Privacy Policy

1. Introduction

At Fantasma, the privacy of our visitors is of extreme importance to us. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Account creation date
  • Authentication data (managed securely by Supabase)

2.2 Project Data

When you use the builder, we store:

  • Theme configurations and settings
  • Uploaded images and assets
  • Version history and checkpoints
  • Project metadata (name, creation date, last modified)

2.3 Anonymous Usage

For users who choose not to sign in, data is stored locally in your browser using localStorage. This data never leaves your device unless you sign in and migrate it to the cloud.

2.4 Analytics

We collect information automatically through the use of Plausible Analytics for the purpose of understanding how our visitors interact with our website. Information collected includes IP address, browser type, browser version, pages that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

Please refer to Plausible's Privacy Policy for more details on the data they collect and process.

2.5 Billing Data

When you purchase or manage Fantasma Pro, our payment processor Polar Software Inc. (polar.sh) handles checkout, payments, receipts, invoices, and subscription changes. Fantasma stores subscription identifiers, plan status, product identifiers, renewal dates, and related billing status needed to provide Pro access and support your account. Fantasma does not store full card numbers.

3. How We Use Your Information

We use collected information for:

  • Service Delivery: To provide and maintain the Fantasma builder
  • Account Management: To manage your account and authentication
  • Data Synchronization: To sync your projects across devices
  • Customer Support: To respond to your inquiries and provide assistance
  • Service Improvement: To analyze usage patterns and improve features
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Communication: To send service updates and important notifications

4. Data Storage and Security

4.1 Storage Infrastructure

We use Supabase (built on PostgreSQL) to store your data securely. All data is encrypted in transit using HTTPS and at rest using industry-standard encryption.

4.2 Image Storage

Uploaded images are stored in Supabase Storage with per-user, per-project organization. Images are accessible via secure URLs.

4.3 Data Retention

  • Active account data is retained as long as your account is active
  • Version history is retained for 90 days
  • Deleted projects are permanently removed after 30 days
  • Account deletion removes all associated data within 30 days

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in these circumstances:

  • Service Providers: Third-party services that help us operate, including Vercel for hosting and serverless functions, Supabase for authentication, database, and file storage, Upstash Redis for rate limiting, our payment processor for payments and subscription management, Amazon SES for contact form email, and Plausible for analytics
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, sale, or acquisition (users will be notified)

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Download: Download your theme configurations and projects
  • Opt-out: Unsubscribe from marketing communications
  • Data Portability: Receive your data in a structured format

To exercise these rights, contact us at privacy@fantasma.app.

7. Cookies and Tracking

We use minimal cookies and tracking:

  • Essential Cookies: Required for authentication and session management
  • localStorage: Used for anonymous user data and preferences
  • Plausible Analytics: Privacy-friendly analytics with no cookies or personal data collection

You can disable cookies in your browser settings, but this may affect service functionality.

8. Third-Party Services

Fantasma integrates with:

  • Vercel: Website hosting, serverless functions, cron jobs, deployment infrastructure, and request metadata used to operate and protect the Service (Privacy Policy)
  • Supabase: For authentication, database, and file storage (Privacy Policy)
  • Upstash Redis: Rate limiting and abuse-prevention counters for API routes (Privacy Policy)
  • Plausible Analytics: Privacy-friendly website analytics (Privacy Policy)
  • Amazon SES: Email delivery for contact form messages and related service communication (Privacy Policy)
  • Polar: Checkout, payment processing, invoices, receipts, and subscription management (Privacy Policy)
  • Ghost CMS: Themes you download or publish for Ghost are designed for Ghost but contain no tracking

9. Children's Privacy

Fantasma is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 13, we will delete it immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please visit our contact page.

13. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to be informed about data collection
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

14. CCPA Compliance (California Users)

If you are a California resident, you have rights under the CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: Fantasma does not sell your personal information.

Last updated: December 10, 2025