Privacy Policy

Plain‑language summary of what pomela collects, why, and what you can do about it.

Effective 2026‑05‑27 · Applies to pomela.app, generated apps served from *.pomela.app, and all related APIs.

Contents

01Summary
02What we collect
03How we use it
04Who we share with
05Retention
06Your rights
07Security
08Children
09Changes
10Contact

01 · Summary

pomela is a tool that turns a short prompt into an installable mobile web app (PWA). To do that we need to know a few things about your device, your prompts, and your account. We collect the minimum required to make the product work, we don't sell data, we never share prompts with advertisers, and we delete what we no longer need.

02 · What we collect

Account information when you sign in: your email, display name, and avatar (via Clerk, our identity provider).
Device identifier: a random UUID generated client‑side, stored in your browser. It lets your work resume across sessions without an account.
Prompts and generated specs: the text you type and the JSON spec / source we produce in response.
Usage telemetry: anonymized events (page views, generation outcomes, install completions) sent to PostHog. We never attach the raw prompt text to a telemetry event.
Billing data for Pro subscribers: handled exclusively by Paddle as the Merchant of Record. We see plan tier, status, and renewal dates — never your card details.
Error reports: if a generated app crashes in your browser, our SDK posts the stack trace and user‑agent string for self‑healing. End‑user PII inside the app is not transmitted.
IP address, at the time of each request. We hash it within 24 hours for abuse prevention; raw IPs are not retained beyond that window.

03 · How we use it

To run the service: generate apps, persist your work, sync state across your devices.
To bill correctly and prevent fraud on paid plans.
To improve quality: aggregate generation success rates, identify bad prompts, ship better templates.
To respond when you contact support.
To comply with legal obligations and respond to lawful requests.

We do not use your prompts to train any model. Anthropic, our LLM provider, does not train on API traffic by default — and we do not opt into any data‑sharing program.

Clerk — identity provider; sees email + auth metadata.
Supabase — primary database; stores your apps, account, and app state (RLS‑isolated).
Cloudflare — hosting, edge security, DNS; sees IP at request time.
Anthropic — the LLM that generates your apps; sees the prompt only.
Paddle — payment processor and Merchant of Record; sees billing details.
Resend — transactional email delivery (magic links, receipts); sees email + message body.
PostHog (EU) — product analytics; sees pseudonymous event data only.

We do not sell, rent, or trade personal information to third parties.

05 · Retention

Account data: kept for the lifetime of your account. Hard‑deleted 30 days after account deletion to give you a recovery window.
Hashed IPs: 90 days.
Prompts and specs: tied to the apps you keep — delete the app, the spec goes with it.
Billing records: retained for the period required by tax authorities (typically 7 years).

06 · Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, Israeli Amendment 13, and similar), you have the right to:

Access a copy of your data — request from Account → Data → Export.
Correct inaccurate data — update profile fields in Account.
Delete your account and the data we hold for it — Account → Data → Delete.
Object to specific processing or withdraw consent where consent is our legal basis.
Port your data to a competitor — export is machine‑readable JSON.
Complain to your local data‑protection authority. In the EU we'll point you to your member‑state regulator.

07 · Security

We design pomela security‑first. The platform runs on Cloudflare's global edge with TLS 1.3, HSTS preload, strict Content‑Security‑Policy, locked Permissions‑Policy, and X‑Frame DENY. Secrets live in Cloudflare Worker secrets; no API keys are baked into bundles. Customer data lives in Supabase Postgres with Row Level Security so a row's owner is the only authenticated subject who can read or write it. We log every admin action. Detailed engineering practices live at /legal/security.

08 · Children

pomela is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from anyone in that age range. If you believe a child has provided us data, contact us and we'll delete it.

09 · Changes

Material changes are announced via email to all registered users at least 14 days before they take effect. Prior versions stay archived at /legal/privacy/v<n> for transparency.

10 · Contact

Data‑protection inquiries: contact form. For urgent compliance matters, reach the operator at the address listed on our security page. We acknowledge requests within 7 days and resolve them within 30.