Privacy Policy
Last updated: June 10, 2026
DAS is a real-time design environment operated by AD& (“DAS”, “we”). This policy explains what data we handle, why, and what stays entirely on your device. The short version: DAS is local-first. Your projects, images, and edit history live in your browser. We do not upload or store your creative work on our servers.
What we collect, and why
Your work stays on your device
Projects, images, edit history, and settings are stored locally in your browser (IndexedDB and localStorage). They are never transmitted to or stored on DAS servers. You control them: export backups as .das files, or delete them by removing projects or clearing browser storage. Because this data exists only on your device, we cannot recover it for you if it is lost.
Account
Sign-in is handled by Clerk, our authentication provider. Clerk processes your email address, optional name, and session tokens. We store your account identifier and email in our database to link your subscription to your account.
Billing
Payments are processed by Stripe. We never see or store your card details. We store your subscription state (plan, status, billing period), your purchase history, and an audit log of billing events; these are required for accounting and for resolving billing disputes.
AI features
AI requests happen only when you invoke an AI feature; nothing is sent in the background. When you use one (image generation, magic erase, the command palette), the relevant image data and your prompt are sent through our servers to the AI provider, Google (Gemini models) or RunPod (GPU-hosted models), processed, and returned to you. We do not store your images or prompts after processing, and they never enter our analytics or error logs. Avoid including sensitive personal data in prompts.
Error reports
To find and fix crashes, the app sends us error reports: the error message and stack trace, app version, browser user agent, the page path (never query strings), a per-tab session identifier, and your account ID if signed in. Our server additionally stores a one-way hash of your IP address for rate limiting, abuse prevention, and security monitoring; the IP itself is never stored. Error reports are deleted after 90 days. You can turn error reporting off at any time in the app: open the info panel and toggle “Error reports”.
Usage analytics, only with your consent
We use Google Analytics (via Google Tag Manager) to understand how DAS is used. It loads only after you accept the cookie banner. If you decline, or simply never accept, no analytics script loads and no analytics cookies are set; declining after a previous accept also deletes the analytics cookies. app.das.app additionally uses Cloudflare Web Analytics, a privacy-focused, cookieless analytics service that does not track you across sites.
Fonts
The app loads typefaces from Google Fonts when a project or the font picker uses them. Like any web request, a font load sends your IP address and browser metadata to Google. Google Fonts sets no cookies, and Google states these requests are not used for advertising. This is a functional data flow independent of your cookie choice.
Waitlist
If you join the waitlist, your email address (and name, if given) is stored with Loops, our email service, and used only to contact you about DAS access and updates. Unsubscribe at any time via the link in any email or by writing to us.
Cookies and local storage
| Name | Purpose | Type |
|---|---|---|
| __session, __client (Clerk) | Keeping you signed in | Strictly necessary |
| _ga, _ga_* (Google) | Usage analytics | Only after consent |
| das-consent | Remembers your cookie choice | Strictly necessary (localStorage) |
| das-theme, das-telemetry-optout, other das-* keys | App preferences, license cache, your projects | Functional (localStorage / IndexedDB, never sent to us) |
Service providers
| Provider | Purpose | Data involved |
|---|---|---|
| Clerk | Authentication | Email, name, session tokens |
| Stripe | Payments | Payment details (held by Stripe), email |
| Cloudflare | Hosting, CDN, databases, cookieless web analytics | Request metadata, error reports, subscription audit logs |
| Neon | Account/subscription database | Account ID, email, subscription state |
| AI processing (Gemini); font delivery (Google Fonts); analytics after consent | Images/prompts during AI requests; IP and browser metadata on font loads; usage events after consent | |
| RunPod | AI processing (GPU models) | Images during AI requests |
| Loops | Waitlist and product emails | Email, name |
Legal bases (EEA/UK)
- Contract: account, billing, and providing the service you signed up for.
- Consent: analytics cookies, waitlist emails.
- Legitimate interests: pseudonymous error reports (keeping the product working), font delivery, rate limiting and abuse prevention.
Retention
- Error reports: deleted after 90 days.
- Account and subscription records: for as long as you have an account, plus what bookkeeping law requires for billing records.
- AI inputs (images, prompts): not stored after processing.
- Your projects: on your device, under your control.
Your rights
Depending on where you live (including under the GDPR and CCPA), you can request access to, correction of, deletion of, or a copy of the personal data we hold about you, object to or restrict certain processing, and withdraw consent at any time. Write to [email protected]; we respond to every request. You can also lodge a complaint with your local data protection authority. We do not sell personal data.
International transfers
Our providers operate globally (primarily in the EU and US). Where data leaves the EEA/UK, transfers rely on adequacy decisions or standard contractual clauses maintained by each provider.
Children
DAS is not directed at children under 16, and we do not knowingly collect their data.
Changes
We will update this policy as DAS evolves and change the date at the top. For significant changes we will notify you in the app.
Contact
Questions about this policy or your data: [email protected]