‹div›RIOTS logo

anything.to.design - Privacy Policy

Last Updated: May 12th, 2026

1. Introduction

Welcome to anything.to.design (“we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the anything.to.design website, the anything.to.design API, and related services (collectively, the “Service”).

2. Information We Collect

2.1 ‹div›RIOTS ONE Account

Both the anything.to.design web application and the anything.to.design API are accessed through a ‹div›RIOTS ONE account, which is shared across DIV-RIOTS products. When you register, we collect:

  • Identity Data: Email address.
  • API Keys: API Keys you generate from your ‹div›RIOTS ONE dashboard.

2.2 Billing Information

When you subscribe to a ‹div›RIOTS ONE plan or purchase an extra credit pack, our payment processor collects your payment details (e.g., credit card information). We do not store your payment information directly. We retain billing metadata (plan tier, billing cycle, credit balance, and invoice history) on your ‹div›RIOTS ONE account.

2.3 Usage and Technical Data

We automatically collect certain technical data when you use the Service, including:

  • Log Data: IP address, browser type, operating system, and access times.
  • API Telemetry: API Key identifier (not the secret), endpoint accessed, request size, response status, and timing — used for rate limiting, billing, and abuse prevention.
  • Analytics Data: Anonymous usage statistics to help us improve the Service.

2.4 Input Data (The Files You Send for Processing)

In the course of using the Service — through the website or the API — you send us files, documents, images, or other content (“Input Data”) to be converted into visual design data.

  • Processing: We process this Input Data solely for the purpose of generating the requested design output.
  • Storage: We practice data minimization. Input Data is processed in memory or ephemeral storage and could be retained for up to 24 hours for debugging purposes, after which it is permanently deleted.
  • AI Training: We do not use your Input Data to train public AI models.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To authenticate your account or API Key and perform the requested file conversions.
  • Support: To respond to your inquiries and troubleshoot website or API errors.
  • Improvement: To analyze usage trends and improve the accuracy and performance of our conversion engines.
  • Billing and Abuse Prevention: To meter usage, enforce rate limits, and detect abuse of the API.

4. How We Share Information

We do not sell your personal data or the Input Data you provide.

We share information only in the following situations:

  • Service Providers (Sub-processors): cloud servers, payment processing, and authentication. See the DPA for the current list.
  • Legal Obligations: If required to do so by law or in response to valid requests by public authorities.

5. Data Retention

  • Account Data: Retained as long as your account is active or as needed to provide you with the Service.
  • Input Data: Files submitted through the website or the API could be retained for up to 24 hours after the conversion for debugging purposes, then permanently purged from our systems.
  • API Telemetry: Retained for 2 years for billing, security, and operational analytics.

6. Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. This includes encryption of data in transit (HTTPS), secure management of API keys, and access controls on production infrastructure.

7. Your Data Protection Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

  • Access: The right to request copies of your personal data.
  • Rectification: The right to request that we correct any information you believe is inaccurate.
  • Erasure: The right to request that we erase your personal data (“Right to be Forgotten”).
  • Portability: The right to request that we transfer your data to another organization.

To exercise these rights, please contact us at [email protected].

8. International Transfers

Our processing servers are located in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information.

9. Data Processing Agreement (DPA)

If you are a business customer — in particular if you use the anything.to.design API on behalf of a company — and your use of the Service requires a Data Processing Agreement (DPA) to comply with the GDPR or CCPA, you can review our standard DPA here.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and will be effective as soon as it is accessible.

11. Contact Us

If you have questions or comments about this policy, you may contact us at:

  • Email: [email protected]
  • Address: DIV-RIOTS, 32 rue de Paris, 92100 Boulogne-Billancourt, France