Privacy Policy

StyleExtract is a web application that extracts brand design tokens from publicly accessible websites. We are an independent product accessible at styleextract.com. For privacy questions, contact us at: privacy@styleextract.com.

Account data. If you create an account, we store your email address and a bcrypt-hashed password. We never store plaintext passwords.

Extraction data. When you submit a URL for analysis, we store the extracted brand data (colors, fonts, logo URL, design tokens, SEO metadata) in our database linked to the extraction record. We do not store the full HTML of the target page.

Payment data. Payments are processed by Stripe. We store only the Stripe session ID and payment status for order verification. Card numbers, CVVs, and billing addresses are handled exclusively by Stripe and are never transmitted to or stored on our servers.

API keys. If you subscribe to the Developer API, we generate and store API key hashes (not plaintext) for authentication.

Usage data. We log download events (file type, domain) for internal analytics. We do not use third-party analytics trackers (no Google Analytics, no Meta Pixel).

Browser storage. We use localStorage to cache your extraction access token client-side so you can re-download files without re-entering a key. This data never leaves your browser.

• To authenticate your account and maintain your session.
• To deliver the extraction results you requested.
• To verify that a Stripe payment was completed before unlocking files.
• To enforce rate limits on the Developer API.
• To track aggregate download counts for internal product analytics.
• To respond to support or legal requests addressed to us.

We do not use your data for advertising, do not profile you across sites, and do not share your data with any third party except as described in Section 5.

• The content of websites you extract — we process it ephemerally and discard it after generating brand tokens.
• Your IP address beyond what is logged by the server process for standard HTTP request handling.
• Cookies beyond a secure, HTTP-only NextAuth session cookie.
• Any data from the target websites' users — we only read publicly rendered CSS and assets.

We share data with the following third parties only as necessary to provide the service:

• Stripe (stripe.com) — payment processing. Stripe has its own privacy policy at stripe.com/privacy.
• Hetzner Online GmbH — our VPS hosting provider. Your data is stored on servers within the EU.
• Google Fonts API — fonts are loaded client-side from fonts.googleapis.com for PDF generation.

We do not use advertising networks, data brokers, or social login providers.

Extraction records are retained indefinitely so paid users can re-download their files. If you delete your account, your account record and associated purchases are deleted. Extraction records themselves are anonymised (userId set to null) rather than deleted, as they may be referenced by other users' sessions.

To request complete deletion of all data associated with your email address, contact privacy@styleextract.com. We will action deletion requests within 30 days.

We use one first-party cookie: a secure, HTTP-only session cookie set by NextAuth to maintain your login state. It contains no personally identifiable information beyond an opaque session identifier. It expires when you sign out or after 30 days of inactivity.

We do not use tracking cookies, advertising cookies, or third-party cookies.

Access tokens for unlocked extractions are random 64-character hex strings generated with crypto.randomBytes. Passwords are hashed with bcrypt. All traffic is served over HTTPS. Our database is not publicly accessible.

No security system is perfect. If you discover a vulnerability, please disclose it responsibly by emailing security@styleextract.com.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email privacy@styleextract.com from the address associated with your account.

StyleExtract is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has submitted personal data to us, contact us and we will delete it promptly.

We may update this policy as the service evolves. Material changes will be noted at the top of this page with a revised effective date. Continued use of the service after changes constitutes acceptance.

Questions about this policy: privacy@styleextract.com