Karyakarya

Privacy Policy

Last updated: June 2026

1. Who we are

Karya is an AI generation studio operated by the team behind The AI Ad Lab. Questions about this policy can be sent to hello@karya.app.Replace this contact email with your actual business contact before going live.

2. Information we collect

  • Account data , email address and an optional display name you set in Settings.
  • Generation data , the prompts you submit, the models you pick, the uploaded reference images / videos / audio, and the generated outputs. These are stored against your account so you can revisit them in the history rail.
  • Payment data , Stripe handles your card directly. We only store the resulting payment ID, amount, currency, and timestamp , never your card details.
  • Usage data , per-model run counts and credit spend, used to display your account stats.
  • Referral data , if you arrived via a referral link, we store the referrer ID so we can credit them when you sign up or top up.

3. Where it's stored

Your account and generation history live in a Supabase Postgres database hosted in Supabase's secure infrastructure. Uploaded files and generated outputs are stored in Supabase Storage. Stripe stores all payment information. We do not export your data to any other third party.

4. Third-party processors

To run generations, your prompts and uploaded media are forwarded to the AI providers behind the models you pick:
  • kie.ai , for Veo, Nano Banana, Sora, and other models on the kie.ai network.
  • muapi.ai , for Flux, Seedream, Kling, and other models on the muapi.ai network.
  • Stripe , for processing payments and storing payment audit trails.
  • Supabase , for authentication, database, and file storage.
We do not send your data to any other party.

5. Your rights

You can:
  • Edit your display name from Settings.
  • Request a full export of your account data by emailing the contact above.
  • Request deletion of your account and all associated generations by emailing the contact above. We will remove your data within 30 days.
  • Withdraw consent at any time by deleting your account , unused credits in your wallet are non-refundable on deletion.

6. Cookies

We use a Supabase session cookie to keep you logged in, and a `karya_ref` cookie (lasts 30 days) to remember your referral attribution. We do not use third-party tracking cookies.

7. Security

All data is transmitted over HTTPS. API keys for upstream AI providers and Stripe are kept server-side only and are never exposed in your browser. Credit operations are atomic at the database level to prevent double-charging or double-crediting.

8. Changes to this policy

If we change this policy, the "Last updated" date above will change and active users will be notified by email.