IQON
Pricing
← Back to Home

Privacy Policy

Last updated: May 2026

1. Introduction

Welcome to IQON ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered asset generation platform. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Your email address and authentication credentials when you create an account, and profile information from third-party sign-in providers (such as Google) if you choose to use them.
  • Content You Provide: Website URLs you submit for brand extraction, prompts and instructions you write, brand guidelines and reference images you upload, and any other content you provide through the Service.
  • Generated Content: The AI-generated assets produced through your use of the Service, along with the prompts and parameters that produced them.
  • Usage Data: How you interact with the Service, including features used, pages visited, actions taken, and preferences set.
  • Payment Information: Subscription and billing details, handled directly by our payment processor (Stripe). We do not store your full card number or banking details.
  • Technical Data: IP address, browser type, device identifiers, and access logs collected automatically when you use the Service.

3. How We Use Your Information

We use the information we collect for the following purposes, along with the legal basis where applicable under privacy law:

  • Service delivery: Providing, operating, and maintaining the Service (contractual necessity)
  • Billing: Processing payments and managing your subscription (contractual necessity)
  • Communications: Sending transactional and support messages related to your account (contractual necessity)
  • Security and fraud prevention: Detecting, investigating, and preventing abuse or unauthorized access (legitimate interest)
  • Service improvement: Analyzing anonymized and aggregated usage patterns and prompt data to improve the platform and AI outputs (legitimate interest)
  • Legal compliance: Meeting our obligations under applicable law, including tax and financial record-keeping requirements (legal obligation)

We do not sell your personal data or use it to serve you third-party advertising. We do not use identifiable prompts or generated content to train AI models without your explicit consent.

4. AI Processing and Third-Party Model Providers

The Service uses third-party AI infrastructure to generate brand assets. You should be aware that:

  • Prompts, brand instructions, and content you submit are transmitted to Google's Gemini API for processing. Google's data handling practices are governed by their API terms and privacy policies.
  • Website URLs you submit are processed by Firecrawl, a third-party web scraping service, which retrieves and returns the content of those pages on our behalf.
  • By using these AI-powered features, you consent to your inputs being transmitted to these providers solely for the purpose of generating your requested output.
  • We do not share your account identity with these providers — inputs are transmitted without personal identifiers where technically feasible.

5. Data Storage, Security, and International Transfers

Your data is stored on servers located in the United States (AWS us-east-2 region), operated by Supabase. We use industry-standard encryption in transit (TLS) and at rest. Generated assets are stored in secure cloud object storage.

If you are accessing the Service from Canada, the European Union, or another jurisdiction outside the United States, please be aware that your data will be transferred to and processed in the United States. By using the Service, you acknowledge and consent to this transfer. We take reasonable steps to ensure your data receives an adequate level of protection in accordance with this Privacy Policy.

6. Data Retention

We retain different categories of data for different periods based on operational need and legal requirements:

  • Account and profile data: Retained for the life of your account. Deleted within 90 days of account closure, except where retention is required by law.
  • Generated assets: Retained for the life of your account. Deleted within 90 days of account closure.
  • Prompts and generation history: Retained for up to 2 years from the date of creation for fraud prevention, abuse review, and dispute resolution purposes. After account closure, identifiable prompt data is deleted within 90 days.
  • Billing and financial records: Retained for 7 years as required by Canadian tax law (Canada Revenue Agency).
  • Security and access logs: Retained for up to 1 year for security monitoring and fraud investigation.
  • Anonymized and aggregated data: Data that has been stripped of personal identifiers may be retained indefinitely for analytics and product improvement.

7. Third-Party Services

We use the following third-party services, each of which may process your data as described:

  • Supabase: Database, authentication, and file storage (US)
  • Vercel: Application hosting and edge network; processes all incoming requests (US)
  • Google Gemini API: AI image and text generation; receives prompts and brand content you submit
  • Google OAuth: Optional sign-in via your Google account
  • Firecrawl: Web scraping service; processes URLs you submit to extract brand information
  • Stripe: Payment processing; handles all billing and subscription data

Each provider operates under its own terms of service and privacy policy. We encourage you to review their policies if you have questions about how they handle your data.

8. Your Rights and How to Exercise Them

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated personal data, subject to our retention obligations
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at support@tryiqon.ai with the subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before processing your request.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at support@tryiqon.ai and we will take prompt steps to delete it.

10. Marketing Communications

We will only send you marketing or promotional communications if you have provided express consent, in accordance with Canada's Anti-Spam Legislation (CASL). You may withdraw consent and unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at support@tryiqon.ai. Withdrawing consent does not affect the delivery of transactional messages related to your account or subscription.

11. Cookies

We use essential cookies to maintain your session and authentication state. We do not use tracking cookies or share cookie data with third parties for advertising purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@tryiqon.ai.