Effective Date: March 30, 2026
This Privacy Policy explains how Incraft (“Incraft,” “we,” “us,” or “our”), operated by LaunchSpace LLC, collects, uses, discloses, and protects personal information when you visit incraft.io, create AI-generated meditation sessions, sign in, purchase a subscription, or otherwise use our website and related services (collectively, the “Service”).
This Policy applies to anonymous visitors, signed-in users, and paying subscribers. It does not apply to third-party websites, apps, or services that we do not control, even if they are linked from or used with the Service.
Depending on how you use the Service, we may collect the following categories of information:
If you contact us, we collect the information you include in your message, such as your name, email address, and the contents of your request.
We do not ask you to provide medical records, government identification numbers, or precise geolocation data to use the Service. However, because meditation prompts are free text, you may choose to include sensitive or health-related information about stress, sleep, anxiety, or other personal matters. Please avoid including highly sensitive personal information unless it is truly necessary for the meditation you want to generate.
When you request a meditation, we send your prompt and selected generation options to our script-generation provider so a meditation script can be created. The generated script text is then sent to our text-to-speech provider so audio can be rendered. We intentionally do not send your user ID to the script-generation API. Generated audio is stored and delivered through AWS-hosted storage/CDN infrastructure and our audio proxy.
We use cookie-based session technology that is necessary for authentication and secure session management. These cookies help keep you signed in and allow session refresh and account continuity. Based on the current implementation, we do not use third-party advertising cookies and we do not use third-party analytics scripts. If we introduce non-essential cookies or tracking tools in the future, we will update this Policy and, where required, request consent.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we generally process personal data on one or more of the following bases: (a) to perform our contract with you or take steps you request before entering into a contract; (b) for our legitimate interests, such as securing, operating, improving, and supporting the Service; (c) to comply with legal obligations; and (d) with your consent where consent is required by law.
We do not sell personal information, and we do not share personal information with ad networks or for cross-context behavioral advertising.
The Service and our service providers may process information in countries other than your own, including the United States. For example, certain AI, text-to-speech, storage, and delivery services are hosted in AWS us-east-1, and the region for Supabase depends on project configuration. If you access the Service from outside those jurisdictions, your information may be transferred to and processed in countries that may have different data protection laws from those in your home country. Where required, we will use appropriate safeguards for such transfers.
We retain personal information for as long as reasonably necessary to provide the Service, maintain your account, process transactions, enforce limits, resolve disputes, comply with legal obligations, and protect the Service.
We use administrative, technical, and organizational measures designed to protect personal information. These measures include secure authentication and session handling, row-level access controls in our backend, security headers, hashed IP rate-limiting for anonymous users, allowlist-based audio proxying, route protection for restricted areas, and signature verification for Stripe webhooks. No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.
Depending on where you live, you may have privacy rights regarding your personal information. These rights may include the right to access, know about, correct, delete, restrict certain processing of, object to certain processing of, or receive a portable copy of your personal information, subject to applicable exceptions.
If you are a California resident, California law may provide rights such as the right to know, delete, correct, and opt out of the sale or sharing of personal information, subject to certain limitations. Incraft does not sell personal information and does not share personal information for cross-context behavioral advertising.
If you are in the EEA, UK, or Switzerland, you may also have rights to information, access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with your local data protection authority, as provided by applicable law.
We may need to verify your identity before acting on certain requests. Some rights are limited by law and may not apply in every circumstance.
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the Service. If you believe that a child under 13 has provided personal information to us, please contact us so we can investigate and take appropriate action.
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy on the Service and update the Effective Date above. Your continued use of the Service after an updated Policy becomes effective means the updated Policy will apply to your use of the Service, to the extent permitted by law.
Incraft is operated by LaunchSpace LLC.
If you have questions, requests, or concerns about this Privacy Policy or your personal information, you can contact us at: