Privacy Policy
Introduction
This Privacy Policy explains how Realistic Icon ("we", "our", or "us") collects and uses information when you visit the 3D Icon Gallery, use the AI Studio, or call our API. It pairs with our Terms & Conditions and our Cookie Policy.
We collect the minimum information needed to run the Service well — your account details, what icons you've downloaded or generated, billing records, and the technical traces (logs, metrics) that any modern web product needs to stay reliable. We don't sell your personal data, and we don't run third-party ad networks on the site.
This policy was last updated on May 16, 2026. If we make meaningful changes, we'll let signed-in members know via email and update the date at the bottom of the page.
What We Collect
Account details — when you sign in with Google, LINE, or Apple, we receive your email, display name, and profile picture from that provider. We use this to create your account and to address you in product emails.
Profile information you choose to add — your role, location, company, social links, and bio if you fill them in on the Profile page. These are visible only to you unless you choose to make a workspace public in a future team-plan feature.
Usage records — which icons you've downloaded, which generations you've run, which favorites you've added, which API keys exist on your workspace. We need this to render your dashboard and to count credits correctly.
Billing records — when you upgrade to a paid plan, our payment processor (Stripe) handles the card data; we never see or store your full card number. We retain invoices, subscription state, and credit ledger entries.
Technical traces — IP address, browser, OS, and rough geographic location of each request, server-side request logs, performance metrics, and error reports. We keep these for short windows to debug issues and prevent abuse.
What we don't collect — we don't read the contents of your downloads or generations once they're in the wild. We don't track you across other websites with our cookies. We don't sell your information to advertisers or data brokers.
How We Use Your Data
To operate the Service — sign you in, render the gallery, run your generations, serve downloads, deduct credits, send webhooks, and keep the platform secure. Without these uses we couldn't deliver the product.
To improve the Service — anonymized, aggregated usage statistics help us understand what's working and what needs attention. We measure how often each icon is downloaded so we know which themes to expand, not so we can identify you.
To communicate with you — transactional emails (sign-in confirmations, receipts, security alerts, generation-completed notifications). You can opt out of the non-essential ones from the Settings page; the security and billing emails are always on, for your protection.
To prevent abuse — rate-limit signals, fraud indicators, and content-policy enforcement. If we detect activity that looks abusive, we may temporarily restrict the account while we investigate.
To comply with the law — respond to lawful requests from authorities, retain tax records, and handle data-subject requests under GDPR or similar regulations.
Your Rights
Wherever you live, you can: access the personal data we hold about you, correct anything that's wrong, ask us to delete your account and the data attached to it, and export your data in a portable format.
If you're in the European Economic Area, the UK, or Switzerland, you also have rights under GDPR: to restrict our processing, to object to it, and to lodge a complaint with your local data-protection authority. We respond to GDPR requests within 30 days.
If you're in California, you have rights under the CCPA / CPRA: to know what we collect, to delete it, to opt out of any "sale" or "sharing" (we don't do either, but the right exists), and to non-discrimination for exercising these rights.
To exercise any of these rights, email privacy@bluweo.com or use the Account → Privacy panel in your dashboard. We'll verify the request is coming from you (usually by replying from your account's email) and respond within the timeframes the relevant law requires.
Data Retention
Account and workspace data — kept while your account is active. When you delete your account, we remove personal data within 30 days, except for records we need to keep for tax, billing, or abuse-prevention purposes (typically up to 7 years for invoices in jurisdictions that require it).
Usage logs and security traces — kept in their full form for 90 days, then either anonymized or deleted depending on the type.
Generated Content and Library downloads — kept while your account is active so you can return to them. When you delete your account, we keep them in storage for 30 days as a safety window in case the deletion was a mistake, then permanently remove them.
Security
Personal data is encrypted in transit (TLS 1.2+) and at rest. Account passwords are never stored in plaintext — sign-in goes through your identity provider (Google, LINE, Apple). API keys are stored as one-way hashes and shown only once at creation.
We run internal access controls so only the engineers who need to look at production data for a specific reason can do so, and we log those accesses. We do regular dependency updates and review-driven code merges.
No internet system is perfectly secure. If we discover a breach that affects your data, we'll notify you and the relevant authorities within the time required by law (usually 72 hours under GDPR).
Children's Privacy
The Service is intended for users 16 and older. We don't knowingly collect data from children under 16. If you believe a child has created an account, please contact us at privacy@bluweo.com and we'll remove the account and any associated data.
International Transfers
Our infrastructure may process data in regions outside your home country, including the United States and the European Union. Where data crosses borders, we use standard contractual clauses or equivalent safeguards required by your local law to keep the protection level consistent.
If you have specific data-residency needs (e.g. EU-only processing for compliance), enterprise plans can pin processing to a region. Reach out to sales@bluweo.com to discuss.
Changes to This Policy
When we update this Privacy Policy, we'll change the date at the bottom of the page. For meaningful changes that affect how we use your data, we'll also send a heads-up email to signed-in members before the new policy takes effect.
If you don't agree with an updated policy, you can delete your account before the change applies and your data will be removed per the Retention section above.
Contact
Privacy questions, GDPR / CCPA requests, or data-subject inquiries: privacy@bluweo.com.
Security disclosures: security@bluweo.com. We acknowledge serious reports within 1 business day.
General support questions: use the in-app Support link.
This Privacy Policy is effective as of May 16, 2026.