Privacy Policy

‍

Last Updated: July 21, 2025

‍

‍

‍

1. INTRODUCTION. Shape Platforms, Inc. ("Shape," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our experimental AI-powered visual platform.

1.1 Our Commitment. All changes you make in Shape are designed to be private until you decide to share or deploy them. However, as with any AI platform, certain data may be processed for service delivery, safety monitoring, and system improvement.

1.2 Experimental Technology Notice. IMPORTANT: Shape uses experimental AI technology that may process your data in ways that are still evolving. This policy covers current practices but may be updated as our AI capabilities develop.

‍

2. INFORMATION WE COLLECT

2.1 Account Information. (a) We collect your name and email address, (b) company information if applicable, (c) payment information processed by third-party providers, (d) your account preferences and settings.

2.2 Product Usage Data. (a) Code, designs, and content you create or upload, (b) platform interactions and feature usage, (c) performance metrics and error logs, (d) AI feature usage and patterns.

2.3 Technical Information. (a) IP address and device information, (b) browser type and operating system, (c) platform performance data, (d) security and access logs, (e) automated monitoring data for abuse detection, (f) usage patterns and behavioral analytics, (g) error logs and debugging information, (h) system performance and capacity metrics.

2.4 Communication Data. (a) Support tickets and correspondence, (b) feedback and feature requests, (c) in-platform messages and tags, (d) media inquiries and public communications, (e) legal and compliance communications.

‍

3. HOW WE USE YOUR INFORMATION

3.1 To Provide Our Service. (a) Process and store your designs, code, and content, (b) enable visual editing and AI-powered features, (c) generate code based on your inputs.

3.2 To Improve Our Platform, (a) Analyze usage patterns to enhance features, (b) train and improve our AI models using anonymized data only, (c) identify and fix technical issues, (d) develop new features and capabilities.

3.3 For Communication. (a) Send service-related notifications, (b) respond to support requests and feedback, (c) provide important updates about the platform, (d) send billing and account information.

3.4 For Safety and Compliance. (a) Monitor usage for policy violations and abuse, (b) detect and prevent harmful or inappropriate content, (c) ensure compliance with applicable laws and regulations, (d) cooperate with law enforcement when legally required, (e) protect our rights and prevent fraud, (f) maintain service security and integrity.

3.5 For Business Operations. (a) Process payments and manage subscriptions, (b) prevent fraud and ensure platform security, (c) comply with legal obligations, (d) enforce our Terms of Service, (e) protect our intellectual property and brand, (f) defend against legal claims and litigation, (g) respond to regulatory inquiries and investigations.

‍

4. AI FEATURES AND DATA PROCESSING

4.1 How AI Uses Your Data. (a) AI features analyze your content to provide editing suggestions, (b) Autoshape processes your product design to generate contextual improvements, (c) natural language commands are processed to understand your intent, (d) all AI processing respects the privacy of your changes until you share them.

4.2 AI Model Training. (a) We may use anonymized, aggregated data to improve our AI models in compliance with applicable AI regulations, (b) personal identifying information is never used for training purposes, (c) individual user content is not shared with other users or used to train models that benefit competitors, (d) you can opt out of contributing to model improvement in your account settings.

4.3 AI Transparency. We maintain records of AI training data sources and model performance metrics as required by emerging AI governance frameworks.

4.4 AI-Generated Content. (a) Code and designs generated by AI belong to you, (b) we don't claim ownership of AI output, (c) you are responsible for reviewing AI-generated content before use.

‍

5. DATA SHARING AND DISCLOSURE

5.1 We Do NOT Sell Your Data. Shape never sells your personal information to third parties.

5.2 When We May Share Information. 5.2.1 With Your Consent (a) When you choose to share or collaborate on projects, (b) when you deploy changes using our platform. 5.2.2 Service Providers. (a) Payment processors for billing, (b) cloud infrastructure providers for hosting, (c) analytics services with anonymized data only, (d) customer support tools, (e) security and monitoring services, (f) legal and compliance consultants. 5.2.3 Legal Requirements. (a) Comply with law enforcement requests, (b) protect our rights and prevent fraud, (c) in connection with legal proceedings, (d) protect user safety and platform security, (e) respond to regulatory investigations, (f) defend against legal claims or litigation, (g) comply with court orders or subpoenas. 5.2.4 Business Transfers. In the event of a merger, acquisition, or sale of assets, user data would be transferred under the same privacy protections. 5.2.5 Safety and Security. (a) Investigate policy violations or abuse, (b) protect against threats to user or public safety, (c) prevent illegal activities or harmful content, (d) maintain platform integrity and security.

‍

6. DATA SECURITY

6.1 Security Measures. (a) Encryption of data in transit and at rest, (b) regular security audits and monitoring, (c) access controls and authentication requirements, (d) secure development practices, (e) 24/7 automated threat detection and response, (f) regular penetration testing and vulnerability assessments, (g) employee security training and background checks, (h) incident response and breach notification procedures.

6.2 Data Processing Transparency. (a) Service Delivery: Data may be processed to provide AI features and platform functionality, (b) Safety Monitoring: Content may be analyzed for policy violations and harmful content, (c) Quality Assurance: Inputs and outputs may be reviewed for system improvement, (d) Legal Compliance: Data may be accessed for regulatory compliance and law enforcement.

6.3 Access Controls. (a) Zero-Trust Architecture: Every request is authenticated and authorized, (b) Role-Based Permissions: Team members only access what they need for their role, (c) Multi-Factor Authentication: Available for all accounts with enforcement options, (d) Session Management: Automatic timeouts and secure session handling, (e) Admin Access Logging: All administrative access is logged and monitored.

6.4 Data Isolation. (a) User Workspaces: Your projects are logically separated from other users, (b) Sandboxed Execution: All code execution happens in secure, isolated environments, (c) Network Segmentation: Critical systems are separated and monitored, (d) Geographic Isolation: Data processing occurs in controlled geographic regions.

6.5 Your Role in Security. (a) Keep your account credentials secure, (b) use strong, unique passwords, (c) report suspicious activity immediately, (d) review and configure your privacy settings, (e) do not share sensitive information in prompts or uploads, (f) regularly review your account activity and settings.

6.6 Incident Response. (a) We monitor for security breaches continuously, (b) affected users will be notified promptly of any incidents, (c) we work with security experts to investigate and resolve issues, (d) law enforcement may be contacted for serious security incidents, (e) regulatory authorities will be notified as required by law, (f) California residents will be notified of data breaches affecting personal information in accordance with California Civil Code Section 1798.82 and other applicable California privacy laws.

‍

7. DATA RETENTION

7.1 How Long We Keep Your Data. (a) Account data: Until you delete your account, (b) Project data: According to your subscription plan, (c) Usage analytics: Up to 2 years in anonymized form, (d) Support communications: Up to 3 years.

7.2 Data Deletion. (a) You can delete projects and data at any time, (b) account deletion removes all associated personal data, (c) some data may be retained for legal compliance, (d) anonymized analytics may be retained for service improvement.

‍

8. YOUR RIGHTS AND CHOICES

8.1 Access and Control. (a) View and download your data at any time, (b) delete projects, content, and account data, (c) modify your account information and preferences, (d) control sharing and collaboration settings.

8.2 Privacy Settings. (a) Choose what data to share with team members, (b) control AI feature usage and data contribution, (c) manage communication preferences, (d) configure security settings.

8.3 Opting Out. (a) Unsubscribe from marketing communications, (b) opt out of AI model training contribution, (c) disable certain analytics features, (d) delete your account entirely.

8.4 Data Subject Access Request Limitations. (a) For GDPR and similar privacy requests, we will respond within legally required timeframes, (b) provide data in standard formats, (c) limit requests to reasonable scope and frequency, (d) charge administrative fees for excessive or repetitive requests, (e) verify identity before processing requests, (f) decline requests that would compromise trade secrets or other users' privacy.

8.5 California Residents' Privacy Rights. 8.5.1 California Consumer Privacy Act (CCPA) Rights. California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): (a) Right to Know: You have the right to request information about the categories and specific pieces of personal information we've collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we've shared it, (b) Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions, (c) Right to Correct: You have the right to request correction of inaccurate personal information, (d) Right to Opt-Out: You have the right to opt-out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information as defined by the CCPA, (e) Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights. 8.5.2 How to Exercise Your Rights. California residents can exercise these rights by contacting us at privacy@autoshape.ai or through your account settings. We will verify your identity before processing requests and respond within 45 days. 8.5.3 Authorized Agents. You may designate an authorized agent to make CCPA requests on your behalf by providing written authorization or power of attorney.

‍

9. INTERNATIONAL USERS

9.1 Data Transfers. (a) Your data may be processed in the United States and other countries where our service providers operate, (b) we implement appropriate safeguards for international transfers including standard contractual clauses, (c) data protection standards are maintained regardless of processing location, (d) we comply with applicable data transfer regulations including GDPR Article 46.

9.2 Regional Compliance. (a) We respect regional privacy laws and regulations including GDPR, CCPA, and other applicable frameworks, (b) users in the EU have additional rights under GDPR including data portability and the right to be forgotten, (c) we're committed to expanding compliance as we grow and enter new markets.

9.3 AI-Specific Compliance. We monitor evolving AI regulations and adapt our practices accordingly.

‍

10. CHILDREN'S PRIVACY

Shape is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly.

‍

11. CHANGES TO THIS POLICY

11.1 Updates and Notifications. (a) We may update this Privacy Policy periodically, (b) significant changes will be communicated via email, (c) continued use after changes indicates acceptance, (d) previous versions are available upon request.

11.2 Your Options. (a) You can review changes before they take effect, (b) contact us with questions or concerns, (c) discontinue use if you disagree with changes.

‍

12. THIRD-PARTY SERVICES

12.1 Integrations. (a) Shape works with your existing tech stack, (b) third-party integrations have their own privacy policies, (c) we don't control how third parties handle your data, (d) review third-party policies before connecting services.

12.2 Links and References. (a) Our platform may contain links to external websites, (b) external sites have their own privacy practices, (c) we're not responsible for third-party privacy policies.

‍

13. PLATFORM-SPECIFIC INFORMATION

13.1 macOS Launch. (a) Shape launches on macOS first, (b) data handling practices are consistent across platforms, (c) additional platforms will follow the same privacy standards.

13.2 Local Processing. (a) Many operations happen locally on your device, (b) changes remain private until you choose to share them, (c) local processing reduces data transmission and improves privacy.

‍

14. AI SECURITY

14.1 Technical Safeguards. (a) Model Isolation: AI processing is isolated from other user data where technically feasible, (b) Training Data Protection: User data not used for AI training without explicit consent, (c) Secure Inference: AI features running in monitored environments with safety guardrails, (d) Data Minimization: AI features only access data necessary for the requested operation, (e) Bias Detection: Ongoing monitoring for AI bias and inappropriate outputs, (f) Content Filtering: Multi-layer safety systems to detect harmful content.

14.2 Experimental Technology Risks. (a) Evolving Security: As an experimental AI platform, security measures are continuously evolving, (b) Unknown Vulnerabilities: New AI-related attack vectors may emerge that we haven't yet addressed, (c) Model Limitations: AI models may behave unpredictably and produce unexpected outputs, (d) Training Data Risks: AI models may reflect biases or information from their training data.

‍

15. DELAWARE AI COMMISSION ALIGNMENT. Shape monitors guidance from the Delaware Artificial Intelligence Commission established under House Bill 333. We align our AI practices with evolving state recommendations for safe and responsible AI utilization while maintaining our commitment to user privacy.

‍

16. BIOMETRIC DATA. Shape does not currently collect biometric identifiers or biometric information as defined by applicable privacy laws. If this changes, we will update this policy and obtain necessary consents.

17. AI MODEL TRANSPARENCY

17.1 Training Data Sources. (a) Our AI models are trained on a combination of public datasets and proprietary data, (b) we maintain records of training data sources where technically feasible, (c) training data may include publicly available code repositories, documentation, and design patterns, (d) we do not use customer data for training without explicit opt-in consent.

17.2 Model Limitations and Bias. (a) AI models may reflect biases present in training data, (b) users should review AI output for accuracy and appropriateness, (c) we continuously work to identify and mitigate bias in our AI systems, (d) report concerns about AI bias or inappropriate outputs to aifeedback@autoshape.ai.

‍

18. PROHIBITED DATA TYPES

18.1 What NOT to Submit to Shape. For your protection and legal compliance, do NOT upload: (a) biometric identifiers such as fingerprints, facial recognition data, or voice prints, (b) government-issued identification numbers like SSN, passport numbers, or driver's license, (c) financial account information including credit card numbers or bank accounts, (d) medical records or protected health information unless HIPAA-compliant, (e) children's personal information if you know the person is under 13, (f) classified or confidential business information belonging to others, (g) copyrighted content without proper licensing, (h) personal information of third parties without their consent.

18.2 Why These Restrictions Exist. (a) AI systems may not properly handle sensitive data, (b) training data separation cannot be guaranteed, (c) regulatory compliance varies by data type, (d) security measures may not meet specialized requirements.

‍

19. AUTOMATED DECISION MAKING

19.1 AI-Driven Processes. Shape uses automated systems for: (a) content moderation and safety filtering, (b) usage monitoring and abuse detection, (c) performance optimization and resource allocation, (d) security threat identification and response.

19.2 Your Rights Regarding Automated Decisions. (a) You can request human review of automated moderation decisions, (b) opt out of certain automated processing where legally required, (c) request explanation of how automated systems affect your account.

‍

20. DATA BREACH RESPONSE

20.1 Our Commitment. In the event of a data breach affecting your personal information: (a) we will investigate immediately upon discovery, (b) affected users will be notified within 72 hours when legally required, (c) regulatory authorities will be notified as required by applicable law, (d) we will provide clear information about what happened and what we're doing.

20.2 What We Won't Do. (a) We will not ask for passwords or sensitive information via email, (b) request payment to restore access to your account, (c) blame users for security incidents beyond their control.

‍

21. LAW ENFORCEMENT AND GOVERNMENT REQUESTS

21.1 Legal Process Requirements. (a) We require valid legal process such as subpoenas, court orders, or warrants for data disclosure, (b) we review all requests for legal sufficiency and scope, (c) we notify users when legally permitted, (d) we publish transparency reports on government data requests, (e) we challenge overbroad or legally deficient requests, (f) all legal proceedings involving user data are subject to confidentiality requirements.

21.2 National Security Requests. (a) We may receive national security letters or other classified requests, (b) we are legally prohibited from disclosing some government requests, (c) we challenge overbroad or legally deficient requests when possible.

21.3 Data Retention for Legal Purposes. (a) Data may be retained longer than standard periods for pending legal matters, (b) legal hold procedures may prevent deletion of relevant data, (c) we balance legal requirements with user privacy rights.

‍

22. CONTACT US

22.1 Privacy Questions. For questions about this Privacy Policy or your data: Email: support@autoshape.ai. Platform: Tag @support within Shape. Mail: 2261 Market Street STE 85658, San Francisco, CA 94114.

22.2 Data Subject Requests. To exercise your privacy rights or request data deletion: (a) use the privacy controls in your account settings, (b) contact our support team for assistance. We respond to requests within 30 days.

‍

This Privacy Policy is part of our commitment to transparency and user privacy. We believe you should have control over your data while using AI tools to build products.