Privacy Policy

Fltrd is a creative photo editor. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Fltrd creative photo editor (the "Service").

2.1 Account Information

When you sign in with Google, we receive and store the following from your Google profile:

• Email address — to identify your account.
• Display name — to personalize your experience.
• Profile picture URL — to display your avatar in the app.

2.2 Payment Information

We do not directly collect or store your credit card numbers, bank account details, or other financial information. All payments are processed by our third-party payment processor, Dodo Payments. We only store:

• Subscription status (active, cancelled, etc.)
• Payment ID (from Dodo Payments, for reference)
• Plan type (monthly or yearly)

2.3 Your Photos & Content

2.4 Usage Analytics

We may collect anonymized, aggregated usage data such as which vibes are most popular and general usage patterns. This data cannot be traced back to individual users and is used solely to improve the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Authenticate your identity and manage your account.
• Process payments and manage your subscription status.
• Send important service-related communications (e.g., billing confirmations, security alerts).
• Detect and prevent fraud or abuse of the Service.

We do not use your information for targeted advertising. We do not sell your personal data to third parties.

We share your information only with:

• Supabase — our authentication and database provider. They process your login and store your profile/subscription data. (Supabase Privacy Policy)
• Dodo Payments — our payment processor. They handle your payment transactions. (Dodo Payments Privacy Policy)
• Google — for OAuth authentication. We receive basic profile info as described above.

We do not share your data with any other third parties, advertisers, or data brokers.

Your account data is stored on Supabase's infrastructure with Row Level Security (RLS) policies that ensure users can only access their own data. All data is encrypted in transit (TLS) and at rest.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

• Account data is retained as long as your account is active.
• Payment records are retained for legal and accounting purposes, typically for 7 years.
• Photos are never stored by us — they exist only in your browser session.

You may request deletion of your account and associated data at any time by contacting us.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and personal data.
• Export your data in a portable format.
• Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at the email below.

We use essential cookies only — specifically for maintaining your authentication session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or your personal data, contact us at: