Privacy Policy

GemKit Studio (“we”, “our”, “us”) is an AI-powered jewelry product studio that helps sellers create marketplace listings. We are operated by Kaan Mutafoglu. Contact: mutafoglukaan@gmail.com. Our website is gemkitstudio.com.

• Account data: your email address, display name, and password (hashed by Supabase Auth — we never see your plaintext password).
• Store information: your jewelry store name, which is used to create your workspace within GemKit Studio.
• Product photos: images you upload of your jewelry products. These are stored in Cloudflare R2 object storage and processed by our AI models (Google Gemini, Anthropic Claude) to generate listing assets.
• Generated assets: AI-generated images, video clips, listing text, and other content produced by our tools on your behalf.
• Usage data: credit consumption, action logs (asset generation, listing generation, publish actions), and timestamps.
• OAuth tokens: if you connect your Etsy or Shopify store, we store OAuth access tokens to publish listings on your behalf. These are stored encrypted and used only for API calls you initiate.

• To provide the GemKit Studio service — classifying products, generating images and videos, writing listings.
• To publish content to Etsy or Shopify on your behalf when you request it, using the Etsy API or Shopify Admin API with your OAuth consent.
• To send transactional emails (email confirmation, credit alerts). We do not send marketing emails without your explicit opt-in.
• To calculate and deduct credits for AI operations you perform.
• To diagnose errors and improve the service.

GemKit Studio uses the Etsy API to allow you to publish your listings and product images directly to your Etsy shop. Specifically:

• We request OAuth authorization scopes required to create, read, and update listings and listing images on your behalf.
• We only make Etsy API calls when you explicitly trigger a publish action within GemKit Studio.
• We do not read, store, share, or process personal data about Etsy members other than the OAuth token belonging to you, the authenticated user.
• We do not cache or store any Etsy Member Content (listings, images, or shop data retrieved via the API). GemKit Studio is a publishing tool — all content flows from GemKit to Etsy, not the other way around.
• We do not read, store, or share your Etsy customer data, order data, or financial information.
• Your Etsy OAuth tokens are stored securely and are never exposed to third parties.
• You can revoke GemKit Studio’s Etsy access at any time from your Etsy account settings under “Apps & Integrations”.

GemKit Studio’s use of the Etsy API is governed by the Etsy API Terms of Use. Etsy’s own data practices are described in the Etsy Privacy Policy.

The term “Etsy” is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

GemKit Studio uses the Shopify Admin API to publish listings to your Shopify store when you connect it and request a publish. We only access the product and media endpoints required to create and update product listings. We do not access customer, order, or financial data.

• Authentication & database: Supabase (EU/US regions), with row-level security enforced — each workspace’s data is strictly isolated.
• File storage: Cloudflare R2. Images and videos are stored under your workspace-scoped path and are not publicly accessible without a signed URL.
• AI processing: Product images are sent to Google Gemini Flash for image generation and to Anthropic Claude for text generation. Neither provider trains on your data under our API agreements.

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

• Supabase (database and auth hosting)
• Cloudflare (file storage)
• Google (AI image and video generation via Gemini API)
• Anthropic (AI text generation via Claude API)
• Etsy / Shopify (only the content you explicitly choose to publish)

All sub-processors are contractually bound to data protection standards.

If you choose to sign in with Google, we receive your email address and public profile name from Google. We do not request access to your Google Drive, Gmail, or any other Google service. Your Google account credentials are managed by Google and never stored by us.

• Generated assets that you archive are purged from Cloudflare R2 after 14 days.
• You may request deletion of your account and all associated data at any time by emailing mutafoglukaan@gmail.com. We will complete deletion within 30 days.
• We retain anonymized usage logs for up to 12 months for service improvement.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for any processing based on consent
• Data portability (export your product data)

To exercise any of these rights, contact us at mutafoglukaan@gmail.com.

We use session cookies managed by Supabase Auth to keep you signed in. We do not use third-party advertising or tracking cookies.

We may update this Privacy Policy. When we do, we will update the “Last updated” date above and notify users via email for material changes.

Questions about this policy? Email us at mutafoglukaan@gmail.com.