Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how Diffui Inc. ("Diffui", "we", "us", or "our") collects, uses, and stores information when you use the service, including when you sign in with Google OAuth.

Information collected

When you sign in or use the service, we may collect:

• Basic account information returned by your sign-in provider, such as your email address, display name, and profile image.
• Information you submit in the product, such as prompts, generated outputs, project content, and settings you choose to save.
• Session and security data needed to keep you signed in and protect the service.
• Basic access log metadata such as IP address, user agent, request path, timestamp, and related operational diagnostics.

How information is used

Your information is used to:

• Authenticate your account and let you sign in with Google.
• Operate the service, save your work, and provide the features you request.
• Maintain service reliability, investigate abuse, prevent fraud, and debug operational issues.
• Administer billing or account-related actions if those features are used.

Analytics and tracking

We may keep standard server-side access log metadata for operational and security purposes. On public marketing pages (such as the homepage, pricing, and audience landing pages), we may use the Meta (Facebook) Pixel to measure visits and ad performance. That pixel does not run inside the signed-in product workspace.

Diffui Inc. does not sell personal information and does not use third-party ad pixels to track your in-app design or generation activity.

Sharing of information

Information may be shared only when reasonably necessary to run the service, such as with:

• Google, when you choose Google OAuth to authenticate.
• Infrastructure or hosting providers that process data on behalf of the service.
• Payment processors, if you make purchases or add billing information.
• Authorities or legal recipients when required by law or to protect the service from abuse or security threats.

Diffui Inc. does not sell personal information.

Retention

Account and project data may be retained for as long as needed to operate the service, comply with legal obligations, resolve disputes, and enforce security measures. Access log metadata may be retained for a limited period for security, auditing, and operational troubleshooting.

Your choices

You can choose not to sign in with Google by not using Google OAuth. If you want your account data deleted or need a copy of data associated with your access, contact Diffui Inc. through the same channel you used to obtain access to the service.

Changes

This Privacy Policy may be updated from time to time. Material changes will be reflected by updating the date at the top of this page.