Privacy

Privacy

Last updated 2026-07-17. English is the governing version.

Who's responsible

The data controller is Rob Bergevoet, trading as Mokbi (sole proprietorship), Reurikwei 83, 6843 XV Arnhem, Netherlands. KvK 94780765 · VAT NL005111873B25. Contact: info@mokbi.com.

What's stored on your device

Your designs, your auto-save state, and your preferences live in localStorage in your browser. We never send those to a server unless you sign in and click "Save to cloud".

What's stored on our server (only if you sign in)

  • Email address
  • Optional display name
  • Project data (panels, layers, settings) when you save to cloud
  • Purchase and subscription state (your plan and your AI credit balance) from Creem, our payment processor
  • A counter of AI generations you've run, so we can apply your credit balance (a number per user — not the images themselves)
  • Store connections, if you add them — your Google Play and App Store Connect API keys, stored encrypted and used only to publish on your behalf. You can remove a connection at any time, which deletes the key from our vault.

The server is Supabase, hosted in the EU region.

Third parties

  • Supabase — auth + cloud project storage (EU region). Their privacy policy.
  • Creem — handles all payments. They are the Merchant of Record, so they hold card data, not us. Their privacy policy.
  • Anthropic (Claude) — when you use AI translation or AI copy generation, the text you submit is sent to Anthropic's API to produce the result. Their privacy policy.
  • Google (Gemini) — when you use AI image generation or editing, your prompt (and, for editing, the image you choose) is sent to Google's Gemini API to produce the result. Gemini API terms.
  • Apple (App Store Connect) & Google (Play) — only if you connect a store and publish: your screenshots and store text are sent to their APIs, using your own developer credentials, to update your listing. Apple's privacy policy · Google's privacy policy.
  • PeerJS / WebRTC — phone-to-desktop screenshot pairing connects directly between your devices over WebRTC. We don't see the screenshots.
  • PostHog — privacy-respecting product analytics (which features are used, where people drop off). Configured cookieless (no cross-site identifiers, EU data residency); session recording is off.

AI content is only sent when you trigger an AI action, and is used solely to generate your result — not to train models.

What we don't collect

No tracking cookies. No third-party advertising pixels. No cross-site identifiers. No fingerprinting. Because our analytics are cookieless, there's no cookie banner to click through.

Your rights (GDPR)

You can export every byte we have about you from the account modal in the editor. You can delete your account from the same place — that wipes profile, projects, feedback, and votes via a database cascade. We don't keep backups beyond 30 days.

Contact

info@mokbi.com for any GDPR / data request.