Privacy Policy

BeastyLov Fursona Generator operates beastylovfursona.com. We are committed to protecting your personal data under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and all applicable privacy laws.

Data controller contact: beastylov@protonmail.com

Without an account:

• IP address (hashed with SHA-256 for rate limiting only — not stored in plain text);
• Browser type and language (standard server logs, deleted after 30 days);
• Anonymous usage analytics (species/theme counts — no personal identifier);
• Age consent timestamp (stored locally in your browser only — never sent to our servers).

With an account:

• Email address (authentication only);
• Username / display name (chosen by you);
• Avatar image (optional, uploaded by you);
• Generated fursonas (name, species, image, traits);
• Activity data (XP, level, streak count, generation count);
• Social data (follows, likes, comments you post).

We never collect: payment details, real names unless you provide them, precise location, or biometric data.

• Operate and provide the Service (authentication, saving fursonas, social features);
• Enforce rate limits to ensure fair use;
• Send transactional emails only (welcome, streak reminder) — never marketing without consent;
• Improve the Service through anonymous aggregated analytics;
• Enforce our Terms of Service and content policies;
• Comply with legal obligations including child protection laws.

We do not sell, rent, or share your personal data with third parties for any commercial purpose.

• Contract performance — processing necessary to deliver the Service;
• Legitimate interests — security, fraud prevention, rate limiting;
• Consent — streak reminder emails (unsubscribe at any time);
• Legal obligation — child protection reporting, law enforcement cooperation.

• Supabase — database & authentication. Privacy Policy
• Vercel — hosting & edge functions. Privacy Policy
• Upstash — Redis rate limiting (hashed IPs only, 24h expiry). Privacy Policy
• Replicate — AI image generation (prompts only, no personal data). Privacy Policy
• Resend — transactional email. Privacy Policy

• Account data: retained while your account is active;
• Generated fursonas: until you delete them;
• Server logs: auto-deleted after 30 days;
• Rate limit data (hashed IPs): expires after 24 hours;
• Age consent: stored in your browser for 30 days only.

• Access — request a copy of all data we hold about you;
• Rectification — correct inaccurate data via account settings;
• Erasure — request full deletion of your account and data;
• Portability — receive your data in a portable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — unsubscribe from emails at any time.

Contact: beastylov@protonmail.com — we respond within 30 days.

Strictly necessary cookies only:

• Session authentication cookie (Supabase Auth);
• HTTPS security cookie.

No advertising cookies, no tracking pixels, no third-party analytics cookies.

LocalStorage is used for: age consent flag, onboarding status, wishlist preferences. This data stays on your device and is never transmitted to our servers.

• HTTPS encryption for all data in transit (TLS 1.3);
• Row Level Security (RLS) enforced on all database tables;
• IP addresses hashed with SHA-256 before any processing;
• Passwords never stored (OAuth / Supabase Auth only);
• Service role keys stored server-side only, never exposed to clients.

This Service is strictly for users aged 18 and over. We do not knowingly collect data from minors. If we discover a minor has used the Service, we will immediately delete their data and terminate their account. If you believe a minor has accessed this Service, contact us at beastylov@protonmail.com.

Privacy requests: beastylov@protonmail.com

EU residents may also lodge a complaint with their national Data Protection Authority (DPA) if they believe their GDPR rights have been violated.