Privacy Policy
im2lazy ("im2lazy", "we", "us") is a service that researches trends, generates digital products with AI and publishes them to your own Etsy shop. This policy explains what data we collect, why we collect it, who processes it on our behalf and what rights you have. We keep it short on purpose — if anything is unclear, email us at [email protected].
1. Data we collect
- Account data. Your name, email address and a hashed password when you sign up. We never store plaintext passwords.
- Etsy connection data. When you connect your shop we store the OAuth tokens Etsy issues for your account. Tokens are encrypted at rest with AES-256-GCM and are only ever used to act on your shop on your instruction (creating draft listings, reading orders and shop statistics). We also store your shop ID, shop name and the listing data our engine creates or reads.
- Generated content. The product concepts, images, mockups, SEO copy and delivery files the engine produces for your shop are stored so you can review, publish and re-download them.
- Usage telemetry. Run logs, credit-wallet movements, feature usage and error traces — used to operate the service, debug failures and prevent abuse.
- IP and device signals. IP address and user-agent are recorded with sessions and security-relevant events, strictly for fraud prevention and account security (for example, preventing repeated free-credit claims).
We do not collect payment card data. Payments are handled entirely by our merchant of record, Dodo Payments — card details never touch our servers.
2. Subprocessors
We share the minimum data necessary with these providers to run the service:
| Provider | Purpose | Data shared |
|---|---|---|
| fal.ai | AI image generation | Generation prompts and produced images |
| OpenRouter | AI text generation (concepts, listing copy) | Trend keywords and market signals; no personal data |
| Dodo Payments | Merchant of record — payments, tax, invoicing | Email, name, billing details you enter at checkout |
| Hetzner | Hosting and storage (EU data centers) | All service data listed above |
3. Retention
- Generated image assets are pruned roughly 30 days after publishing; the listing itself lives on in your Etsy shop.
- Etsy OAuth tokens are deleted immediately when you disconnect your shop from the settings page.
- Deleting your account removes all tenant data — connections, generated content, run history and credit ledger. Minimal anti-abuse records (for example, that a given Etsy shop already claimed a free-credit grant) may be retained without any link to your identity.
- Billing records held by Dodo Payments follow their own statutory retention rules.
4. Your rights (GDPR & KVKK)
If you are in the EU/EEA (GDPR) or Türkiye (KVKK), you have the right to access, rectify, erase, restrict and port your personal data, and to object to processing. In practice:
- Access and rectification: most data is directly visible and editable in the app.
- Erasure: delete your account in Settings → Account; this removes all tenant data as described above.
- Portability and everything else: email [email protected] and we will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
5. Cookies
We use a single, strictly necessary session cookie to keep you signed in. No third-party advertising cookies, no cross-site tracking, no analytics cookies that identify you.
6. Security
Data is encrypted in transit (TLS) and sensitive credentials are encrypted at rest (AES-256-GCM). Access to production systems is restricted and logged. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you without undue delay.
7. Changes and contact
We may update this policy as the service evolves; material changes will be announced in the app. Questions, requests, complaints: [email protected].