Privacy Policy

Effective 17 April 2026

particl.art is a small, independently run product. This policy explains what we collect, why we collect it, and what we do with it. Plain English, no lawyer-speak, no dark patterns.

Who runs this

particl.art is built and operated by an independent developer. You can reach us any time at hey@particl.art. If you have any question about this policy, that’s the fastest way.

What we collect

When you request early access

We collect the email address you type into the form. That’s it. No name, no company, no tracking pixel on the email. We store it in our database along with a timestamp, an approval flag, and a random token we use to link approve buttons back to your row.

When you sign in with Google

We use Google OAuth 2.0. When you click “Continue with Google”, Google sends us your email address, your name, your profile picture, and a stable Google account ID. We do not receive your Google password or any other account data. We store those four fields so we can show you your projects the next time you come back.

When you use the editor

Any image you upload (SVG, PNG, or JPG), the physics settings you tune, the morph sources you add, and the project names you choose are stored in our database against your account. We do not look at the contents of your projects and we don’t use your uploaded images for training any model, ever.

When you publish an embed

A published embed is a snapshot of your project that’s served publicly at https://particl.art/embed/<id>. Anyone with the URL can load it. The URL itself contains a random ID, not your name or email, so we don’t expose you personally.

When you subscribe to Pro

If you upgrade to Pro, our payment processor Dodo Payments handles the checkout and stores your payment method. We never see or store your card details. We store a Dodo customer ID and subscription ID against your account so we can let you manage or cancel the subscription.

When you visit the site

Our web server logs standard request information - IP address, user agent, requested path, and timestamp - for about 14 days, for debugging and abuse prevention.

We also run two third-party analytics services:

Google Analytics (GA4) - counts page views and traffic sources so we know what’s working.
Microsoft Clarity - records anonymised session replays so we can see where people get stuck in the editor. Clarity masks form inputs and passwords by default.

Both services set cookies and receive your IP address. If you have a browser ad blocker or Do Not Track enabled, they’re typically blocked and we lose the signal, which is fine.

Who we share data with

We share data with the following third parties, and only the minimum needed for the service to work:

Google - to authenticate you via OAuth.
Resend - to send transactional emails (welcome mails, drip sequences, billing notifications).
Dodo Payments - to process subscription payments and handle billing for Pro plans.
Google Analytics and Microsoft Clarity - for the usage data described above.
Our hosting provider - where the application and database run.

We don’t sell your data. We don’t share it with advertisers. We don’t run it through any marketing enrichment tools.

How long we keep it

Your account and projects live as long as you want them to. If you delete a project, it’s soft-deleted for 30 days and then permanently removed from the database. If you want us to delete your account entirely, email hey@particl.art and we’ll do it within seven days.

Early-access email addresses stay on the waitlist until you ask us to remove them.

Your rights

You can ask us to show you everything we have on you, correct it, or delete it. No fees, no forms, just an email to hey@particl.art.

Under GDPR and similar laws, you also have the right to lodge a complaint with a data protection authority if you think we’re handling your data badly. We’d rather you email us first so we can fix it.

Security

All traffic runs over HTTPS. Authentication uses short-lived JWTs stored in HTTP-only cookies. Passwords - we don’t store passwords because we don’t use password auth. Sessions are verified on every protected route.

No system is perfect. If we ever have a breach that affects your data, we’ll email you as soon as we can and explain what happened.

Children

particl.art isn’t intended for children under 13. If you’re a parent and you find out your child has signed up, email us and we’ll delete their account.

Changes

If we change this policy in a meaningful way, we’ll update the effective date at the top and - if you have an account - email you to let you know. Small wording fixes don’t trigger an email.

Contact

Questions, complaints, data requests - all the same address: hey@particl.art.