MASIC AI LogoMASIC AI

Privacy Policy

Effective Date: November 18, 2025

This Privacy Policy describes how MASIC AI ("we", "us", or "our") collects, uses, and discloses information when you use our desktop application Bach ("App"). This policy applies to all users of the App across Windows, macOS, and Linux platforms.

Table of Contents

  1. Introduction
  2. Data We Collect
  3. How We Collect Data
  4. How We Use Your Data
  5. Third-Party Services
  6. Data Security
  7. User Rights and Control
  8. International Data Transfers
  9. Children's Privacy
  10. Your Privacy Rights (GDPR & CCPA)
  11. Changes to This Privacy Policy
  12. Contact Us

1. Introduction

Bach is an AI-powered desktop application designed for intelligent image generation, editing, and management. The App combines local AI processing (for image segmentation and object selection) with cloud-based AI generation services to provide you with powerful creative tools.

We are committed to protecting your personal information and your right to privacy. Bach is designed with a privacy-first approach: image segmentation and object selection run entirely on your device, while image generation leverages cloud-based AI providers to deliver high-quality results.

If you have any questions or concerns about our policy or our practices regarding your personal information, please contact us as provided in the Contact Us section below.

2. Data We Collect

We collect certain information to provide and improve our services. The types of data we collect include:

Account Information:

  • Email address (required for account creation and authentication)
  • Display name (if provided)
  • OAuth provider information (if you sign in with Google or other third-party services)
  • User ID (automatically generated for your account)

Subscription and Payment Data:

  • Subscription plan (Free, Plus, or Pro)
  • Credit balance and transaction history
  • Paddle customer ID (links your account to our payment processor)
  • Billing period and subscription status
  • Extra Usage settings (if enabled by you)

Important: Credit card details and payment information are collected and processed entirely by Paddle, our payment processor. We never have access to your full credit card numbers or payment credentials.

User Content:

  • Images you upload (temporarily stored in cloud storage for generation processing)
  • Generated images (stored in cloud storage until you delete them)
  • Text prompts (for image generation and editing)
  • Projects and conversations (stored locally on your device)
  • Templates (if you create or use template-based generation)

Usage Data:

  • App features used (Generate, Edit, Arrange, Extract modes)
  • Generation settings (model selection, quality, size preferences)
  • Credit consumption patterns
  • Template usage and interactions
  • App version and platform information

Technical and Diagnostic Data:

  • Device information (operating system, platform, device model)
  • Error and crash reports
  • Performance metrics
  • Log data (app activity, errors, debugging information)

Local Data Storage:

  • Project files (stored locally on your device in your project directory)
  • AI model files (segmentation models cached on your device)
  • Conversation history (stored locally)
  • Image thumbnails and metadata (cached locally for performance)

Important: Bach processes image segmentation and object selection entirely on your device. This content remains local and is not transmitted to our servers. However, when you generate or edit images using AI, your prompts and images are sent to third-party AI providers (OpenAI, Ideogram, Google) for processing.

3. How We Collect Data

We collect data through the following methods:

Directly From You:

  • When you create an account
  • When you subscribe to a paid plan
  • When you upload images or enter prompts
  • When you provide feedback or contact support

Automatically:

  • Local Processing: AI segmentation models run on your device using ONNX Runtime
  • Cloud Services: When you generate or edit images, data is sent to our backend services (Supabase) and AI providers
  • Analytics: We collect usage data to understand how the App is used
  • Error Reporting: Crash and error data helps us improve app stability

From Third Parties:

  • OAuth Providers: If you sign in with Google or other services
  • Payment Processor (Paddle): Subscription status and payment information
  • AI Providers: Confirmation of generation requests (but not your content)

4. How We Use Your Data

We use the collected data for the following purposes:

To Provide Our Services:

  • Process your account creation and authentication
  • Manage your subscription and credit balance
  • Process image generation and editing requests
  • Store and sync your generated images
  • Track your usage and credit consumption
  • Enable template creation and sharing

To Improve Our Services:

  • Understand how users interact with different features
  • Diagnose and fix bugs and technical issues
  • Optimize app performance and stability
  • Develop new features and improvements
  • Analyze usage trends and patterns

For Communication:

  • Send you important account and service updates
  • Notify you about subscription changes or credit usage
  • Respond to your support requests and feedback
  • Inform you about new features or updates (if you've opted in)

For Business Operations:

  • Process payments and manage subscriptions via Paddle
  • Prevent fraud and ensure security
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not sell your personal data to third parties. We do not use your images or prompts for any purpose other than providing the services you request.

5. Third-Party Services

Bach integrates with several third-party services to provide its functionality:

AI Generation Providers:

  • OpenAI: For text-to-image generation and editing
  • Ideogram: For text-to-image generation and editing
  • Google: For text-to-image generation and editing

When you use generation features, your text prompts and images are sent to these providers for processing. Each provider has its own privacy policy and data handling practices:

Payment Processing:

  • Paddle: Processes all subscription payments, manages billing, and handles refund requests

Paddle collects and processes payment information according to its privacy policy:

Backend Services:

  • Supabase: Provides authentication, database, cloud storage, and backend functions

Supabase processes user data according to its privacy policy:

Analytics and Error Reporting:

We may use analytics services to help us understand app usage and diagnose technical issues. These services collect data in accordance with their respective privacy policies.

6. Data Security

We implement industry-standard security measures to protect your data:

Technical Safeguards:

  • Local Processing: Image segmentation runs entirely on your device, minimizing data transmission
  • Encryption in Transit: All data sent to our servers and third-party services is encrypted using HTTPS/TLS
  • Secure Authentication: Powered by Supabase Auth with industry-standard security practices
  • Access Controls: Limited access to user data on a need-to-know basis

Operational Safeguards:

  • Regular security reviews and updates
  • Secure coding practices
  • Monitoring for suspicious activity
  • Prompt response to security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

7. User Rights and Control

You have control over your data and how it's used:

Account Management:

  • Update your profile information and settings
  • Change your subscription plan or cancel your subscription
  • Manage auto-charge settings
  • Delete your account (contact support)

Content Control:

  • Delete your projects, images, and conversations locally
  • Request deletion of cloud-stored generated images
  • Control template privacy settings (public/private)

Communication Preferences:

  • Opt out of promotional communications (service-related messages may still be sent)

Data Access and Deletion:

To exercise your rights regarding your personal data, please contact us at [email protected].

8. International Data Transfers

Bach is a global service. Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We take appropriate measures to ensure that your data receives adequate protection wherever it is processed, including:

  • Using service providers that comply with applicable data protection frameworks
  • Implementing appropriate safeguards such as standard contractual clauses
  • Ensuring data transfers comply with GDPR, CCPA, and other applicable regulations

By using Bach, you acknowledge and consent to the transfer of your information to our facilities and to the third parties with whom we share it as described in this Privacy Policy.

9. Children's Privacy

Bach is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 13, please contact us at [email protected].

10. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you may have specific privacy rights under laws such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

GDPR Rights (European Union Residents):

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Object: Object to our processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for data processing (where consent is the legal basis)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your personal data based on the following legal grounds:

  • Contract Performance: To provide the services you've signed up for
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud
  • Consent: Where you've given explicit consent (which you can withdraw at any time)
  • Legal Obligations: To comply with applicable laws and regulations

CCPA Rights (California Residents):

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: Request information about the personal data we've collected, used, disclosed, or sold
  • Right to Delete: Request deletion of your personal data (with certain exceptions)
  • Right to Opt-Out: Opt out of the "sale" of your personal data (Note: We do not sell personal data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

California Disclosure: We do not sell personal information to third parties. We may share data with service providers as described in this Privacy Policy, but such sharing is not considered a "sale" under CCPA.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Effective Date" at the top of this Privacy Policy
  • Notify you through the App or via email (for material changes)
  • Post a notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of Bach after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR or CCPA-related requests, please include "Privacy Rights Request" in your email subject line.

Last updated: 11/18/2025