Legal

Privacy policy

Ship Fast (https://demo.ship-fast.io, “we”, “us”) · Effective date: 2026-04-03

1. Who is responsible

The data controller for personal data processed through this service, unless stated otherwise, is

Livio Gamassia

Postal address: supplied on a verified request to hello@ship-fast.io (please send your request from the email address associated with your account, if any).

Privacy and data-protection requests: hello@ship-fast.io

Depending on your location (for example the EEA, UK, Switzerland, India, or US states with privacy laws), you may have additional rights alongside those below. Nothing in this notice limits statutory protections.

2. Summary

Ship Fast is an AI-assisted product for generating website projects from text prompts. We process account data, the content you submit (including prompts and generated files), technical identifiers needed to run and protect the service, and limited analytics. Some processing is carried out by vendors (for example cloud hosting, authentication, payments, and AI inference) strictly to provide the product.

3. What we collect

3.1 Account and authentication

If you sign in, we use Firebase Authentication (Google LLC) and may process your Firebase user ID, email address, and profile details provided by your identity provider (such as Google or GitHub) when you choose those options. If you use email and password sign-in, we process your email address and credentials through Firebase.

3.2 Projects, prompts, and generated output

We store the prompts and other instructions you submit and the generated project files needed to show previews, exports, deployments, and session history. This content is tied to your session and, when you are signed in, to your account.

3.3 Usage, security, and abuse prevention

We process IP addresses, request metadata, timestamps, and similar technical data for rate limiting, fraud prevention, reliability, and automated safety checks on user-submitted text (including logging that a request was blocked, with technical identifiers such as IP and account where available, without retaining the blocked text in security logs by design).

3.4 Analytics

We use Plausible Analytics (demo.ship-fast.io) configured for first-party collection via this site’s endpoint. Plausible is designed to minimise personal data; please see Plausible’s documentation for details.

3.5 Payments

Paid features are processed through Razorpay. We do not receive your full payment card number on our servers; payment data is handled by the payment provider. We receive status information (for example subscription state or credit purchases) through our billing integration and may store it in Google Cloud Firestore associated with your account.

3.6 Optional operations notifications

If we configure an operations webhook (for example Slack), certain events in production may post truncated prompt text and user or billing metadata to that system for monitoring. This is disabled in development by default and only applies when such an integration is enabled.

3.7 AI and media providers

To generate sites and imagery we may send portions of your prompt and derived instructions to model and infrastructure providers (such as Groq, Runpod where configured, and stock providers such as Pexels or Unsplash for image search). Those providers act as further processors and have their own terms and privacy notices.

3.8 GitHub integration

If you connect GitHub, tokens or credentials required for repository actions are handled according to that integration; do not paste secrets into prompts.

4. Why we use data (purposes)

To provide Ship Fast, including creating and displaying your projects and processing exports.
To authenticate you and manage your account, quotas, and entitlements.
To process payments and prevent abuse of billing or promotional programmes.
To secure the service, enforce acceptable use (including automated content rules), and investigate incidents.
To understand aggregate product usage and improve stability and performance.
To comply with legal obligations and respond to lawful requests.

5. Legal bases (EEA, UK, Switzerland, and similar)

Where GDPR-style rules apply, we rely on the following bases as appropriate:

Contract — providing the service you request.
Legitimate interests — security, abuse prevention, product improvement, and proportionate analytics, balanced against your rights.
Legal obligation — where the law requires processing or retention.
Consent — where we expressly ask for it (for example optional communications), which you may withdraw.

We share data with categories of recipients including:

Google (Firebase Authentication, Firestore, and related Google Cloud services)
Razorpay (payments)
Plausible Analytics
AI, GPU, or inference providers (for example Groq, Runpod) and stock imagery APIs (for example Pexels, Unsplash)
Infrastructure and deployment providers that host demo.ship-fast.io and related services
Professional advisers or authorities where required by law

7. International transfers

We and our vendors may process data in Switzerland, the EEA, the United Kingdom, the United States, India, and other countries where service providers operate. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) and can provide more information on request.

8. Retention

We keep personal data only as long as needed for the purposes above, including any legal, accounting, or reporting requirements. Session and project data are kept until you delete them or your account, or until we delete them under our data lifecycle rules. Technical logs may be kept for a shorter operational period.

9. Your rights

Subject to applicable law, you may have the right to:

Access, correct, or delete your personal data
Restrict or object to certain processing
Data portability where technically feasible
Withdraw consent where processing is consent-based
Lodge a complaint with a supervisory authority

To exercise these rights, contact hello@ship-fast.io. We may need to verify your identity before fulfilling a request.

10. Security

We implement technical and organisational measures appropriate to the risk, including access controls and encryption in transit where supported by our providers. No method of transmission over the Internet is completely secure.

11. Children

Ship Fast is not directed at children under the age where parental consent is required in their jurisdiction. We do not knowingly collect personal information from children. Our acceptable-use rules prohibit sexual content involving minors and related abuses; violations may be blocked and logged.

12. Changes

We may update this notice. The effective date at the top will change when we do. For material changes we will provide notice as required by law or through the product.

13. Contact

Questions about this policy: hello@ship-fast.io

Public site: https://demo.ship-fast.io/