Skip to content

Privacy Policy

Last updated: April 26, 2026

1. Data controller

The data controller is Utsuri Foundry, SL, with registered address in Barcelona, Spain. Contact: [email protected].

2. Data we collect

Account data: name, email address, account credentials, and any organization or profile information you provide. Usage data: pages visited, features used, render submissions and outcomes, and similar product-interaction signals. Device and connection data: IP address, user agent, browser/OS version, screen size, and approximate location derived from IP. Error data: stack traces, browser information, and short session recordings captured around errors so we can diagnose crashes. Product analytics and session recordings: high-level interaction events and full session replays of your use of the application — see section 7 for the specific mechanism, masking, and retention. Payment data: processed by Stripe and never stored on our servers — we receive only a payment confirmation and the last four digits of your card for receipts.

3. Legal basis for processing

We process your data based on: (a) the performance of our contract with you, for everything required to provide the Service (account management, render execution, payment processing, support); (b) our legitimate interests in operating and improving the Service, including product analytics, session replay, and error monitoring (we believe these are reasonably expected and proportionate, and we make them transparent here); (c) your consent, where the law specifically requires it (currently none of our cookies or local storage require consent — see our Cookie Policy); (d) compliance with legal obligations, such as tax records and lawful data requests. You may object to processing based on legitimate interest at any time — see section 9.

4. How we use your data

To provide and maintain the Service (account creation and login, rendering, organization management, blob storage, billing). To process transactions and credit accounting through Stripe. To send service-related communications such as login codes, account verification, and important platform notices. To diagnose and resolve errors and outages. To understand how the product is used and where it confuses or fails users, so we can improve it. To comply with legal obligations such as tax law and lawful information requests.

5. Sub-processors

We do not sell your personal data. The following sub-processors process personal data on our behalf, each under a Data Processing Agreement and bound by GDPR-compliant safeguards. We will update this list when sub-processors change. Stripe (United States; EU-US Data Privacy Framework certified): payment processing, billing receipts, fraud prevention. Cloudflare (United States/global): CDN, edge proxy, bot protection (Turnstile), R2 object storage for renders and other blobs, and hosting for this landing site. Neon (European Union region for our project): serverless PostgreSQL database storing account, render, credit, and project data. Hetzner Online GmbH (EU regions): virtual private servers running our backend services. Resend (United States; EU region option): transactional email delivery (login codes, verification, account notices). Sentry (European Union region): error monitoring and short error-context session replays — captured only when an error occurs, used for debugging crashes. PostHog Cloud (European Union region): product analytics and session replay — see section 7 for the specific mechanism. Google (Cloud Identity Platform / OAuth): when you sign in with Google, we receive your name, email address, and profile picture from your Google account, used solely to create and manage your Mensula account. AI model providers: see section 6.

6. Third-party AI providers

When you use AI-powered features (rendering, chat assistance), your inputs — such as text prompts, uploaded images, and project data — are sent to third-party AI model providers for processing. These providers currently include Google (Gemini, Vertex AI), OpenAI, Replicate, Black Forest Labs (BFL), and Stability, and may change over time. We use enterprise API agreements where your data is not used for model training by the provider. However, your inputs and outputs are processed on the provider's infrastructure, which may be located outside the EEA (see International transfers). We only send the minimum data necessary to provide the AI feature you requested.

7. Product analytics and session replay

We use PostHog Cloud (European Union region) for product analytics and session replay. PostHog runs in 'Cookieless server-hash mode' on our setup: it does not write cookies or local storage on your device. Visitors are identified for the duration of a single day by a server-side hash of your IP address, user agent, and a daily-rotating salt; this identifier cannot be used to track you across days. PostHog records: interaction events (pageviews, clicks, key product actions such as render submission), and full session recordings of your use of the application. Sensitive content is masked client-side before recording: form inputs (email, password, payment fields), elements explicitly marked for masking (such as render prompts, names, and other user-generated text), and any text input by default. We use this data to understand which features are used and where users get stuck, and to debug UX issues that don't surface as crashes. The lawful basis is our legitimate interest in operating and improving the Service. You may object at any time — see section 9. Session recordings are retained per PostHog's default retention; events are retained for analysis while your account is active. Sentry (described in section 5) also captures short session recordings, but only when an error occurs and only as context for that specific error.

8. Data retention

Account data: retained while your account is active. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law (e.g., tax records). Render outputs and project data: retained until you delete them or your account is closed. Product analytics events and session replays (PostHog): retained per PostHog Cloud's default retention windows for our project. Error logs and error-context replays (Sentry): retained per Sentry Cloud's default retention windows. Email logs (Resend): retained per Resend's default retention. Backups: encrypted backups of operational databases retained for up to 14 days for disaster-recovery purposes.

9. Your rights

Under GDPR you have the right to: access the personal data we hold about you; rectify inaccurate data; request deletion of your account and associated personal data; restrict or object to processing based on legitimate interest (including objection to product analytics and session recording); export your data in a portable format; and lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) or your local supervisory authority. To exercise any of these rights, email [email protected] and we will respond within 30 days. We are also building an in-product privacy settings page where you will be able to set your analytics-and-replay preference yourself; until that ships, the email path above is the way to opt out.

10. International transfers

Where personal data is transferred to or processed in countries outside the EEA — primarily by certain AI model providers and US-based sub-processors — we rely on appropriate safeguards including the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework where applicable. We prioritize EU-region sub-processors where they exist (Neon, Sentry, PostHog, R2 EU jurisdiction for new buckets, Hetzner) and use US-region services only where no EU equivalent meets the technical requirements.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include TLS for data in transit, encryption at rest for backups and blob storage, scoped credentials, audit logs, and the operational practices described in our internal documentation. No system is perfectly secure; if we ever experience a personal data breach affecting you, we will notify you and the relevant supervisory authority as required by law.

12. Children

Mensula is not directed to children under 16, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact [email protected] and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Service before the changes take effect. The 'Last updated' date at the top reflects the most recent revision.