Privacy Policy
Last updated: April 17, 2026
Who We Are
This Privacy Policy explains how QuickComic ("we," "us," "our") collects, uses, and protects information when you use our comic book generation platform (the "Service"). We are based in Italy and are the data controller for the personal information processed through the Service.
Contact: mf.matozza@gmail.com
Data Protection Officer: Michele Matozza
Our Privacy Promise, In Plain English
We built this product for families, and we treat your data the way we'd want ours treated. Specifically:
- We do not sell your personal information to anyone, ever.
- We do not use your photos, voice recordings, or stories to train AI models — not ours, not anyone else's.
- Photos you upload are deleted automatically after your comic is generated, typically within 24 hours. You can also delete them manually at any time.
- Voice recordings are transcribed and then immediately discarded unless you explicitly ask us to keep them.
- We only keep what we need to deliver the Service to you — your account, your purchased comics, and the records we're legally required to keep (like payment receipts).
- You can delete your account and all associated data at any time, and we will actually delete it.
The rest of this policy explains the details.
Information We Collect
Information You Give Us Directly
Account information. When you sign in, we collect your email address and, if you use Google or Apple sign-in, your name and profile identifier provided by those services. We do not see or store your password.
Story content. The text or voice recording of the story you want turned into a comic. If you use voice input, we transcribe the audio to text and delete the audio recording immediately after transcription.
Photos (when available in the product). Photos you upload for character generation. These are stored encrypted, used only to generate your comic, and deleted automatically after generation is complete or within 24 hours, whichever is sooner. You can also delete them manually at any point before that.
Payment information. When you purchase comics or credits, payment is processed by our payment provider (Polar, which handles Stripe, Apple Pay, and Google Pay). We do not receive or store your full card number. We do receive and store a transaction ID, the amount paid, the last four digits of the card (where provided by the payment processor), and the billing email, as required for tax, accounting, and refund purposes.
Information We Collect Automatically
Technical data. IP address, device type, browser type, operating system, and approximate location (city level, derived from IP). This is collected for security, fraud prevention, and to make the Service work correctly.
Usage data. Which pages you visit, which features you use, how long generation takes, whether errors occur. This is aggregated and used to improve the Service.
Cookies and similar technologies. We only use strictly necessary cookies and browser storage to keep you signed in and remember UI preferences (like the sidebar layout). We do not use advertising, analytics, or cross-site tracking cookies. For the full list, see our Cookie Policy.
Information We Do Not Collect
We do not collect information about your browsing on other websites. We do not access your phone's contacts, calendar, microphone (except when you actively record a voice story), or camera roll beyond the photos you explicitly select to upload. We do not use third-party advertising trackers.
Children's Information
Our Service is designed for parents to create comics about their children. The Service is intended for use by adults (18 and over). Children do not create accounts on our Service.
Because parents may upload photos of their children and write stories about them, we take special care:
- Photos of children are deleted automatically after comic generation.
- We do not use photos or stories about children to train AI models.
- We do not share photos or stories with any third party except the AI processing providers strictly required to generate your comic, and only for that purpose.
- Parents have full control and can delete any content at any time.
We comply with the Children's Online Privacy Protection Act (COPPA) in the United States, the General Data Protection Regulation (GDPR) in the European Union (including specific protections for minors under Article 8), and applicable laws in other jurisdictions.
If you believe a child has created an account without parental consent, please contact us immediately at mf.matozza@gmail.com and we will delete the account.
How We Use Your Information
We use your information only for the following purposes:
To provide the Service. Generating your comics, storing your library of purchased comics, delivering the reader experience, processing payments, and providing customer support.
To communicate with you. Sending transactional emails (receipts, comic-ready notifications, password resets). We do not send marketing emails unless you explicitly opt in, and you can opt out at any time.
To improve the Service. Using aggregated, de-identified usage data to understand what works and what doesn't. We do not use individual stories, photos, or comics for this purpose.
To keep the Service secure. Detecting fraud, abuse, and security threats.
To comply with legal obligations. Tax reporting, responding to lawful requests from authorities, and meeting record-keeping requirements.
We do not use your information to train AI models, build advertising profiles, sell to data brokers, or share with marketers.
How Long We Keep Your Information
We follow a principle of minimum retention. Specifically:
| Data Type | Retention Period |
|---|---|
| Uploaded photos | Deleted within 24 hours of comic generation, or immediately on user request |
| Voice recordings | Deleted immediately after transcription |
| Story text | Retained only as part of generated comics in your library; deleted when you delete the comic |
| Generated comics | Retained in your library until you delete them or close your account |
| Account information | Retained until you close your account, then deleted within 30 days |
| Payment records | Retained for the period required by tax and accounting law (typically 7–10 years depending on jurisdiction) |
| Usage logs | Retained in identifiable form for 90 days, then aggregated or deleted |
When you delete your account, all associated data is permanently deleted within 30 days, except payment records we are legally required to retain (which are retained in a restricted-access archive).
Who We Share Information With
We share information only with the following categories of recipients, and only as necessary:
AI processing providers. To generate your comic, we send your story, selected style, and (where applicable) photos to AI model providers. These providers are contractually required to process the data only for the purpose of generating your output and to delete it after processing. They are not permitted to train models on your data. Our current provider is Google Gemini, and we maintain data processing agreements with each provider.
Payment processors. Polar handles your payment data under their own privacy policy.
Cloud infrastructure providers. Supabase and Cloudflare host our servers and storage. They process data only under our instructions.
Authentication providers. Google handles sign-in. They process data under their own privacy policy.
Legal authorities. If required by a valid legal order, we may disclose information to law enforcement or regulators. We will notify you unless legally prohibited.
Business transfers. If we are acquired or merged, your information may be transferred to the new entity, subject to this Privacy Policy or a successor policy you will be notified about.
We do not sell your personal information, and we do not share it with advertisers, data brokers, or marketing companies.
International Data Transfers
We process data primarily in Italy and the European Union. If your data is transferred outside your country — including to AI providers in the United States or elsewhere — we rely on appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission (for EU/EEA users)
- Adequacy decisions where applicable
- Contractual commitments from our providers to protect your data to equivalent standards
You can contact us for more information about the specific safeguards in place.
Your Rights
Depending on where you live, you have rights over your personal information, including:
- Right to access: Request a copy of the data we hold about you
- Right to correct: Fix inaccurate information
- Right to delete: Have your data deleted (also called the "right to be forgotten")
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to certain types of processing
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time
- Right not to be subject to automated decision-making: Our AI generation is automated, but you are not subject to any decisions with legal or similarly significant effects
For users in California (CCPA/CPRA), the European Union and EEA (GDPR), the United Kingdom (UK GDPR), Brazil (LGPD), and other jurisdictions with similar laws, these rights are specifically protected by your local laws.
To exercise any of these rights, contact us at mf.matozza@gmail.com. We will respond within 30 days (or as required by your local law). You will not be charged or receive worse service for exercising your rights.
You also have the right to lodge a complaint with your local data protection authority if you believe we have mishandled your data. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).
How We Protect Your Information
We take security seriously. Our protections include:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security audits and vulnerability assessments
- Secure deletion procedures for expired data
- Incident response procedures in case of a data breach
No system is perfectly secure, but we work continuously to maintain industry-standard protections. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by law.
Legal Basis for Processing (EU/EEA/UK Users)
Under GDPR, we process your data on the following legal bases:
- Contract: To provide the Service you have signed up for
- Legitimate interests: To secure the Service, prevent fraud, and improve the product (balanced against your rights)
- Consent: For optional features such as marketing emails or retaining voice recordings
- Legal obligation: For tax, accounting, and regulatory compliance
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. The "Last updated" date at the top of this policy tells you when it was last revised. Your continued use of the Service after changes take effect means you accept the updated policy.
Contact Us
If you have questions about this Privacy Policy or how we handle your information, contact us:
Email: mf.matozza@gmail.com
Data Protection Officer: Michele Matozza — mf.matozza@gmail.com