Carouselly ~ Seamless Carousel Maker

Data & Privacy Policy

Last Updated: February 26, 2026

Welcome to Carouselly. Your privacy is not just a feature; it is the foundation of our service. This Privacy and Data Policy explains how Carouselly (“we”, “us”, or “our”) handles materials you submit while using our seamless carousel maker (the “Service”).

By using Carouselly, you acknowledge and agree to the practices described in this Policy.

1. Our "Privacy by Design" Philosophy

Unlike many social media creative tools, Carouselly is built on a Privacy-First architecture. We believe you shouldn't have to trade your personal identity for high-quality design.

No User Accounts: We do not require registration, passwords, or profiles.
No Personal Identifiers: We do not collect names, email addresses, phone numbers, or social media handles.
No Biometric Data: We do not perform facial recognition or any biometric analysis on your uploaded photos.

2. Types of Data We Process (GDPR Disclosure)

Under the General Data Protection Regulation (GDPR), "Personal Data" is defined broadly. Even though we do not ask for your name, certain technical fragments are processed:

A. Creative Assets (User-Provided Content)

The primary data we handle consists of the images, graphics, and text you voluntarily upload to create your seamless carousels.

Legal Basis: Contractual Necessity (Art. 6(1)(b) GDPR). We process this data solely to fulfill your request to generate a design.

B. Technical Metadata & Server Logs

When you access any website, your browser automatically shares certain information (e.g., your IP Address, browser type, and device info).

Usage: This data is used strictly for security (DDoS protection) and rate-limiting to ensure our service remains stable.
Retention: These logs are typically anonymized or deleted within 30 days.

3. How Your Content is Used

We treat your creative work with total respect. Your uploaded content is used only for the following:

Generating seamless layouts and photo collages.
Rendering final high-resolution exports for Instagram, TikTok, and LinkedIn.
Providing real-time editing previews in your browser.

What we NEVER do:

We do not use your images to train AI or Machine Learning models.
We do not use your content for marketing or advertising.
We do not "claim" any ownership of your designs. You retain 100% of your intellectual property.

4. Data Retention & The 30-Day "Safe Cache"

To ensure a smooth user experience (e.g., so you don't lose your work if you accidentally refresh your browser), Carouselly utilizes a temporary caching system.

Duration: Project files are stored in a secure, temporary cache for up to 30 days.
Automatic Deletion: After 30 days, our system triggers a permanent "hard delete."
Non-Recoverable: Once deleted, these files cannot be recovered by us or you. We do not maintain long-term archives or "hidden" backups.

5. Third-Party Sharing & Sub-Processors

Carouselly does not sell or lease your data to third parties.

We only share data with essential service providers (Sub-processors) required to host the app (e.g., cloud storage providers like AWS or Vercel). These providers are contractually bound to the same high standards of data protection and do not have permission to use your data for their own purposes.

6. Your Rights Under GDPR

Even without a user account, you have rights regarding your data:

Right to Erasure: You may request that we manually delete your cached session data before the 30-day window expires.
Right to Information: You have the right to know exactly what data we hold (as outlined in this policy).
Right to Object: You can stop using the service at any time, which ceases all data processing.

Note: Because we do not link files to names or emails, you must provide your unique Session ID or technical identifiers for us to locate your specific cache.

For privacy-related inquiries or to exercise your data rights, please contact support@cardinalblue.com with 'Carouselly' in the subject line.