Privacy Policy
Last Updated: February 22, 2025
Introduction
NextUI Inc. ("Company," "we," "us," or "our") operates HeroUI Studio, an AI-powered creative design platform. We prioritize your privacy and are committed to protecting your personal information. By accessing or using HeroUI Studio (the "Service"), you accept the practices outlined in this Privacy Policy.
This Privacy Policy works alongside our Terms of Service. Material changes will be communicated via email or a notice within the Service.
What This Policy Covers
"Personal Data" refers to any information that identifies or could reasonably identify an individual, or constitutes "personally identifiable information" under applicable privacy laws. This policy does not cover third-party services that we integrate with — those are governed by their own privacy policies.
Categories of Personal Data Collected
Account Information
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication (magic link), billing, and communications |
| Display name (optional) | Personalization of your account |
| Avatar URL (optional) | Profile display |
Usage and Project Data
| Data | Purpose |
|---|---|
| Projects (name, description, thumbnail) | Core service functionality — storing and organizing your work |
| Canvas states (nodes, edges, viewport) | Saving and restoring your workspace |
| Uploaded files and assets (e.g. SVGs, images) | Input for AI generation, animation, and design features |
| AI generation history (prompts, inputs, outputs) | Displaying generation results and enabling iterative workflows |
AI Interaction Data
| Data | Purpose |
|---|---|
| Text prompts submitted for generation | Processing your AI requests |
| Design asset data (input and output code, markup, configurations) | AI processing and result storage |
| Generation parameters (e.g. animation duration, easing, style options) | Configuring your outputs |
| Model metadata (tokens used, completion status) | Service optimization and credit accounting |
Payment and Billing Data
| Data | Purpose |
|---|---|
| Stripe customer and subscription IDs | Payment processing and subscription management |
| Purchase records (amount, credits, plan type) | Transaction history and credit allocation |
| Credit balance | Tracking your available usage |
Note: We do not store your credit card number, CVV, or full payment card details. All payment processing is handled directly by Stripe, a PCI-DSS Level 1 certified payment processor. See Stripe's Privacy Policy.
Device and Analytics Data
| Data | Purpose |
|---|---|
| IP address, browser type, device information | Security, analytics, and service optimization |
| Page views and usage patterns | Understanding how the Service is used to improve it |
How We Use Your Data
We collect and process Personal Data to:
- Provide, operate, and maintain HeroUI Studio
- Create and manage your account
- Process AI generation requests and deliver results
- Process payments and manage subscriptions
- Track and allocate credits
- Send transactional communications (account verification, purchase receipts)
- Improve and optimize the Service
- Detect and prevent fraud or abuse
- Comply with legal obligations
Third-Party Services and Data Sharing
We share data with the following categories of third-party service providers, strictly as necessary to operate the Service:
AI Processing Providers
- Google (Gemini) — Your text prompts and design asset data are sent to Google's Gemini API for AI generation, animation, and other creative tasks. See Google's Privacy Policy.
- OpenAI — Text prompts and asset data may be sent to OpenAI for prompt improvement and content generation features. See OpenAI's Privacy Policy.
Infrastructure and Services
- Stripe — Email and payment data for billing and subscription management. See Stripe's Privacy Policy.
- InstantDB — Account data, project data, and authentication tokens for database and auth services. See InstantDB's Privacy Policy.
- Vercel — Device and analytics data for hosting and usage analytics. See Vercel's Privacy Policy.
We do not sell your Personal Data to third parties. We may share aggregated, de-identified data that cannot reasonably identify you. Personal Data may be transferred to third parties in the event of a merger, acquisition, or business transfer.
Cookies and Tracking
HeroUI Studio uses cookies and similar technologies for:
- Essential cookies — Required for authentication and core functionality (session tokens, auth state)
- Analytics cookies — Used by Vercel Analytics to understand usage patterns and improve the Service
You can control cookie acceptance through your browser settings. Disabling essential cookies may prevent you from using the Service.
Data Security
We implement appropriate technical and organizational security measures to protect your Personal Data, including:
- Encrypted data transmission (HTTPS/TLS)
- Token-based authentication with secure verification
- Server-side environment variables for sensitive API keys
- Stripe webhook signature verification for payment events
- Ownership-based access controls on projects and resources
However, no method of transmitting data over the internet or storing data is completely secure. You are responsible for keeping your account credentials safe and signing out after sessions on shared devices.
Data Retention
We retain your Personal Data for as long as necessary to provide the Service:
- Account data — Retained while your account is active
- Project and generation data — Retained while your account exists and projects are not deleted
- Payment records — Retained as required by applicable tax and financial regulations
- Analytics data — Retained in aggregated form for service optimization
Upon account deletion, we will remove your Personal Data within a reasonable timeframe, except where retention is required by law.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
- Access — Request a copy of the Personal Data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your data (subject to legal retention requirements)
- Portability — Request your data in a structured, machine-readable format
- Objection — Object to certain types of processing
- Withdrawal of consent — Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at support@heroui.com. We will respond to your request within 30 days.
Children's Privacy
HeroUI Studio is not directed at children under 13 years of age. We do not knowingly collect Personal Data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with Personal Data, please contact us at support@heroui.com.
State-Specific Rights
California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what Personal Data is collected, request deletion, and opt out of the sale of Personal Data. As noted above, we do not sell your Personal Data.
Do Not Track
HeroUI Studio does not currently respond to "Do Not Track" browser signals, as there is no industry-standard approach for honoring these signals. We will update this policy if a standard is established.
Nevada Residents
We do not sell your Personal Data as defined under Nevada Revised Statutes Chapter 603A.
International Data Transfers
Your data may be processed and stored in the United States or other countries where our service providers operate. By using HeroUI Studio, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international transfers.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice within the Service. Your continued use of HeroUI Studio after changes take effect constitutes acceptance of the updated policy.
Contact Information
If you have questions about this Privacy Policy, please contact us at:
- Email: support@heroui.com
- Company: NextUI Inc.