Privacy Policy

Effective date: 16 May 2026. This Privacy Policy applies to kevin.tools, Kevin, Creative Lab, accounts, purchases, points, workspaces, libraries, downloadable digital content, AI-assisted creative features, and related services (the "Services").

The controller of your personal data is SIA Supply Family, registration number 50203292501, VAT number LV50203292501, Juras iela 5A-1, Ventspils, LV-3601, Latvia ("Kevin", "we", "us", or "our"). For privacy questions or requests, contact info@kevin.tools.

1. Personal data we collect

We collect personal data you provide, data created when you use the Services, and data collected automatically. Depending on how you use Kevin, this may include:

• account data, such as your email address, login identifiers, profile details, avatar, onboarding choices, and authentication records;
• creative content, such as prompts, instructions, uploaded images, reference files, logos, mockups, generated images, edited images, merged images, workspace names, folder names, saved assets, and library content;
• purchase and billing data, such as purchased products, points packages, invoices, VAT/tax information, transaction identifiers, payment status, billing email, and Stripe customer or checkout identifiers. We do not directly store your card number, CVC, or full payment method details;
• support and communication data, such as messages you send us, email signup data, feedback, and support history;
• usage and device data, such as IP address, browser type, pages viewed, referring URLs, feature usage, errors, logs, approximate location derived from IP address, and cookie or analytics identifiers.

We do not intentionally collect special categories of personal data, such as health, religion, political opinions, biometric data for identification, or sensitive government identifiers. Please do not upload that type of data unless it is necessary and you have a lawful reason to do so.

2. AI prompts, uploads, and generated content

When you use AI features, we process the content needed to perform your request. This may include prompts, uploaded or selected images, reference files, masks, edit instructions, model choices, generation settings, generated outputs, and technical metadata.

Kevin currently uses OpenAI/GPT and Google/Gemini for AI image, editing, mockup, merge, and related creative features. Depending on the feature, your inputs and outputs may be sent to these providers and processed under their security, abuse-prevention, and service policies. Logo or SVG generation may use a specialized provider where required by that feature.

Do not submit confidential, highly sensitive, regulated, or third-party personal data to AI features unless you have permission and are comfortable with the processing described in this policy.

3. How we use personal data

We use personal data to:

• create and manage accounts, authentication, profiles, workspaces, libraries, saved images, and user settings;
• provide AI generation, editing, mockup, merge, logo, upload, download, image proxy, storage, and creative workflow features;
• process payments, points, invoices, taxes, refunds where applicable, fraud checks, and billing support;
• communicate with you about support, service notices, security, purchases, product updates, and marketing where permitted;
• monitor, secure, debug, improve, and analyze the Services, including usage trends, errors, abuse prevention, and performance;
• comply with legal, tax, accounting, consumer protection, and regulatory obligations.

4. Legal bases under GDPR

If EU or UK data protection law applies, we rely on the following legal bases:

• contract performance, when we need data to provide accounts, AI features, downloads, points, purchases, invoices, and support you request;
• legitimate interests, when we secure, improve, debug, measure, prevent abuse of, and operate the Services in a way that does not override your rights;
• consent, where required for optional cookies, marketing emails, or specific processing choices;
• legal obligations, when we must keep invoices, tax records, fraud records, or respond to lawful requests;
• your instructions and requested processing, when you choose to send prompts, uploads, and files to AI or storage features.

5. Service providers and sharing

We do not sell your personal data. We share personal data only where needed to provide, secure, analyze, bill, or support the Services. Our providers may include:

• Supabase for authentication, database, account, workspace, saved content, and application data;
• Google Cloud Storage or similar cloud storage for uploaded, generated, saved, and downloadable images or files;
• OpenAI/GPT and Google/Gemini for AI processing requested by you;
• Stripe for checkout, payment processing, card/payment method handling, billing, fraud prevention, tax details, and invoices;
• Google Analytics or similar analytics tools for usage measurement and product improvement;
• Mailchimp or similar email tools for email signups, product updates, and marketing where permitted;
• hosting, security, logging, development, and support tools needed to run the Services.

We may also share data if required by law, to protect rights and safety, to investigate fraud or abuse, in connection with a business transfer, or with your direction or consent.

6. International transfers

We are based in Latvia, but some providers may process data in other countries, including outside the European Economic Area. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, provider data processing terms, and technical and organizational measures designed to protect your data.

7. Cookies and analytics

We use cookies and similar technologies to keep the Services working, remember preferences, secure sessions, understand usage, improve the product, and measure marketing or email performance. Some cookies are necessary for the Services. Optional analytics or marketing cookies are used where permitted by law and your choices.

You can control cookies through your browser settings. If you block necessary cookies, parts of the Services may not work correctly.

8. Marketing communications

We may send service messages related to your account, purchases, security, or important product changes. We may send marketing emails only where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting info@kevin.tools. You will still receive necessary service messages.

9. How long we keep data

We keep personal data only as long as reasonably needed for the purposes described in this policy. Account, workspace, saved image, and library data is generally kept while your account is active. Billing, invoice, tax, fraud-prevention, and accounting records may be kept longer where required by law. Support messages, logs, analytics, and security records are kept for limited periods based on operational need.

If you ask us to delete your account or specific content, we will delete or anonymize it where possible, unless we must keep certain data for legal, security, dispute, backup, or legitimate business reasons. Backups may retain data for a limited period before deletion cycles complete.

10. Security

We use technical and organizational measures designed to protect personal data, including provider security controls, access limits, authentication, encrypted transport where available, monitoring, and operational safeguards. No online service can be guaranteed completely secure, so you should use a strong password, protect your account, and avoid uploading data you do not need to process.

11. Your privacy rights

Depending on where you live, especially if you are in the EU or EEA, you may have rights to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete personal data in certain circumstances;
• restrict or object to certain processing;
• receive a portable copy of certain data;
• withdraw consent where processing is based on consent;
• complain to a data protection supervisory authority.

To exercise rights, contact info@kevin.tools. We may need to verify your identity before responding. If you are in Latvia, you may contact the Data State Inspectorate. If you live elsewhere in the EU or EEA, you may contact your local supervisory authority.

12. Children

The Services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact us and we will take appropriate steps to delete it.

13. Third-party links and services

The Services may link to third-party websites or services. We are not responsible for their privacy practices. Please review their policies before submitting personal data to them.

14. Changes to this policy

We may update this Privacy Policy when the Services, providers, laws, or our practices change. If changes are material, we will take reasonable steps to notify you, such as posting the updated policy, showing an in-product notice, or emailing account holders. The latest version is always available at https://kevin.tools/privacy-policy.

15. Contact

SIA Supply Family
Reg. no. 50203292501
VAT no. LV50203292501
Juras iela 5A-1, Ventspils, LV-3601, Latvia
Email: info@kevin.tools