Skip to main content

Privacy Policy

Last updated: March 6, 2026

1. Who We Are

Penguin Alley is an AI-powered creative platform operated from Mexico. We use proprietary AI technology to build, deploy, and maintain software applications for our clients worldwide.

2. Information We Collect

We collect information you provide directly:

  • Account information (name, email address, and authentication data)
  • Project details, requirements, and all content you create within your workspace
  • Conversations and messages exchanged with our AI team
  • Payment information (processed securely through Stripe β€” we never store card numbers)
  • Usage data (features used, session duration, pages visited) collected automatically for service improvement

3. How We Use Your Information

  • To provide, operate, and improve our services
  • To process your projects and communicate about their progress
  • To process payments and manage subscriptions
  • To send service updates, security notices, and important announcements
  • To detect and prevent fraud, abuse, and security threats

4. AI Processing & Your Data

Your conversations and project data are processed by AI models (provided by Anthropic) to deliver our service. Your data is NOT used to train AI models. Each project's data is isolated β€” no client can access another client's information. AI-generated code belongs to you upon full payment. We do not share your prompts, conversations, or project content with any third party except as necessary to process them through our AI providers.

5. Data Sharing & Service Providers

We do not sell your data. We share information only with service providers strictly necessary to deliver our services:

  • Anthropic β€” AI processing (conversations and project generation)
  • Stripe β€” Payment processing
  • Vercel β€” Application hosting and deployment
  • Supabase β€” Authentication and database storage
  • Neon β€” Project database provisioning
  • Resend β€” Email communications
  • Cloudflare β€” DNS, security, and content delivery

6. International Data Transfers

Penguin Alley operates from Mexico but uses service providers based in the United States and other countries. Your data may be transferred to and processed in countries outside your country of residence. We ensure all transfers comply with applicable data protection laws and that our service providers maintain adequate security measures.

7. Data Retention & Deletion

We retain your data for as long as your account is active. Upon account deletion, we anonymize your profile data and remove personal information within 30 days. Project files, conversations, and generated code associated with your account are permanently deleted. Backup copies may persist for up to 90 days in encrypted backups before being purged. Data required by law (tax records, transaction history) may be retained longer as required.

8. Your Rights

privacy.s8Text

  • Access, Rectification, Cancellation, and Opposition (ARCO rights) β€” under Mexican law (LFPDPPP)
  • Right to access, correct, delete, and port your data β€” under GDPR (EU/EEA residents)
  • Right to know, delete, and opt out of data sales β€” under CCPA (California residents)
  • To exercise any of these rights, contact us at hello@penguinalley.com. We will respond within 20 business days (LFPDPPP) or 30 days (GDPR/CCPA).

9. Children's Privacy

Penguin Alley is designed for users of all ages. However, users under 18 must have parental or guardian consent to create an account. We do not knowingly collect personal data from children under 13 without verified parental consent. If we discover that we have collected data from a child under 13 without consent, we will delete it promptly.

10. Cookies

We use only essential cookies required for the service to function (authentication, session management, preferences like language and theme). We do not use tracking, advertising, or third-party analytics cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

11. Security Measures

We implement industry-standard security measures including: encryption in transit (TLS/HTTPS) and at rest, access controls and role-based permissions, regular OWASP security audits on all projects, input sanitization and output filtering, rate limiting and abuse prevention, and Content Security Policy (CSP) headers. We conduct regular security reviews and promptly address any vulnerabilities discovered.

12. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email and through a prominent notice on the platform. Continued use after changes constitutes acceptance of the updated policy.

13. Contact & Data Protection Officer

Questions about your privacy or data? Contact our data protection team at hello@penguinalley.com