Privacy Policy

Last updated: June 15, 2026

1. Data We Collect

We collect the following personal data:

  • Registration: name, email and password (stored encrypted with bcrypt)
  • Simulator usage: images uploaded for simulation (including the original photo of the piece, kept for the before/after comparison), selected glazes, generated mockups and created recipes
  • Studio management: data you record about costs, raw-material inventory, movements (inflows and outflows) and pieces — used only to generate your own reports and cost estimates
  • Payment: payment data processed exclusively by Stripe (we do not store card data)
  • Browsing: essential cookies for authentication

2. Legal Basis (LGPD)

The processing of your personal data is carried out based on the following legal grounds set out in the Brazilian General Data Protection Law (Lei nº 13.709/2018):

  • Performance of a contract: to provide the simulation service (Art. 7, V)
  • Consent: to send communications (Art. 7, I)
  • Legitimate interest: to improve the service and prevent fraud (Art. 7, IX)

3. How We Use Your Data

  • Authenticate your access to the simulator
  • Process glaze simulations via artificial intelligence (Google Gemini)
  • Generate and analyze glaze recipes via artificial intelligence (Anthropic Claude)
  • Manage your subscription and payments (via Stripe)
  • Send notifications and communications about your account (via Resend)
  • Improve the quality of the service

4. Data Sharing

Your data may be shared with:

  • Google (Gemini API): images uploaded for mockup generation
  • Anthropic (Claude API): recipe data (parameters and text) for generating and analyzing glaze recipes
  • Stripe: data for payment processing
  • Resend: your email and name to send transactional messages (welcome, verification, account notices)
  • Vercel: service hosting and image storage (Vercel Blob)
  • Neon: data storage

These providers act as data processors, handling the information only to deliver the contracted service. We do not sell, rent or share your personal data with third parties for marketing purposes.

5. Storage and Security

Your data is stored on secure servers (Neon Database, AWS US-East-1). Passwords are encrypted with bcrypt. Communication is protected by HTTPS/TLS. Authentication tokens are stored in httpOnly cookies.

6. Your Rights (LGPD Art. 18)

You have the right to:

  • Confirmation that data processing exists
  • Access to your personal data
  • Correction of incomplete or outdated data
  • Anonymization, blocking or deletion of unnecessary data
  • Data portability
  • Deletion of data processed based on consent
  • Withdrawal of consent

To exercise your rights, get in touch: suporte@keramoslab.com.br

7. Cookies

We use only essential cookies for:

  • oxid-auth-token: session authentication (httpOnly, 24h)
  • localStorage: shopping cart and free-simulation count

We do not use tracking or advertising cookies. To measure site usage in aggregate we use Vercel Analytics, which does not use cookies and does not identify you individually — it collects only anonymous metrics (pages visited, performance).

8. Data Retention

Your data is kept for as long as your account is active. After account deletion, your personal data will be erased within 30 days, except where there is a legal retention obligation.

9. Data Controller

Luiz Marcelo Silva dos Santabaia Martins
Individual Micro-Entrepreneur — Brazilian CNPJ MEI 63.421.394
Email: suporte@keramoslab.com.br