ALABALA — FILED DOCUMENT HOUSTON, TX FORM № ALB/PRIVACY-

Privacy Policy

Last updated — June 28, 2026 Status — IN EFFECT

This Privacy Policy explains what we collect, how we use it, and your choices. It applies to alabala.io and the ALABALA service (the "Service").

1. Data we collect

You give us

  • Account info: name, email address, password (hashed), optional first/last name and phone number.
  • Profile: avatar image (if uploaded).
  • Content: prompts, uploaded source images, generated artwork, and mockups you create.
  • Payment info: handled by Stripe — we receive only the last four digits, brand, and expiry of cards used for purchases. We never see full card numbers.

We collect automatically

  • Sign-in activity: IP address, browser/user-agent, timestamps of login, logout, and failed sign-in attempts.
  • Service usage: which features you use, request counts, error logs.
  • Cookies: a session cookie to keep you signed in, plus a CSRF token for security. We do not run third-party advertising trackers.

2. How we use it

  • To run the Service: authenticate you, generate the artwork you request, and store your projects.
  • To process payments via Stripe.
  • To send transactional emails (verification, receipts, security alerts).
  • To detect and prevent abuse, fraud, and security incidents.
  • To debug and improve the product.
  • To send marketing emails — only if you've opted in (off by default; manage from Settings → Notifications).

3. Legal basis (EEA/UK)

We process your data on the bases of contract (running the Service you requested), legitimate interests (security, abuse prevention, product analytics), and consent (marketing email).

4. Sharing

We share your data only with service providers we rely on to run ALABALA:

  • Cloudflare R2 / Cloudflare — hosting and CDN for static assets.
  • Hetzner — server hosting in the EU.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • fal.ai — AI model inference for design generation. Prompts and uploaded source images are sent to fal.ai to be processed.
  • ShipStation — for ALABALA Fulfillment: order, shipping, label and tracking data is exchanged with ShipStation to fulfill orders. ShipStation in turn connects to your marketplaces (Shopify, Etsy, TikTok Shop, Amazon FBM) and to carriers (e.g. USPS, UPS, FedEx) to import orders, buy labels and push tracking back.

We do not sell your personal data.

5. Storage and retention

Account data and your generated content are retained while your account is active. Sign-in logs are kept for up to 12 months. Server backups are kept for 14 days. Fulfillment records (inventory, orders, shipments, returns and billing line items) are retained as long as needed to operate the service and to meet accounting and tax obligations.

When you delete your account from Settings → Account, we remove your account record, sign-in logs, and credit ledger entries. Generated artwork and backups roll off according to our retention windows above.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most fields are editable from Settings).
  • Delete your account and associated data.
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing.
  • Lodge a complaint with a data protection authority.

To exercise these rights, email [email protected].

7. Security

We use TLS for traffic, hashed passwords (bcrypt), encrypted backups, and least-privilege access to production systems. No system is perfectly secure — if you discover a vulnerability, please report it to [email protected].

8. Children

ALABALA is not directed at children under 16. If you believe a child has registered, contact us and we will delete the account.

9. International transfers

We're hosted in the EU (Helsinki). Some of our service providers (Stripe, Resend, Cloudflare, fal.ai) are based in the United States and may process your data there under standard contractual clauses or equivalent safeguards.

10. Changes

We may update this Policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect.

11. Contact

Privacy questions: [email protected].

ALABALA · Houston, TX FAQ · Terms · Privacy · Refund · Contact © 2026