Legal

Privacy Policy.

Last updated: May 1, 2026 · Applies to 12icon.com and all related services.

Short version: We collect only what we need to run the service. We don't sell your data. Payments are handled entirely by Paddle — we never see your card details. You can request deletion of your data at any time by emailing contact@12icon.com.

1. Who we are

12icon ("we", "our", "us") is an AI icon generation service operated from Uruguay. If you have any questions about this policy, contact us at contact@12icon.com.

2. Information we collect

We collect the following categories of data:

  • Account data: email address, display name, and hashed password when you register with email and password.
  • OAuth data: your name, email, and profile picture if you sign in with Google.
  • Usage data: prompts you submit, style preferences, icons you generate and save, and generation history.
  • Technical data: IP address, browser type, operating system, and pages visited — collected automatically via our infrastructure and analytics tools.
  • Communications: any messages you send us via email or support.

We do not collect payment card details — those are handled exclusively by Paddle (see Section 5).

3. How we use your information

  • To create and manage your account.
  • To generate icons in response to your prompts.
  • To process your subscription and enforce plan limits.
  • To send transactional emails (account confirmation, password reset, invoices).
  • To improve the service through aggregated, anonymized analytics.
  • To respond to support requests.
  • To comply with legal obligations.

We do not use your prompts or generated icons to train third-party AI models without your explicit consent.

4. Analytics — Google Analytics

We use Google Analytics 4 to understand how visitors use 12icon. Google Analytics sets cookies in your browser to collect anonymized data such as pages visited, session duration, and general geographic region. This data is processed by Google in accordance with their Privacy Policy.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or by using a browser with tracking protection enabled.

5. Payments — Paddle

All subscription billing is processed by Paddle.com Market Limited ("Paddle"), which acts as our Merchant of Record. When you subscribe to a paid plan, you are contracting with Paddle directly for the payment transaction. Paddle collects and processes your payment information (card details, billing address) under their own Privacy Policy.

We receive from Paddle only the confirmation that a payment was successful and your subscription status. We never have access to your full card number, CVV, or billing address.

6. Cookies

We use the following types of cookies:

  • Strictly necessary: authentication session cookies to keep you signed in (Supabase Auth).
  • Analytics: Google Analytics cookies to measure usage (see Section 4).
  • Payment: Paddle may set cookies during the checkout process.

You can control cookies through your browser settings. Disabling strictly-necessary cookies will prevent you from staying signed in.

7. Data sharing

We share your data only with:

  • Supabase — our database and authentication provider.
  • Paddle — our payment processor (Merchant of Record).
  • Google Analytics — anonymized usage data only.
  • AI generation providers — your text prompts are sent to third-party image generation APIs to produce icons. We do not send personally identifiable information alongside prompts.
  • Legal authorities — when required by law.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

8. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for 5 years as required by Uruguayan tax law).

9. Your rights

Depending on your location, you may have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your account and personal data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to certain types of processing.
  • Withdraw consent — where processing is based on consent.

To exercise any of these rights, email us at contact@12icon.com. We will respond within 30 days. Users in the EU can also lodge a complaint with their local data protection authority.

Uruguay's personal data protection law (Law 18.331) grants equivalent rights to Uruguayan residents, and Uruguay is recognised by the EU as providing an adequate level of data protection.

10. Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure; we encourage you to use a strong, unique password for your account.

11. Children

12icon is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the site at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

13. Contact

12icon
Montevideo, Uruguay
contact@12icon.com