Legal

Privacy Policy

Last updated: June 24, 2026 · Effective date: July 5, 2026

1. Who We Are

CakeSplit (“we”, “our”, “us”) operates the CakeSplit platform — an AI-powered game asset extraction tool. We are the data controller for personal data collected through our service.

For privacy enquiries: privacy@cakesplit.com

2. Data We Collect

  • Account data: Email address and display name when you register.
  • Usage data: Features used, pages visited, and actions taken within the app — only with your consent.
  • Device & technical data: Browser type, operating system, screen resolution — only with your consent.
  • Location data: Country and region resolved from IP address — only with your consent. We do not store precise GPS location.
  • Uploaded images: Images you upload for asset extraction are processed temporarily and are not stored permanently on our servers.
  • Payment data: We do not store card details. Payments are processed via our payment provider (Stripe/equivalent). We store transaction records for billing purposes.

3. Legal Basis for Processing (GDPR)

  • Contract performance: Account management, credit balance, billing.
  • Legitimate interests: Security, fraud prevention, service reliability.
  • Consent: Analytics cookies, usage tracking, geo data. You may withdraw consent at any time via the cookie preferences banner.

4. Cookies & Tracking

We use the following cookie categories:

  • Strictly Necessary: Authentication, session security. Always active — no consent required.
  • Analytics: Usage patterns, click heatmaps, session duration. Requires consent.
  • Marketing: Personalised content and promotions. Requires consent.

You can manage your cookie preferences at any time by clicking “Manage cookies” in the footer of the app.

5. How We Share Your Data

We do not sell your personal data. We may share data with:

  • Supabase: Database and authentication infrastructure (EU/US regions).
  • RunPod: GPU compute provider for AI inference. Only non-personal image data is processed.
  • Payment providers: For billing and subscription management.
  • Law enforcement: Where required by applicable law.

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion.
  • Analytics events: retained for 24 months, then anonymised.
  • Session data: retained for 12 months.
  • Uploaded images: deleted within 24 hours of processing.

7. Your Rights (GDPR)

If you are in the EU/EEA or UK, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability — export your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time without affecting prior processing

To exercise any right, contact privacy@cakesplit.com. We will respond within 30 days.

8. International Transfers

We may transfer your data outside the European Economic Area. Where we do, we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent mechanisms.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security in our database, and strict access controls. No system is 100% secure; please notify us immediately at security@cakesplit.com if you discover a vulnerability.

10. Children

CakeSplit is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately.

11. Changes to This Policy

We may update this policy. We will notify you of material changes via email or a prominent notice in the app. The date at the top of this page reflects the most recent revision.

© 2026 CakeSplit. All rights reserved.Terms of Service →