OGImagen

Privacy Policy

Last updated: February 27, 2026

1. Who we are

OGImagen (ogimagen.com) is an AI-powered Open Graph image generator. References to "we", "us", or "OGImagen" in this policy refer to the service and its operators.

2. Information we collect

Account data

When you sign in via Google OAuth or email magic link, we receive your name, email address, and profile picture (Google only). We store this in our database to identify your account.

Generation data

We store the inputs you provide (title, description, brand color) and the generated images in Cloudflare R2 object storage, linked to your account.

Usage data

We track the number of generations you perform per day to enforce plan limits. We use Redis (Dragonfly) for rate limiting counters; these expire automatically at midnight UTC.

Payment data

Payments are handled by Stripe. We never see or store your credit card number. We receive webhook events confirming subscription status.

3. How we use your data

  • To provide and improve the OGImagen service
  • To enforce fair-use rate limits
  • To manage your subscription and billing
  • To send transactional emails (magic link login, billing receipts) — no marketing without your consent

4. Data sharing

We do not sell your data. We share it only with:

  • Google — OAuth authentication
  • Resend — transactional email delivery
  • Stripe — subscription management and payment processing
  • Cloudflare — image storage (R2) and infrastructure
  • Google AI (Gemini) — image generation; your prompts are sent to Google's API for processing

5. Data retention

Generated images and account data are retained while your account is active. You may delete individual generations at any time from the dashboard. To delete your entire account and all associated data, contact us at [email protected].

6. Cookies

We use a single session cookie to keep you signed in (NextAuth.js session token). We do not use tracking or advertising cookies.

7. Your rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data, or to object to certain processing. Contact us at [email protected] to exercise these rights.

8. Security

All data is transmitted over TLS. Passwords are never stored — we use OAuth and magic links only. We follow industry-standard security practices.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the site. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions? Email us at [email protected].