Privacy Policy

This Privacy Policy explains how Alexander Kutuzov (trading as “Designly”, “we”, “us” or “our”) collects, uses, stores, shares and protects your personal information when you use our website and the Designly AI clothing-design service (the “Service”).

We are the “data controller” for personal data processed through the Service. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are & how to contact us

Controller: Alexander Kutuzov (Designly)
Address: 71–75 Shelton Street, WC2H 9JQ, London, United Kingdom
Email: alex@designly.tech
Phone: +44 7568 779432

We are a small, early-stage team. If anything in this policy is unclear, or if you have a privacy concern, please email us at alex@designly.tech and we will respond as quickly as we can.

2. What information we collect

We collect the following categories of personal data:

• Account data – name, email address, profile image and authentication identifiers provided through our authentication provider (Clerk) when you sign up or log in.
• Design content – the text prompts you write, the reference images you upload, and the AI-generated designs and variations produced for you.
• Order & shipping data – when you place an order, we collect your shipping address, recipient name, contact details and order history. Payment card details are entered directly with our payment processor (Stripe) and are never stored on our servers.
• Communications – messages you send us by email or through in-app chat.
• Technical & usage data – IP address, browser type, device information, pages visited, referring URLs, timestamps and aggregated analytics events (e.g. via Vercel Analytics).
• Cookies & local storage – strictly necessary cookies for authentication and session management, plus a small amount of local storage used to remember UI preferences such as your theme and panel layout.

3. How we use your information

We use your personal data for the following purposes:

• To create and operate your Designly account.
• To generate, store and display the AI designs you request, and to let you iterate on them.
• To process payments and fulfil orders for printed garments.
• To communicate with you about your account, orders, security alerts and changes to our Service.
• To monitor, debug and improve the Service, including diagnosing errors and optimising performance.
• To comply with our legal obligations and to detect, prevent or address fraud, abuse or security incidents.

4. Legal bases for processing

Under the UK GDPR, we rely on the following legal bases:

• Contract – to provide the Service you signed up for and to fulfil any order you place.
• Legitimate interests – to keep the Service secure, to improve it, and to communicate operationally with you.
• Consent – where required, for example for optional analytics or marketing communications. You can withdraw consent at any time.
• Legal obligation – to meet tax, accounting and other legal requirements.

5. Public visibility of generated designs (AWS & Printful)

Please read this section carefully – it describes a deliberate design choice that affects the visibility of your generated images.

When the Service generates a design for you, the resulting image files are stored in our cloud storage on Amazon Web Services (AWS S3) and served from an AWS-hosted URL. To allow our print-on-demand partner Printful (and any future fulfilment partners) to download and print your design, these image URLs are configured to be accessible by anyone who has the link.

This means in practice that:

• The direct AWS link to a generated design is publicly reachable – anybody who knows or guesses the link (including third parties such as Printful, our processing pipeline and any service that needs to fetch the file) can view or download the image.
• The links are long and not advertised, but they are not protected by a password and they are not considered confidential.
• You should therefore avoid uploading reference images, or describing designs, that contain information you would consider private, sensitive or confidential.
• The text prompts, account associations and order history that sit around a design remain protected behind your account – only the image file itself is reachable via its direct AWS URL.

If you want a specific design removed from our storage, please contact alex@designly.tech and we will delete it as described in “Your rights” below.

6. Who we share your data with

We do not sell your personal data. We share it only with the service providers (“processors”) we need to operate the Service:

• Clerk – authentication and user-account management.
• Supabase – database and backend storage for chats, designs and order metadata.
• Amazon Web Services (AWS) – storage and delivery of generated design images (see Section 5).
• Printful – production and shipping of physical garments. Printful receives the image of your design plus the shipping address and order details required to fulfil it.
• Stripe – payment processing. Stripe receives the payment information you enter at checkout.
• AI / model providers – we use third-party AI models (for image generation and chat understanding) which receive your prompts and reference images solely to generate the requested output.
• Vercel – application hosting and basic analytics.

We may also disclose data when required by law, court order or to protect the rights, property or safety of Designly, our users or the public.

7. International transfers

Some of our processors are based outside the United Kingdom (for example, in the United States). Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or transfers to jurisdictions covered by a UK adequacy decision.

8. How long we keep your data

We keep your personal data only for as long as we need it for the purposes described in this policy:

• Account data – for as long as your account is open, and for a short period afterwards to handle disputes or legal obligations.
• Designs and chat history – stored while your account is active, unless you delete them earlier.
• Order and payment records – retained for at least 6 years to comply with UK tax and accounting requirements.
• Server logs and analytics – typically kept for up to 12 months.

9. Your rights

Under UK GDPR, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict or object to processing, request data portability, and withdraw consent where processing is based on consent. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, please email alex@designly.tech. We will respond within one month.

10. Security

We use industry-standard security measures to protect your personal data, including encryption in transit (HTTPS), authentication via a dedicated identity provider, and access controls on our internal systems. As noted in Section 5, generated design images are intentionally accessible by URL; aside from that, your account data and chat history are protected behind authentication.

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has given us personal data, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page, and, where the changes are significant, we will provide a more prominent notice. Continued use of the Service after an update means you accept the revised policy.

13. Contact

Questions, requests or complaints about this Privacy Policy or our handling of your data can be sent to:

Alexander Kutuzov (Designly)
71–75 Shelton Street, WC2H 9JQ, London, United Kingdom
alex@designly.tech
+44 7568 779432