Sapling AI — Privacy Policy

Effective date: June 26, 2026 Version: 2026-06-26

Registered entity: Sapling AI LLC, a Texas limited liability company. This Policy explains what personal information Sapling AI collects, how we use and share it, and the choices and rights you have. It is not legal advice. Keep this file in sync with frontend/lib/legal/bundledPolicies.js, and keep the data table below consistent with the privacy "nutrition label" answers you submit in App Store Connect and the Google Play Data safety form.

This Privacy Policy applies to the Sapling mobile application, websites, and related services (the "Services") provided by Sapling AI LLC ("Sapling AI," "we," "us," or "our"). By using the Services, you acknowledge this Policy. If you do not agree, do not use the Services.

Notice at collection (summary)

We collect the categories of personal information described in the table below to operate the Services, generate AI content, process purchases, keep the Services safe and reliable, and comply with law. Sapling is strictly for users aged 13 and older (see "Children's privacy"). We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising. We do not use third-party tracking for advertising, and we do not track you across other companies' apps or websites. You can request access to or deletion of your information as described in "Your privacy rights."

Information we collect and why

The following table maps what we collect to the data-type categories used by the Apple App Store privacy label and the Google Play Data safety section.

Data category (Apple/Google)Examples we collectWhy we collect itLinked to you?Used for tracking?
Contact info / IdentifiersEmail address, display name, username, user IDCreate and secure your account; communicate with youYesNo
User contentGames, prompts, instructions, images, audio, and related metadata you create or uploadProvide AI generation, save your library, enable publishing/sharing, moderationYesNo
PurchasesSubscription/entitlement status and purchase history from the app stores (we do not receive full payment-card numbers)Provide paid features; prevent fraud and abuseYesNo
Usage dataApp interactions and pseudonymous product-analytics events, app version, language, coarse feature usageUnderstand and improve features and reliabilityPseudonymousNo
DiagnosticsCrash reports, performance and error logs, device type and OS versionDiagnose problems and keep the app stablePseudonymousNo
Identifiers (technical)App-generated installation/device identifiers used for analytics and diagnosticsOperate analytics and diagnostics; rate limiting and abuse preventionPseudonymousNo

We do not intentionally collect precise geolocation, health data, contacts, browsing history across other services, or government-ID numbers. We do not collect biometric identifiers (such as faceprints), and the Services do not perform facial recognition. We do not knowingly collect personal information from children under 13 (see "Children's privacy").

Sources of information

We collect information (a) directly from you (account details and the content and prompts you submit); (b) automatically from your use of the Services (usage, diagnostics, and technical identifiers); and (c) from service providers acting on our behalf (for example, the app stores for purchase and entitlement status).

How we use information

We use personal information to: operate, provide, and maintain the Services; create and manage your account; generate and deliver AI content in response to your prompts; enable features you choose (such as publishing to Explore, sharing, and leaderboards); process purchases and manage entitlements; moderate content and enforce our Terms and Community Guidelines; detect, prevent, and respond to fraud, abuse, security, and safety issues; analyze and improve the Services; communicate with you about your account and changes to the Services; and comply with legal obligations and exercise or defend legal claims.

We do not use your personal information to train our own foundation models on your private content without your consent, and we do not sell your personal information.

AI processing and third-party providers

To generate AI Output, your prompts and related inputs are transmitted to and processed by third-party AI model providers — currently Google, OpenAI, and Anthropic — acting as our processors/service providers under contractual confidentiality and security obligations. They process this data to provide the generation service on our behalf and are not permitted to use your prompts or inputs to train their own publicly available models. We also use contracted service providers for cloud hosting and account services, purchase and subscription management (including the app stores), product analytics, and crash and error diagnostics. We do not send your raw creative prompts to analytics providers. These providers process data on our behalf and are not permitted to use it for their own independent purposes except as allowed by law. A current list of the service providers that process personal information on our behalf is maintained in our Subprocessors document.

How we share information

We do not sell your personal information. We share personal information only:

  • with service providers/processors as described above, under contract;
  • with other users, when you choose to publish a game to Explore, share a game, or post to a leaderboard — in which case the published content, your display name/username, and (for leaderboards) your score may be visible to others;
  • for legal and safety reasons, when we believe in good faith it is reasonably necessary to comply with law or legal process, enforce our Terms, respond to claims, or protect the rights, property, or safety of users, the public, or Sapling AI (including reporting CSAM to NCMEC and/or law enforcement); and
  • in a business transfer, in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Policy.

App tracking and analytics

We do not use the Apple "App Tracking Transparency" tracking permission to track you across other companies' apps and websites, and we do not use advertising trackers such as third-party advertising SDKs or pixels. Our analytics and diagnostics tools are used for our own product improvement and reliability and are not used to build cross-company advertising profiles.

Data retention & deletion

We keep personal information only for as long as necessary for the purposes described in this Policy, using the following general criteria:

DataHow long we keep it
Account & profile (email, display name, user ID)While your account is active; deleted within ~30 days of account deletion, except where law requires longer.
Your content (games, prompts, assets)While your account is active; removed on deletion, except content you published or shared that others have already saved, and routine backups.
Purchase / entitlement recordsAs needed to provide paid features and meet tax, accounting, and anti-fraud obligations (typically several years).
Usage analytics & diagnosticsPseudonymous; retained for a limited period for reliability and product improvement, then aggregated or deleted.
BackupsResidual copies may persist in routine backups for a limited period before being overwritten.
Consent / agreement recordsRetained as evidence of past agreements on a legal-claims basis, and may be kept after account deletion (see below).

You can request deletion of your account and associated data through the in-app account-deletion option where available, or by emailing privacy@thesaplingai.com or support@thesaplingai.com. Step-by-step instructions, including what is deleted or retained, are in our Account & data deletion guide. When you delete your account we delete or de-identify your personal information within a reasonable period, except that we may retain limited information where required or permitted by law — including records that you accepted our policies (which may include the acceptance timestamp, version, and request metadata such as IP address), kept as evidence of a past agreement to establish, exercise, or defend legal claims. After deletion, residual copies may persist briefly in routine backups, and content you published or shared that others have saved may remain available, consistent with our Terms.

Security

We use administrative, technical, and organizational measures designed to protect personal information, including access controls and encryption in transit. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities where and as required by applicable law. If you believe you have found a security vulnerability, please report it responsibly as described in our Security & Vulnerability Disclosure Policy or by emailing security@thesaplingai.com.

International users & transfers

We are based in the United States and may process and store information in the United States and other countries whose data-protection laws may differ from those where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers. By using the Services, you understand your information may be transferred to and processed in the United States.

Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding your personal information: to know/access, correct, delete, obtain a portable copy, restrict or object to certain processing, opt out of "sale"/"sharing" or targeted advertising and certain profiling, and not to be discriminated against or retaliated against for exercising your rights. To exercise any right, contact privacy@thesaplingai.com. We will verify your request (typically via your account email) and respond within the time required by applicable law. You may use an authorized agent where the law allows; we may require verification of the agent's authority. Because we do not sell or "share" personal information for cross-context behavioral advertising, there is no such opt-out to exercise; where applicable, we treat an enabled opt-out preference signal (such as Global Privacy Control) as a valid request and do not engage in the practices it would opt you out of.

  • California (CCPA/CPRA): We describe the categories of personal information we collect, our purposes, and our disclosures above. We do not sell or share personal information as those terms are defined under the CPRA, and we do not knowingly sell or share the personal information of consumers under 16. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit. California residents have the rights to know, delete, correct, and opt out, and the right to non-discrimination.
  • Other U.S. states (including Texas/TDPSA, Virginia, Colorado, Connecticut, Utah, and others): Residents of states with comprehensive privacy laws — including the Texas Data Privacy and Security Act — have rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, sale, and certain profiling. We do not sell personal data or process it for targeted advertising. You may appeal a decision on your request by replying to our response; if your appeal is denied, you may contact your state Attorney General.
  • EEA/UK (GDPR/UK GDPR): Our legal bases for processing are: performance of our contract with you (to provide the Services and process purchases); your consent (where we ask for it, such as optional features); our legitimate interests (to secure, analyze, and improve the Services, and prevent abuse), balanced against your rights; and compliance with legal obligations. You have the rights of access, rectification, erasure, restriction, portability, objection, and to withdraw consent, and you may lodge a complaint with your local supervisory authority.

Children's privacy

Sapling is strictly for users aged 13 and older. The Services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you are under 13, you may not use the Services.

If you are 13 or older but under the age of majority where you live, you may use the Services only with a parent or legal guardian's knowledge, consent, and active supervision.

If you are a parent or guardian and believe your child under 13 has provided us personal information, contact privacy@thesaplingai.com and we will take steps to delete it. Where higher age thresholds apply (for example, under GDPR), those apply instead.

Changes to this Policy

We may update this Policy from time to time. We will revise the version and effective date above and, for material changes, provide additional notice where appropriate (such as an in-app notice).

Contact