children.

8) Changes to this Policy

We may update this policy from time to time. If changes are material, we will provide notice in the app or by email.

9) Contact

Questions or requests: privacy@filerenamerai.com

Last updated: 9/30/2025