Privacy Policy
Last updated: 11 July 2026
This policy explains what Rayzia ("we") collects when you use Rayzia, why, and your rights. The short version: your designs stay on your device and reach our servers only when you save them to the cloud; we collect the minimum needed to run accounts, cloud sync, and billing; we don't sell data or run ad tracking.
1. What we collect
- Your designs stay on your device by default. Documents live in your browser's local storage and reach our servers only when you save one to the cloud.
- Account data — email, display name, and (with Google sign-in) your Google avatar and account identifier. We never see or store a password.
- Your documents — files you sync to the cloud while signed in, their names, sizes, and revision history per your plan.
- Billing data — handled by Paddle, our merchant of record. We receive subscription status and plan; we never see your card number.
- Bug reports — only when you submit one: the description, a screenshot of the editor, and technical context you attach.
- Technical logs — privacy-friendly, cookie-less aggregate analytics (page views, country) and short-lived security logs.
2. Why (legal bases)
- Operating the Service you asked for — accounts, sync, sharing, billing (performance of contract).
- Transactional email such as sign-in links and billing notices (performance of contract).
- Security, abuse prevention, and debugging (legitimate interest).
- We do not use your content to train AI models, sell personal data, or build advertising profiles.
3. Who processes data for us
| Processor | Purpose | Where |
| Cloudflare | Hosting, storage of cloud documents, security, analytics | Global edge network |
| Paddle | Payments, tax, invoices (merchant of record) | UK / US |
| Resend | Transactional email (sign-in links) | US / EU |
| Google | Sign-in, only when you choose "Continue with Google" | Global |
4. Retention
- Account and cloud documents: kept while your account is active; permanently deleted within 30 days after account deletion.
- Version history: per your plan (Pro: 30 days of revisions).
- Billing records: kept as long as tax law requires (by Paddle and in our subscription ledger).
- Share links you disable die immediately; re-enabling issues a new URL.
5. Your rights
You can access and export your documents at any time from your account, and delete individual files or your whole account. Under GDPR, Thailand's PDPA, and similar laws you may also request access, correction, deletion, or portability of your personal data, and you may lodge a complaint with your supervisory authority. Write to [email protected] — we respond within 30 days.
6. Cookies
We set one first-party cookie (rz_sess) to keep you signed in. No third-party advertising or tracking cookies. That's why there's no cookie banner.
7. Security
All traffic is encrypted (TLS). Sign-in links are single-use, short-lived, and stored only as hashes. Shared documents are served in a way that prevents them from running code on our domain. Access to production data is limited to what operating the Service requires.
8. Children
The Service is not directed at children under 13 (or the higher age your country requires for consent). Don't create an account if you're under that age.
9. Changes & contact
We'll announce material changes to this policy by email or in-product. Questions or requests: [email protected].