Privacy Policy

Last updated: April 9, 2026

This Privacy Policy explains how Diffui collects, uses, and stores information when you use the service, including when you sign in with Google OAuth.

Information collected

When you sign in or use Diffui, the service may collect:

• Basic account information returned by your sign-in provider, such as your email address, display name, and profile image.
• Information you submit in the product, such as prompts, generated outputs, project content, and settings you choose to save.
• Session and security data needed to keep you signed in and protect the service.
• Basic access log metadata such as IP address, user agent, request path, timestamp, and related operational diagnostics.

How information is used

Your information is used to:

• Authenticate your account and let you sign in with Google.
• Operate Diffui, save your work, and provide the features you request.
• Maintain service reliability, investigate abuse, prevent fraud, and debug operational issues.
• Administer billing or account-related actions if those features are used.

Analytics and tracking

Diffui may keep standard server-side access log metadata for operational and security purposes. Diffui does not use off-site tracking for your activity, does not send your browsing behavior to third-party analytics or ad networks, and does not use third-party tracking pixels for marketing.

Sharing of information

Information may be shared only when reasonably necessary to run the service, such as with:

• Google, when you choose Google OAuth to authenticate.
• Infrastructure or hosting providers that process data on behalf of the service.
• Payment processors, if you make purchases or add billing information.
• Authorities or legal recipients when required by law or to protect the service from abuse or security threats.

Diffui does not sell personal information.

Retention

Account and project data may be retained for as long as needed to operate the service, comply with legal obligations, resolve disputes, and enforce security measures. Access log metadata may be retained for a limited period for security, auditing, and operational troubleshooting.

Your choices

You can choose not to sign in with Google by not using Google OAuth. If you want your account data deleted or need a copy of data associated with your access, contact the Diffui operator through the same channel you used to obtain access to the service.

Changes

This Privacy Policy may be updated from time to time. Material changes will be reflected by updating the date at the top of this page.