Privacy policy

All privacy, support, business, safety, abuse, takedown, and GDPR data requests should be sent to contact@yellowforge.app.

Account data

• Email address
• OAuth provider profile information (Google or Discord) if you sign in via one of those
• Display name, if you provide one
• Avatar URL, if you provide one

Generation data

• Prompts
• Generated images and videos
• Generation parameters and model selection

Character training data

Source images uploaded for character training are retained only during training unless you explicitly opt in to keep them. Otherwise they are deleted within 30 days of training completion.

Workflow data

• Nodes, connections, and canvas state
• Saved workflows and drafts

Usage data

• Pages visited and features used
• Credits consumed
• Basic, anonymous analytics

Payment data

Payments are handled entirely by Stripe. We never see card numbers. We store only your Stripe customer ID and your subscription status.

Technical data

IP address, browser type, and device type, captured by our hosting providers (Vercel, Cloudflare, Supabase) for security and abuse prevention.

• Supabase, database, authentication, and storage, hosted in the EU (project region eu-central-2)
• Vercel, web hosting and edge network
• Cloudflare, CDN and DDoS protection
• Stripe, payment processing
• Meta, advertising measurement via the Meta pixel and Conversions API, only with your consent. Receives conversion events (sign-up, purchase) and a hashed email, never raw personal data or generated content.
• Serverless GPU compute providers, used to run AI generation requests
• Google Cloud Vision, optional NSFW and safety detection on generations
• Anthropic and OpenAI, optional prompt processing and moderation API calls

All images and videos generated through Yellowforge are produced by AI models. EU Digital Services Act Article 50 and the EU AI Act require that synthetic media be identifiable as such where deployed at scale.

To support this, Yellowforge offers an opt-in “Sign my generations” toggle in account settings. When enabled, the following metadata is embedded inside each generated PNG file as standard PNG text chunks (tEXt):

• The string “Yellowforge” as the producing software
• The generation ID, model used, prompt, and aspect ratio
• A timestamp and an optional workflow identifier

This metadata travels with the file when you share it. Anyone with basic image tooling can read it to verify the file’s origin. The toggle is off by default; nothing about you, your prompts, or your generations is embedded in your files unless you explicitly turn it on.

Video files do not currently carry embedded metadata, by design, because the container formats we produce do not have a consistent, portable equivalent of PNG tEXt chunks.

• Right of access, request a copy of your data
• Right to rectification, correct inaccurate data
• Right to erasure, delete your account and all associated data
• Right to data portability, export your data in a machine-readable format
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority. For French users, the relevant authority is the CNIL.

All requests are handled via contact@yellowforge.app. We respond within 30 days.

• Account data, retained while your account is active, deleted within 30 days of an account deletion request
• Generations, retained until you delete them or your account is closed
• Character source images, deleted by default within 24 hours of training completion, unless you opt in to retain them
• Payment records, retained for the legal minimum required by French and EU tax law, typically 10 years for invoicing
• Logs, 90 days

• Session cookies for authentication. These are essential and do not require consent.
• Marketing (Meta pixel and Conversions API), set only after you opt in through the consent banner. They let us measure which ads lead to sign-ups and purchases. When you sign up or pay, we send Meta the event plus a SHA-256 hashed version of your email; we never send Meta your raw email, your prompts, or any generated content. Decline, or clear the consent cookie, to turn this off at any time.

Yellowforge is restricted to users 18 years of age or older, given the uncensored nature of some available models. Users under 18 are prohibited from creating accounts and we do not knowingly collect data from minors. If we discover that an account belongs to a minor, it will be terminated immediately.

Yellowforge stores its primary database, authentication, and file storage in the European Union (Supabase, region eu-central-2). Other processors named in “Data processors we use” may be based in or transfer data through jurisdictions outside the European Union, including the United States and China.

Each of these processors is bound by its own privacy policy and terms of service. We do not have separate negotiated data processing agreements with these providers; we use them on their published commercial terms. By creating an account and using Yellowforge, you accept that the data described in this policy may be processed by the listed providers in their respective jurisdictions, subject to the privacy and security commitments each provider publishes:

• Supabase privacy policy
• Vercel privacy policy
• Stripe privacy policy
• Cloudflare privacy policy
• OpenAI privacy policy
• Anthropic privacy policy
• Serverless GPU compute providers: data sent consists of the prompts, reference images, and generation parameters needed to fulfill a single generation request. Refer to each provider’s published terms for their handling.

We may update this policy from time to time. Material changes will be notified by email or via in-app notice. Continued use of the service after such notice constitutes acceptance of the updated policy.

For any privacy, support, business, safety, abuse, takedown, or GDPR data request, write to contact@yellowforge.app.