CarouselKit - AI-Powered LinkedIn Carousels

Last Updated: November 22, 2025

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the CarouselKit service ("Service").

This Service is operated by Jaak Daemen, an individual based in Ghent, Belgium. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Jaak Daemen
Ghent, Belgium
Email: jaak.daemen03@gmail.com

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

Email address: Used for account authentication and communication
User ID: Unique identifier assigned by Firebase Authentication
Account creation date: Timestamp of when your account was created

3.2 Usage Information

When you use the Service, we collect:

Text prompts: The content you provide to generate carousels
Generation settings: Resolution, slide numbers, LinkedIn URL preferences
Credit balance: Number of credits purchased and used
Carousel sessions: Metadata about generated carousels (prompt, creation date, settings)

3.3 Transaction Information

When you purchase credits, we collect:

Purchase history: Date, amount, and credits purchased
Payment information: Processed by Stripe (we do not store payment card details)
Usage history: Record of when and how credits were used

3.4 Technical Information

We automatically collect:

Usage analytics: Page views, feature usage via Firebase Analytics (no cookies)
Error logs: Technical errors for debugging purposes
Browser information: Basic technical data for service functionality

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract performance (Art. 6(1)(b) GDPR): To provide the Service you signed up for
Legitimate interests (Art. 6(1)(f) GDPR): To improve the Service, prevent fraud, and maintain security
Legal obligation (Art. 6(1)(c) GDPR): To comply with tax and accounting requirements
Consent (Art. 6(1)(a) GDPR): For optional features or communications (where applicable)

5. How We Use Your Data

We use your personal data for the following purposes:

Service delivery: To generate carousels based on your prompts
Account management: To maintain your account and credit balance
Payment processing: To process credit purchases through Stripe
Communication: To send important updates about your account or the Service
Service improvement: To analyze usage patterns and improve functionality
Security: To detect and prevent fraud, abuse, or security issues
Legal compliance: To meet tax, accounting, and legal requirements

6. Data Retention

6.1 PDF Files

Generated carousel PDFs are automatically deleted 14 days after creation. We do not maintain long-term backups of PDF files. You are responsible for downloading your carousels within this period.

6.2 Account Data

Your account information and carousel session metadata are retained for as long as your account is active. After account deletion, this data is retained for 30 days (to allow account recovery) and then permanently deleted.

6.3 Transaction Records

Purchase and payment records are retained for 7 years to comply with Belgian tax and accounting laws.

7. Data Sharing and Third Parties

We share your data with the following third-party service providers:

7.1 Firebase (Google Cloud)

Used for authentication, database storage, file storage, and analytics. Data is stored on Google's servers.

Data shared: Email, user ID, prompts, carousel metadata, PDF files, usage analytics
Location: EU and US data centers
Privacy policy: Google Privacy Policy

Firebase Analytics: We use Firebase Analytics to understand how users interact with our Service. This helps us improve features and user experience. Firebase Analytics:

Does not use cookies
Collects anonymized usage data (page views, events)
Stores data using local storage only
Cannot be used to identify individual users across different websites

7.2 Stripe

Payment processing service. Stripe handles all payment card information securely.

Data shared: Email, payment information, transaction amounts
Location: US-based with EU data processing
Privacy policy: Stripe Privacy Policy

7.3 AI Service Provider

Third-party AI service provided by Vercel used to generate carousel designs.

Data shared: Your text prompts and generation settings
Location: US-based service
Privacy policy: Vercel Privacy Policy

Important: We do not sell your personal data to third parties. Data is only shared with service providers necessary for Service functionality.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. These transfers are protected by:

Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
Data Processing Agreements: With service providers like Google and Stripe
Adequacy decisions: Where the EU has determined adequate data protection

For more information about international transfers, contact us at jaak.daemen03@gmail.com.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

9.1 Right to Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data. Note: Transaction records may be retained for legal compliance (7 years for tax purposes).

9.4 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format and transfer it to another service.

9.5 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.6 Right to Restrict Processing (Art. 18 GDPR)

You can request limitation of how we process your data in certain circumstances.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at jaak.daemen03@gmail.com. We will respond within 30 days.

9.9 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Belgian Data Protection Authority (APD/GBA)
Rue de la Presse 35, 1000 Brussels, Belgium
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data in transit is encrypted using HTTPS/TLS
Secure authentication: Firebase Authentication with industry-standard security
Access controls: Limited access to personal data on a need-to-know basis
Regular security updates: Timely updates to dependencies and infrastructure
Secure payment processing: Stripe handles all payment data securely (PCI-DSS compliant)

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking

The Service uses minimal cookies and tracking technologies:

11.1 Essential Cookies

Required for authentication and basic Service functionality (e.g., Firebase session cookies). These cannot be disabled.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.

If you believe a child under 16 has provided personal data to us, please contact us at jaak.daemen03@gmail.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top will be revised accordingly.

Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Jaak Daemen
Ghent, Belgium
Email: jaak.daemen03@gmail.com

We will respond to your inquiry within 30 days.

Last Updated: November 22, 2025

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the CarouselKit service ("Service").

2. Data Controller

The data controller responsible for your personal data is:

Jaak Daemen
Ghent, Belgium
Email: jaak.daemen03@gmail.com

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

Email address: Used for account authentication and communication
User ID: Unique identifier assigned by Firebase Authentication
Account creation date: Timestamp of when your account was created

3.2 Usage Information

When you use the Service, we collect:

Text prompts: The content you provide to generate carousels
Generation settings: Resolution, slide numbers, LinkedIn URL preferences
Credit balance: Number of credits purchased and used
Carousel sessions: Metadata about generated carousels (prompt, creation date, settings)

3.3 Transaction Information

When you purchase credits, we collect:

Purchase history: Date, amount, and credits purchased
Payment information: Processed by Stripe (we do not store payment card details)
Usage history: Record of when and how credits were used

3.4 Technical Information

We automatically collect:

Usage analytics: Page views, feature usage via Firebase Analytics (no cookies)
Error logs: Technical errors for debugging purposes
Browser information: Basic technical data for service functionality

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract performance (Art. 6(1)(b) GDPR): To provide the Service you signed up for
Legitimate interests (Art. 6(1)(f) GDPR): To improve the Service, prevent fraud, and maintain security
Legal obligation (Art. 6(1)(c) GDPR): To comply with tax and accounting requirements
Consent (Art. 6(1)(a) GDPR): For optional features or communications (where applicable)

5. How We Use Your Data

We use your personal data for the following purposes:

Service delivery: To generate carousels based on your prompts
Account management: To maintain your account and credit balance
Payment processing: To process credit purchases through Stripe
Communication: To send important updates about your account or the Service
Service improvement: To analyze usage patterns and improve functionality
Security: To detect and prevent fraud, abuse, or security issues
Legal compliance: To meet tax, accounting, and legal requirements

6. Data Retention

6.1 PDF Files

Generated carousel PDFs are automatically deleted 14 days after creation. We do not maintain long-term backups of PDF files. You are responsible for downloading your carousels within this period.

6.2 Account Data

6.3 Transaction Records

Purchase and payment records are retained for 7 years to comply with Belgian tax and accounting laws.

7. Data Sharing and Third Parties

We share your data with the following third-party service providers:

7.1 Firebase (Google Cloud)

Used for authentication, database storage, file storage, and analytics. Data is stored on Google's servers.

Data shared: Email, user ID, prompts, carousel metadata, PDF files, usage analytics
Location: EU and US data centers
Privacy policy: Google Privacy Policy

Firebase Analytics: We use Firebase Analytics to understand how users interact with our Service. This helps us improve features and user experience. Firebase Analytics:

Does not use cookies
Collects anonymized usage data (page views, events)
Stores data using local storage only
Cannot be used to identify individual users across different websites

7.2 Stripe

Payment processing service. Stripe handles all payment card information securely.

Data shared: Email, payment information, transaction amounts
Location: US-based with EU data processing
Privacy policy: Stripe Privacy Policy

7.3 AI Service Provider

Third-party AI service provided by Vercel used to generate carousel designs.

Data shared: Your text prompts and generation settings
Location: US-based service
Privacy policy: Vercel Privacy Policy

Important: We do not sell your personal data to third parties. Data is only shared with service providers necessary for Service functionality.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. These transfers are protected by:

Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
Data Processing Agreements: With service providers like Google and Stripe
Adequacy decisions: Where the EU has determined adequate data protection

For more information about international transfers, contact us at jaak.daemen03@gmail.com.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

9.1 Right to Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

9.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data. Note: Transaction records may be retained for legal compliance (7 years for tax purposes).

9.4 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format and transfer it to another service.

9.5 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

9.6 Right to Restrict Processing (Art. 18 GDPR)

You can request limitation of how we process your data in certain circumstances.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at jaak.daemen03@gmail.com. We will respond within 30 days.

9.9 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Belgian Data Protection Authority (APD/GBA)
Rue de la Presse 35, 1000 Brussels, Belgium
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data in transit is encrypted using HTTPS/TLS
Secure authentication: Firebase Authentication with industry-standard security
Access controls: Limited access to personal data on a need-to-know basis
Regular security updates: Timely updates to dependencies and infrastructure
Secure payment processing: Stripe handles all payment data securely (PCI-DSS compliant)

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking

The Service uses minimal cookies and tracking technologies:

11.1 Essential Cookies

Required for authentication and basic Service functionality (e.g., Firebase session cookies). These cannot be disabled.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

12. Children's Privacy

If you believe a child under 16 has provided personal data to us, please contact us at jaak.daemen03@gmail.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top will be revised accordingly.

Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Jaak Daemen
Ghent, Belgium
Email: jaak.daemen03@gmail.com

We will respond to your inquiry within 30 days.