Privacy Policy

1. What we collect

When you sign in with Google, we receive your email address, name and profile picture. While you use Kubock we store the projects and media (images, videos, audio, text) you create or upload, together with basic metadata needed to display them.

We also log basic technical information needed to run the service, such as request times and rate-limit counters. We do not use third-party advertising trackers.

2. How we use your data

Your data is used to operate Kubock: authenticate you, save your work, show you your library, generate content on your behalf using the API keys you provide, and power admin features like usage analytics. We do not sell your data and we do not train AI models on your content.

3. Third-party processors

Kubock uses the following providers. Your data passes through them only as needed to run the service:

• Google — authentication (email, name, profile picture).
• Supabase — database and file storage (projects, canvases, media, encrypted API keys).
• Vercel — hosting and request logs.
• fal.ai, Civitai, OpenAI, Anthropic, Google Gemini — AI generation. Prompts, reference images and reference videos are sent to these providers to produce output. Calls are authenticated with the API keys you have configured in your profile (see section 4).

Each provider has its own privacy terms. By using Kubock you accept that your content may be processed by them to deliver the features you request.

4. API keys (Bring Your Own Keys)

Kubock is a BYOK platform: you provide your own API keys for fal.ai, Google Gemini, Anthropic, OpenAI and Civitai. Generations bill directly to your accounts at each provider, not to us.

Your keys are encrypted with AES-256-GCM on our server before being written to the database, using a master secret stored only in our hosting environment. They are never logged, never returned to your browser, and never shared with any third party other than the provider that issued them. Rotating or deleting a key is a single click in your profile.

A full technical description of how keys are handled, along with steps to verify it yourself in your browser, is available on our Security page.

5. Cookies and local storage

Kubock uses the cookies required for authentication (Google sign-in session) and local storage to remember your theme, UI preferences and large files such as imported PDFs that stay on your device. No advertising or cross-site tracking cookies are used.

6. Retention

Your content stays in your account until you delete it or close your account. If you ask for your account to be removed we delete your projects, canvases, library and encrypted API keys from our database and storage within 30 days. Backups may hold residual copies for a short additional period before rotation.

7. Your rights

You can access, export or delete your content from inside the app. If you are in the European Union or the United Kingdom you also have the right under GDPR to request a copy of your data, correct it, object to processing or withdraw consent. Send requests to the contact form.

8. Security

Data is transmitted over HTTPS and stored with row-level security in Supabase. API keys are encrypted with AES-256-GCM. No system is perfectly safe; we do our best but cannot guarantee absolute protection against breaches. See our Security page for the full model and our responsible-disclosure contact.

9. Children

Kubock is not intended for users under 16. If you believe a minor has created an account, contact us and we will remove it.

10. International transfers

Our providers operate servers in the United States and the European Union. Using Kubock means your data may be transferred and processed in those regions.

11. Changes

We may update this policy. The updated date at the top of the page will change. Continued use of Kubock after an update means you accept the new version.

12. Contact

Privacy questions: the contact form. Security reports: support@kubock.com.