Magic·Loops
Begin
← Home

Privacy Policy

Effective May 6, 2026

Summary

Magic Loops collects only the information needed to generate your crochet patterns and run your account. We do not sell personal data. You can export or delete your account at any time from your account page.

What we collect

  • Account data: email, optional display name, password hash, OAuth provider IDs, timestamps.
  • Pattern data: prompts you submit, photos you upload, generated pattern markdown, validation logs.
  • Usage data: pattern count, free-tier flags, generation timestamps, IP address (audit logs only).
  • Anonymous browser cookie if you generate before signing in. Linked to your account on first sign-in.

Why we collect it

  • Generate, store, and deliver your crochet patterns.
  • Authenticate sign-in and prevent abuse of free-tier limits.
  • Comply with security and legal obligations.
  • Improve the generator quality (aggregate validation scores; never reading individual prompts for that purpose).

Sharing

We share data only with the third-party services that operate Magic Loops:

  • Google AI (Gemini) and optionally Anthropic (Claude). Your prompt and any uploaded image are sent to generate the pattern.
  • Vercel: hosting and serverless execution.
  • Neon: managed PostgreSQL database.
  • Google OAuth: only if you sign in with Google.

We do not sell or rent personal data to anyone.

Your rights (CCPA / CPRA)

If you are a California resident, you may:

  • Request a copy of the data we hold about you. Use the Export button on /account or fill out our DSAR form.
  • Request deletion. Use the Delete button on /account.
  • Opt out of "sale" of personal data. We do not sell, so this is automatic.
  • Be free from retaliation for exercising these rights.

Children

Magic Loops is not directed at children under 13. The COPPA age gate at sign-up rejects under-13 accounts.

Retention

We keep account data while your account is active. After deletion, your data is removed from production within 30 days. Audit logs related to compliance may be retained longer where required by law.

Security

Passwords are hashed with bcrypt at cost 12. All traffic is encrypted in transit. Database access is restricted to the application service. We follow standard breach notification procedures required by state and federal law.

Contact

Questions: contact us via the support form linked in the footer.