Stencil AI Logo
Stencil AI
Sign In
Back to Home

GDPR Compliance

General Data Protection Regulation Information

1. Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. This page explains how Stencil AI complies with GDPR requirements and your rights as a data subject.

GDPR primarily applies to users in the European Union and European Economic Area. If you are located outside these regions, similar data protection rights may apply under your local laws (such as UK GDPR, CCPA in California, or other regional regulations). Please contact us at privacy@stencilai.app for information about your specific rights.

2. Data Controller Information

Company: Stencil Labs, Simon Turkovič s.p.

Registration No.: 7414188000

VAT: SI29984688

Address: Kotnikova Ulica 5, 1000 Ljubljana, Slovenija

Privacy Email: privacy@stencilai.app

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • •Contract Performance: To provide our stencil generation services
  • •Consent: For analytics, marketing communications, and optional features
  • •Legitimate Interests: For security and fraud prevention, including collecting IP addresses (hashed) and device fingerprints during checkout to prevent trial abuse
  • •Legal Obligation: To comply with applicable laws

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation that your data is being processed and access to your personal data.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if incomplete.

Right to Erasure (Article 17)

You have the right to have your personal data erased under certain circumstances. You can delete your account using the button below.

Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data under certain conditions.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. You can manage your cookie preferences from the Cookie Settings page.

To exercise any of these rights (except account deletion which can be done below), please email us at privacy@stencilai.app with the subject line "GDPR Rights Request".

5. Data Processing Activities

Account Management

Purpose: User registration and authentication

Data Types: Name, email, password hash

Legal Basis: Contract performance

Retention: Until account deletion

Stencil Generation

Purpose: Processing uploaded images to create stencils

Data Types: Uploaded images, generated stencils

Legal Basis: Contract performance

Retention: 30 days

Analytics

Purpose: Service improvement and usage analysis

Data Types: Usage data, IP addresses (with consent), device fingerprint (with consent)

Legal Basis: Consent (Performance cookies)

Retention: 3 years

Marketing

Purpose: Newsletter and promotional communications

Data Types: Email address, preferences

Legal Basis: Consent

Retention: Until consent withdrawal

Fraud Prevention

Purpose: Preventing trial abuse and fraudulent transactions during checkout

Data Types: IP address (hashed), device fingerprint

Legal Basis: Legitimate interest

Retention: Until account deletion

6. Data Transfers

We may transfer your personal data to countries outside the EEA. When we do so, we ensure adequate protection through:

  • •Adequacy decisions by the European Commission
  • •Standard Contractual Clauses (SCCs)
  • •Binding Corporate Rules
  • •Certification schemes

7. Data Breach Procedures

In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will:

  • •Notify the relevant supervisory authority within 72 hours
  • •Inform affected individuals without undue delay
  • •Provide clear information about the breach and our response
  • •Take immediate steps to mitigate the impact

8. Automated Decision Making

We use automated processing for:

  • •Fraud Detection: To protect against unauthorized access
  • •Content Moderation: To detect inappropriate uploaded content
  • •Service Optimization: To improve stencil generation quality

You have the right to request human intervention, express your point of view, and contest any automated decision that significantly affects you.

9. Children's Data

We do not knowingly process personal data of children under 16 years of age (or the applicable age of consent in your jurisdiction). If we become aware that we have collected such data, we will delete it promptly.

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For users in the EU, you can find your local data protection authority at: https://edpb.europa.eu/about-edpb/board/members_en

11. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month (extendable by two months for complex requests).

Email: privacy@stencilai.app

Subject Line: GDPR Rights Request

Required Information: Your full name, email address, and specific request

12. Identity Verification

To protect your privacy, we may need to verify your identity before processing certain requests. This may involve requesting additional information or documentation.

Quick Actions

Contact Us About Privacy