Evercrate
FR EN ES DE

Evercrate — Privacy Policy

Effective date: October 2, 2025

Entity: Mollusc AI, Inc. (“Evercrate,” “we,” “us,” “our”)

Contact for privacy requests: contact@evercrate.app

Summary

We collect the minimum personal information needed to operate Evercrate, generate stories and stylized images, keep accounts secure, and improve reliability. We do not sell personal information and we do not “share” it for cross-context behavioral advertising.

Scope & Controller

This Policy covers personal information processed by the Evercrate iOS app and related services. Mollusc AI, Inc. is the controller for your account information.

Data We Collect

  • Account & Contact: name/handle, email, authentication identifiers (for example, from single sign-on providers), profile settings.
  • Uploads: prompts, names, and photos you provide (originals handled ephemerally as described below).
  • Output: stories and stylized images generated for you (stored in your library until you delete them or close your account).
  • Device & Usage: app version, device/OS, IP (security), event logs (e.g., create, export), performance and crash diagnostics.
  • Payments: limited transaction metadata from payment processors; we do not store full payment card details.
  • Communications: your messages to support and preferences (e.g., marketing opt-in).

Sources

We collect data directly from you, automatically from your devices, and from payment processors in connection with purchases.

How We Use Data

  • Provide, maintain, and improve the Service and features (including AI processing and reliability).
  • Create and deliver Output you request.
  • Authenticate users; prevent abuse/fraud; secure accounts; enforce Terms.
  • Communicate about the Service (transactional emails, updates, security notices).
  • Comply with legal obligations and process valid law-enforcement requests.

Legal Bases (where applicable)

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure and improve the Service, prevent abuse, and understand usage (balanced against your rights).
  • Consent: for optional communications (e.g., marketing) or features where required by law.
  • Legal obligation: to comply with applicable laws and requests.

AI Processing & Human Review

We use third-party AI processors to turn your inputs into Output. Where configurable, we disable training on your personal data and require processors to act as our service providers. We may perform limited human review for abuse/safety investigations and quality under access controls.

Photos & Temporary Storage

Original photos are processed via temporary storage only and are automatically deleted after processing within a reasonable processing time. We do not keep a copy of your original photo in your account. Your Output remains in your library until you delete it or close your account.

How We Share Data

  • Service Providers: hosting, storage/CDN, AI processing, authentication, payments, email/push, and (if enabled) analytics/crash reporting. They act on our instructions, protect data, and cannot use it for their own purposes.
  • Legal/Safety: to comply with law, protect rights, safety, and the Service, or respond to lawful requests.
  • Corporate Events: in a merger, acquisition, or asset transfer, your information may be transferred consistent with this Policy.

We do not sell personal information and do not “share” it for cross-context behavioral advertising.

Cookies & Tracking

Our website uses essential cookies (e.g., for sign-in). We do not use ad networks. If we add analytics or non-essential cookies in the future, we will update this Policy and, where required, request consent.

Security

We use industry-standard safeguards, including encryption in transit (TLS) and encryption at rest provided by our cloud providers, along with access controls and least-privilege practices. No system is 100% secure; use strong, unique passwords and keep your devices up to date.

Retention

  • Account & Output: kept while your account is active; you may delete Output anytime; accounts can be deleted in-app. Account deletion generally completes within about 30 days; backups typically roll off within about 90 days.
  • Photos (originals): temporary only; deleted after processing within a reasonable processing time.
  • Operational/diagnostic data: retained only as long as necessary for the purposes described, then deleted or anonymized.

Your Rights & Choices

  • Access/Deletion/Portability: Use the in-app Delete Account flow or email contact@evercrate.app. We will verify your request and respond within applicable timeframes.
  • Marketing: We send product/marketing emails only with your consent; unsubscribe anytime. Push notifications are opt-in and controllable in device settings.
  • Do Not Track: We do not respond to DNT signals.

GDPR/UK: Where applicable, you have rights to access, correct, delete, restrict, object to certain processing, and portability. You may lodge a complaint with your local supervisory authority.

U.S. State Notices (including CCPA)

  • Categories collected: identifiers (e.g., email), internet/activity information (usage), commercial information (transactions), and user content (Uploads/Output). Sensitive data, if any, is used only to provide the Service at your direction.
  • Sources: you, your device, payment processors.
  • Purposes: as described in “How We Use Data.”
  • Disclosure: to service providers for business purposes; we do not sell or “share” personal information for cross-context behavioral advertising.
  • Rights: access, deletion, correction (where applicable), and the right to limit use of sensitive personal information (if applicable). Exercise via in-app controls or contact@evercrate.app. We verify requests and do not discriminate for exercising rights.

Children’s Privacy

The Service is intended for use by adults/parents/guardians. We do not knowingly collect personal information from children under 13 for their own independent accounts. If we learn such information was collected without appropriate consent, we will delete it.

Data Locations & Transfers

Information is primarily processed in the United States and may be transferred to other locations where we or our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

Policy Updates

We may update this Policy. Posting the updated Policy in-app or on our site constitutes notice; updates are effective on posting unless stated otherwise.

Contact

Questions or requests: contact@evercrate.app