Privacy Policy

Last updated: February 2026

1. Introduction

Äng ("we", "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and your rights under GDPR and other privacy laws.

2. Data We Collect

2.1 Account and authentication

When you sign in (Google or magic link), we store your user ID and email. This is required to provide the service and is processed by Supabase Auth.

2.2 Error monitoring (Sentry)

To fix bugs and improve stability, we use Sentry for error monitoring:

  • Error reports: When something goes wrong, we capture the error message, stack trace, and technical context (e.g. browser, URL).
  • User attribution: We associate errors with your user ID and email so we can prioritise and resolve issues affecting you. This is our legitimate interest under GDPR Art. 6(1)(f).
  • Session replay (on error only): If an error occurs, we may record a replay of the session to help us reproduce the bug. All text is masked and all images/media are blocked for privacy. Replays are not recorded during normal use.
  • Bug reports: When you use the "Feedback" button to report a bug, you choose what to include (screenshot, description). You control what you share.

Sentry processes data in the EU (Frankfurt). See Sentry's privacy policy.

2.3 Telemetry and analytics

If you enable it in Settings → Privacy, we collect anonymised usage data:

  • Performance metrics and error rates
  • Generation metadata (prompt length, model, resolution) – never the prompt text itself
  • Hashed IP and truncated browser info

This data is stored in our database, retained for 90 days, and used solely to improve the product. You can turn it off at any time.

2.4 Your content

Your boards, images, and prompts are stored to provide the service. We do not use this content for analytics, advertising, or training AI models.

3. Legal basis (GDPR)

We process your data on the following bases:

  • Contract (Art. 6(1)(b)): Account data, boards, and content needed to deliver the service.
  • Legitimate interest (Art. 6(1)(f)): Error monitoring and bug fixing to ensure reliability and security.
  • Consent (Art. 6(1)(a)): Telemetry and analytics when you opt in.

4. Data retention

  • Account and content: Retained while your account is active. You can request deletion.
  • Telemetry: 90 days, then automatically deleted.
  • Sentry: Error data is retained per Sentry's policy; you can request deletion of your data.

5. Your rights

Under GDPR you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Object: Object to processing based on legitimate interest.

To exercise these rights, contact us (see below). We will respond within 30 days.

6. Third parties

We use the following services, each with their own privacy policies:

  • Supabase: Database, auth, storage (EU regions available).
  • Sentry: Error monitoring (EU – Frankfurt).
  • Vercel: Hosting and analytics.
  • Google: Sign-in and AI (Gemini) when you use these features.

7. Contact

For privacy enquiries or to exercise your rights, contact us via the feedback form in the app or at the email address provided in your account settings.

8. Changes

We may update this policy from time to time. The "Last updated" date at the top indicates when it was last revised. Continued use of the service after changes constitutes acceptance.

← Back to sign in