Slancio

Privacy Policy

Effective date: April 2026

1. Who we are

Slancio (“we”, “our”, “us”) is an AI-powered ad creation platform built for solo developers and indie hackers. Our website is slancio.io. For any privacy-related questions, contact us at privacy@slancio.io.

2. Data we collect

We collect only what is necessary to provide the service:

  • Account information (email address). When you sign up, your email address is collected and managed by Clerk, our authentication provider. We receive your email solely for account identification and transactional communications. We never sell it or share it with advertisers.
  • API keys (Bring Your Own Key). If you choose to provide API keys for third-party AI providers (OpenAI, Anthropic, Runway, etc.), those keys are stored encrypted at rest using AES-256 encryption. Keys are never logged, never transmitted to third parties, and are decrypted only in server memory at the moment they are needed to call the respective provider on your behalf. We do not inspect, audit, or retain the keys in plaintext at any time.
  • Usage data. We collect anonymised telemetry such as feature interactions, error rates, and session durations to understand how the product is used and how to improve it. This data does not contain personally identifiable information.
  • Technical data. Standard server logs (IP address, browser type, referring URL) may be retained for security and debugging purposes for up to 30 days, after which they are automatically deleted.

3. Authentication — Clerk

Authentication is handled by Clerk. When you create an account or sign in, Clerk manages the login flow, session tokens, and secure storage of your credentials. Please review Clerk's Privacy Policy to understand how your authentication data is handled.

4. Payments — Stripe

Subscription payments are processed by Stripe. When you upgrade your plan, you are redirected to a Stripe-hosted checkout page. Slancio never sees, stores, or processes your card number or any other payment credentials. All payment data is handled exclusively by Stripe in accordance with their PCI-DSS compliance program. Please review Stripe's Privacy Policy for details on how payment data is processed.

5. Bring Your Own Key (BYOK) — security detail

The BYOK model is central to Slancio's architecture. Your API keys are your most sensitive credentials, and we treat them accordingly:

  • Keys are encrypted with AES-256 before being written to the database.
  • The encryption key is managed separately from the database and never stored alongside user data.
  • Decryption happens only in server memory, immediately before an API call is dispatched to the third-party provider, and the plaintext key is not persisted after the call completes.
  • Keys are never included in application logs, error traces, or analytics events.
  • Keys are never shared with any party other than the AI provider you designated.

6. How we use your data

We use the data we collect to:

  • Create and maintain your account.
  • Provide and improve the Slancio platform and its features.
  • Send you transactional emails (account activation, billing receipts, important product changes).
  • Monitor and fix security vulnerabilities and bugs.
  • Comply with legal obligations where required.

We do not use your data to train third-party AI models, show you targeted advertising, or sell it to data brokers.

7. Data sharing and third parties

We do not sell, rent, or trade your personal data to any third party. Data is shared only with the sub-processors necessary to operate the service (Clerk for authentication, Stripe for payments, and the AI providers you explicitly configure in your settings). Each sub-processor is bound by contractual obligations to protect your data.

8. Data retention

We retain your account data for as long as your account is active. If you delete your account, your personal data (email, API keys, and generated content) is permanently deleted within 30 days. Anonymised aggregated analytics data may be retained indefinitely as it cannot be linked back to you.

9. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email us at privacy@slancio.io. We will respond within 30 days.

10. Cookies

We use only strictly necessary cookies required for authentication sessions. We do not use advertising or tracking cookies. No consent banner is required for these functional cookies as they are essential to the operation of the service.

11. Changes to this policy

If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. The “effective date” at the top of this page will always reflect the most recent version.

12. Contact

For privacy-related questions or requests, email privacy@slancio.io.