Privacy policy

1. Who we are

VOLNARA is a web-based platform that turns natural language into PCB designs using verified circuit templates, layout, and export tools. This policy describes how we handle information when you use our design terminal, API, and related services.

2. What we collect and why

• Account data: When you sign up, we collect your email address, display name, and authentication credentials (managed by Supabase Auth). This is required to provide your account.
• Profile & onboarding data: Profession, how you heard about us, and intended use case. These are optional and used to improve the product.
• Prompts and design data: When you describe a board and generate a design, we process your prompt and the resulting spec (e.g. MCU, power, features), board layout, and export outputs. This is required to run the design engine.
• Usage metrics: We track AI generation counts per billing period to enforce plan limits. We may collect anonymous usage metrics (e.g. feature use, errors) to improve the product.
• Payment data: If you upgrade to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID but never store credit card numbers or payment details directly.

3. How we use your data

We use your data only to provide and improve the service: parsing intent, selecting templates, running layout and routing, generating exports (BOM, CPL, KiCad), enforcing plan limits, and processing payments. We do not sell your designs, prompts, or personal information. We do not train AI models on your private projects unless you have agreed to a separate opt-in.

4. Third-party services

We use the following third-party services to operate:

• Supabase -- authentication and database hosting
• OpenAI -- natural language intent parsing (your prompts are sent to OpenAI's API; see their privacy policy)
• Stripe -- payment processing for paid plans
• Vercel -- frontend hosting and CDN

If you use features that integrate with component distributors (e.g. live BOM pricing), we may send part numbers and quantities to those services. We do not share your full design files with third parties for marketing.

5. Data storage and security

Your data is stored in Supabase-managed PostgreSQL databases with row-level security (RLS) enabled. All data is encrypted in transit (TLS) and at rest. API endpoints are protected with authentication tokens, rate limiting, and input validation. We do not store passwords directly; authentication is handled by Supabase Auth with bcrypt hashing.

6. Your rights (GDPR & global)

Regardless of where you are located, you have the right to:

• Access -- request a copy of all personal data we hold about you.
• Rectification -- update or correct your information at any time from your dashboard or by contacting us.
• Erasure -- request deletion of your account and all associated data. We will process this within 30 days.
• Portability -- export your projects and designs in standard formats (JSON, KiCad, CSV).
• Restrict processing -- request that we stop processing your data while a complaint is resolved.
• Object -- object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@volnara.com. We will respond within 30 days.

7. Data retention

We retain your account data and projects for as long as your account is active. If you delete your account, we will delete all associated data within 30 days. Anonymous, aggregated usage statistics may be retained indefinitely. AI generation counts are reset monthly as part of billing cycles.

8. Cookies

We use essential cookies only: authentication session tokens and your theme preference. We do not use advertising or tracking cookies. No third-party analytics cookies are set.

9. Changes

We may update this policy from time to time. The "Last updated" date at the top will change, and we will post the new version on this page. Continued use of the service after changes means you accept the updated policy.