← Back to StyleGrab

Privacy Policy

Last updated: July 13, 2026

StyleGrab ("we," "us") provides design token extraction via API. We take your privacy seriously. This policy explains what we collect, why, and the choices you have.

Information we collect

  • Account information: your email address and a securely hashed password.
  • API usage data: URLs you submit for extraction, extraction results, and API call metadata (timestamps, IP addresses).
  • Extracted content: design tokens, snapshots, and diffs we generate from public websites you specify.
  • Payment information: handled entirely by Stripe. We never see or store your full card details — only a customer identifier and subscription status.
  • Usage analytics: basic analytics about how you use the service to improve it.

How we use your information

  • To perform CSS extractions and generate design tokens from URLs you provide.
  • To store snapshots and compute diffs for your extraction history.
  • To operate your account, process subscriptions, and provide support.
  • To send webhook notifications you have configured.
  • To keep the service secure and prevent abuse.

AI processing

When you request AI-powered design analysis, your extracted tokens are processed by AWS Bedrock (Anthropic Claude) acting on our behalf. We send only the minimum data needed to generate the analysis. No personally identifiable information is included in AI requests.

How we share information

We do not sell your personal information. We share data only with service providers who help us operate StyleGrab (hosting, AI processing, and payments) under appropriate confidentiality obligations, or when required by law.

Third-party processors

  • Amazon Web Services (hosting, AI services) — US, EU Standard Contractual Clauses
  • Stripe (payment processing) — US, EU SCCs
  • Neon (database hosting) — US, EU SCCs

Data retention and deletion

We keep your content while your account is active. You may request deletion of your account and all associated data by contacting us at the address below. Deletion is completed within 30 days. Some records may be retained as required for legal or accounting purposes.

Security

We protect your data with encryption in transit (TLS 1.3), hashed passwords (Argon2), and role-based access controls. API keys are stored as SHA-256 hashes. No system is perfectly secure, but we work to safeguard your information.

Cookies

We use only essential cookies (authentication token stored in localStorage). No tracking or advertising cookies are used.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information. Under GDPR you have the right to access, rectify, erase, restrict processing, data portability, and object to processing. Contact us to exercise these rights.

Contact

Questions about this policy? Email us at privacy@stylegrab.dev.

This document is provided for general information and is not legal advice.