Privacy Policy
Effective: 20 January 2026 | Last updated: 3 February 2026 | Version 2.1
1. Introduction
Plain Language Summary
For Potters:
- We collect your account info, pottery photos, and how you use the app
- We use it to track your pieces, provide AI guidance, and process payments
- If you join a studio, they can see your name, email, photos, and firing history
- We don't sell your data
For Studios:
- We collect your business info, pricing, and bank details (via Stripe)
- We use it to help you manage members, firings, and payments
- You're responsible for how you handle your members' data
- We don't sell your data
Your rights: You can access, correct, or delete your data anytime.
Who We Are
MudBuddy is operated by MudBuddy Pottery Pty Ltd (ABN 87 694 435 491) from Sydney, Australia. MudBuddy is a platform that helps potters track their ceramic pieces and helps pottery studios manage their members and firing services.
Who This Policy Applies To
This policy applies to:
- Potters - Individual users who track pottery pieces and may join studios
- Studios - Businesses that use MudBuddy to manage members and firing services
- Visitors - Anyone who visits our website or marketing pages
2. For Everyone
This section applies to all MudBuddy users.
How to Contact Us
General enquiries: hello@mudbuddypottery.com
Privacy requests: privacy@mudbuddypottery.com
Postal address:
MudBuddy Pottery Pty Ltd
3-5 Cleveland Ave
Surry Hills NSW 2010
Australia
For privacy requests, include "Privacy Request" in your subject line.
Your Rights
All users have the right to:
- Request access to your data
- Request corrections to inaccurate data
- Request deletion of your data
- Withdraw consent for optional data processing
- Export your data in a portable format
- Opt out of analytics and session recordings
To exercise these rights, email privacy@mudbuddypottery.com.
Third-Party Services
MudBuddy uses these services to operate:
| Service | Purpose | Data They Receive | Privacy Policy |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All account data, photos | supabase.com/privacy |
| Stripe | Payment processing | Email, payment details, bank details (studios) | stripe.com/privacy |
| OpenAI | AI photo analysis and guidance | Photos, chat messages, piece details | openai.com/privacy |
| PostHog | Analytics and service improvement | User ID, page views, session recordings (masked) | posthog.com/privacy |
| Resend | Transactional emails | Email address | resend.com/privacy |
| Calendly | Demo booking (website only) | Name, email, timezone | calendly.com/privacy |
Cookies and Tracking
Essential (required):
- Supabase authentication cookies - keep you logged in
- Local storage - remember your preferences
Analytics (help us improve):
- PostHog - tracks page views and records sessions with all text inputs masked
Payments:
- Stripe cookies - set during checkout
Marketing site only:
- Calendly cookies - set on demo booking page
We do not use advertising cookies, Google Analytics, or Facebook Pixel.
You can opt out of analytics in your account settings. Disabling essential cookies will prevent the app from working.
Data Security
We protect your data with:
- Encrypted database storage (Supabase)
- Encrypted data transmission (HTTPS/TLS)
- Secure authentication (PKCE flow)
- Access restricted to authorised team members
No system is 100% secure. We take reasonable measures but cannot guarantee absolute security.
International Data Transfers
Your data may be processed in:
| Location | Services | Data |
|---|---|---|
| Australia | Supabase | Primary database, files, authentication |
| European Union | PostHog | Analytics |
| United States | OpenAI, Stripe | AI processing, payments |
By using MudBuddy, you consent to these transfers.
3. For Potters
This section is specifically for individual potter accounts.
What We Collect About You
Information you provide:
- Account details (email, name, profile photo)
- Unit preferences (metric/imperial, celsius/fahrenheit)
- Your pottery pieces (names, photos, clay body, dimensions, weights, stage details, notes)
- Chat conversations with the AI assistant
- Feedback and feature requests
Information collected automatically:
- How you use the app (pages visited, features used)
- Device and browser information
- Session recordings (with text inputs masked)
If you join a studio:
- Your membership status and join date
- Credit balance at that studio
- Firing submissions (pieces, weights, types)
- Payment history with that studio
How We Use Your Data
| Purpose | Data Used |
|---|---|
| Track your pottery pieces | Piece details, photos, stage information |
| Provide AI guidance | Photos, chat messages, piece context |
| Process payments | Email, piece details, payment amounts |
| Improve the service | Usage patterns, feedback, session recordings |
| Send important emails | Email address |
Photo Privacy Protection
Photos you upload are automatically processed to remove metadata (such as location, device information, and timestamps) before being stored, protecting your privacy. This processing happens on your device before the photo is uploaded.
AI Features and Your Data
When you use AI features:
- Your photos (with metadata removed) and messages are sent to OpenAI for processing
- OpenAI may retain this data for up to 30 days
- OpenAI may use data to improve their services (unless we have an enterprise agreement)
- Your conversation history is stored to maintain context
Subscription and Payments
- Your subscription tier is stored to manage feature access
- Stripe handles all payment card processing - we never see your full card number
- Payment history is retained for tax and legal compliance
Data Retention
| Data | Kept Until |
|---|---|
| Account and profile | You delete your account |
| Pieces and photos | You delete them or your account |
| Chat history | You delete your account |
| Firing history | You delete your account |
| Payment records | 7 years (legal requirement) |
Deleting Your Account
When you delete your account:
- Your profile, pieces, photos, and chat history are permanently deleted
- Historical firing records at studios may be retained for their business records
- Data with third parties (OpenAI, Stripe, PostHog) follows their retention policies
To delete your account, go to Account Settings or email privacy@mudbuddypottery.com.
4. For Studios
This section is specifically for studio business accounts.
What We Collect About Your Business
Information you provide:
- Business details (studio name, city, logo)
- Equipment configuration (kilns, shelves)
- Firing prices and policies
- Bank account details for payouts (collected by Stripe)
Information collected automatically:
- How you use the app (pages visited, features used)
- Session recordings (with text inputs masked)
How We Use Your Business Data
| Purpose | Data Used |
|---|---|
| Display your studio to potters | Name, city, logo |
| Configure firing services | Kilns, shelves, pricing |
| Process payments to you | Stripe Connect account details |
| Improve the service | Usage patterns, session recordings |
Payment Processing (Stripe Connect)
- Stripe collects your bank account and business verification details directly
- MudBuddy never sees or stores your bank account numbers
- Stripe handles all payment compliance (KYC, tax reporting)
- Payout details are visible in your Stripe dashboard
Your Responsibilities for Member Data
When potters join your studio, you become a data controller for certain information. You must:
- Use member data only for providing pottery studio services
- Not sell, share, or export member data to third parties
- Respond to member requests about their data
- Keep member data secure
- Notify us immediately of any data breach
See our Terms of Service for full details on your data handling obligations.
Data Retention
| Data | Kept Until |
|---|---|
| Studio profile | You delete your account |
| Member list and history | You delete your account |
| Firing records | 7 years (legal requirement) |
| Payment records | 7 years (legal requirement) |
If You Close Your Studio
When you close your studio account:
- Your studio profile is deleted
- Active members are removed from your studio
- Historical firing and payment records are retained for legal compliance
- Member data returns to their individual potter accounts
5. When Potters and Studios Interact
This section explains how data flows between potters and studios.
What Studios Can See About Their Members
When a potter joins your studio, you can see:
| Data | Visible | Why |
|---|---|---|
| Full name | Yes | Identify members |
| Email address | Yes | Contact members |
| Profile photo | Yes | Identify members |
| All piece photos | Yes | Track work for firing |
| Piece names and details | Yes | Manage firings |
| Firing history at your studio | Yes | Business records |
| Payment history with you | Yes | Financial records |
| Credit balance | Yes | Manage credits |
You cannot see:
- Their AI chat conversations
- Their subscription status
- Their membership at other studios
- Pieces not submitted to your studio
What Potters Can See About Studios
As a member, you can see:
| Data | Visible |
|---|---|
| Studio name and city | Yes |
| Studio logo | Yes |
| Your credit balance | Yes |
| Your firing history | Yes |
| Firing prices | Yes |
| Other members | No |
| Studio revenue | No |
When a Potter Joins a Studio
When you join a studio:
- A membership record is created linking your account to the studio
- The studio can immediately see your name, email, and profile photo
- As you submit pieces for firing, the studio can see those pieces and photos
When a Potter Leaves a Studio
When you leave a studio:
- Your membership becomes inactive
- Your historical firing records remain visible to the studio (for their business records)
- Your credit balance is frozen (contact the studio for refunds)
- Your personal piece collection remains in your account
- You can rejoin the same studio later
Data Access After Leaving
| Data | Potter Access | Studio Access |
|---|---|---|
| Pieces in potter's collection | Full access | No longer visible |
| Historical firing records | Can view own history | Retained for records |
| Historical payments | Can view own history | Retained for records |
| Credit balance | Visible but frozen | Visible, can process refund |
6. Legal
GDPR Rights (EU Users)
If you're in the European Economic Area, you have additional rights:
- Right to access - Get a copy of your data
- Right to rectification - Correct inaccurate data
- Right to erasure - Delete your data ("right to be forgotten")
- Right to data portability - Receive data in machine-readable format
- Right to object - Object to processing, including session recording
- Right to restrict processing - Limit how we use your data
- Right to withdraw consent - Withdraw consent anytime
Our legal basis for processing:
- Contract performance - Providing the service you signed up for
- Legitimate interest - Improving our service, preventing fraud
- Consent - Marketing emails, session recordings
Australian Privacy Principles
MudBuddy complies with the Australian Privacy Principles under the Privacy Act 1988. Australian users have rights to access and correct their personal information.
Children's Privacy
MudBuddy is not intended for children under 16. We don't knowingly collect data from children under 16. If you believe a child has provided us personal information, contact us and we'll delete it.
Updates to This Policy
We may update this policy. If we make significant changes, we'll notify you by:
- Email (if you have an account)
- Notice on our website
Changes take effect when we update the "last updated" date above. We encourage you to review this policy periodically.
Questions?
Contact us at privacy@mudbuddypottery.com with any questions about this policy.
© 2026 MudBuddy Pottery Pty Ltd. All rights reserved.