Skip to main content

    Legal

    Privacy Policy

    Effective date: May 20, 2026

    1. Who we are

    Pattern Lab Studio (“we”, “us”, or “our”) operates the website at patternlabstudio.com and the UX audit service accessible through it. We provide AI-powered UX analysis of websites and app screenshots to help product teams identify usability, accessibility, and conversion issues.

    If you have questions about this policy, contact us at hi@patternlab.studio.

    2. Data we collect

    Account information

    When you create an account we collect your email address and a hashed password. We use Supabase to manage authentication; your credentials are stored on Supabase-hosted infrastructure and never exposed to us in plain text.

    Submitted content

    To run an audit you may provide one or both of the following:

    • A URL — we visit the page, capture screenshots, and pass the visual and structural content to our AI analysis pipeline.
    • Screenshots you upload — image files you drag or paste into the upload interface.

    Submitted URLs and uploaded images are processed to produce your audit report and are stored only as long as needed to display and retrieve that report. We do not use your submitted content to train AI models.

    Audit results and usage data

    We store the audit reports generated for your account (findings, recommendations, and metadata such as the URL audited and timestamp) so you can access them from your dashboard. We also record how many audits you have run to enforce your plan limits.

    Payment information

    Payments are processed by Stripe. We never see or store your full card number, CVV, or bank details. Stripe provides us with a customer ID and subscription status only. Stripe’s own privacy policy governs how they handle your payment data: stripe.com/privacy.

    Usage analytics

    We use Vercel Analytics, which collects anonymised, aggregate data about page views and performance (e.g. which pages are visited, browser type, country). No personally identifiable information is tied to these records, and no cross-site tracking cookies are set.

    Cookies and local storage

    We use a session cookie set by Supabase to keep you logged in between visits. This is a strictly necessary cookie; without it the service cannot function. We do not set advertising or tracking cookies.

    3. How we use your data

    • To create and manage your account and authenticate you.
    • To run UX audits on the URLs or screenshots you submit.
    • To display your audit history and results in your dashboard.
    • To enforce plan limits (trial, Starter, or Pro).
    • To process payments and manage your subscription.
    • To send transactional emails (e.g. password reset, payment confirmation).
    • To monitor service health, diagnose errors, and improve reliability.
    • To comply with legal obligations.

    We do not sell your personal data. We do not use your submitted content or audit results for advertising.

    4. Third-party processors

    We share data with the following sub-processors only to the extent necessary to deliver the service:

    ProcessorPurposeData shared
    SupabaseAuthentication & databaseEmail, hashed password, audit data
    AnthropicAI UX analysisScreenshots and page content for the audit being run
    StripePayment processingEmail, payment method details
    VercelHosting & analyticsAnonymised usage metrics, server logs

    Each processor is bound by data processing agreements and applicable privacy law. Anthropic’s usage policies confirm that data submitted via the API is not used to train their models unless you separately opt in.

    5. Data retention

    • Account data — retained for as long as your account is active. Deleting your account removes your personal data within 30 days.
    • Audit results — retained until you delete the audit from your dashboard or close your account.
    • Submitted URLs and screenshots — retained only long enough to complete and cache the audit. Raw image files are not stored long-term.
    • Payment records — retained for the period required by tax and accounting law (typically 7 years), but only in the form of transaction metadata held by Stripe.

    6. Security

    We implement industry-standard safeguards including encrypted connections (HTTPS/TLS), hashed passwords, row-level security on our database, and rate limiting on AI-calling endpoints. No transmission over the internet is completely secure; we cannot guarantee absolute security, but we take reasonable precautions.

    7. Your rights

    Depending on your location you may have the right to:

    • Access the personal data we hold about you.
    • Correct inaccurate data.
    • Request deletion of your data (“right to erasure”).
    • Object to or restrict certain processing.
    • Receive a machine-readable copy of your data (data portability).
    • Withdraw consent where processing is based on consent.

    To exercise any of these rights, email us at hi@patternlab.studio. We will respond within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority.

    8. Children

    Our service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

    9. Changes to this policy

    We may update this policy periodically. When we do, we will update the effective date at the top of this page. For material changes we will notify you by email or by a notice on our site. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

    10. Contact

    Pattern Lab Studio
    hi@patternlab.studio

    See also: Terms & Conditions