Privacy Policy
Effective: 17 May 2026 | Last updated: 17 April 2026 | Version 2.2
1. Introduction
Plain Language Summary
For Potters:
- We collect your account info, pottery photos, and how you use the app
- We use it to track your pieces, provide AI guidance, and process payments
- If you join a studio, they can see your name, email, photos, and firing history
- We don't sell your data
For Studios:
- We collect your business info, pricing, and bank details (via Stripe)
- We use it to help you manage members, firings, and payments
- You're responsible for how you handle your members' data
- We don't sell your data
Your rights: You can access, correct, or delete your data anytime.
Who We Are
MudBuddy is operated by MudBuddy Pottery Pty Ltd (ABN 87 694 435 491) from Sydney, Australia. MudBuddy is a platform that helps potters track their ceramic pieces and helps pottery studios manage their members and firing services.
Who This Policy Applies To
This policy applies to:
- Potters - Individual users who track pottery pieces and may join studios
- Studios - Businesses that use MudBuddy to manage members and firing services
- Visitors - Anyone who visits our website or marketing pages
2. For Everyone
This section applies to all MudBuddy users.
How to Contact Us
General enquiries: hello@mudbuddypottery.com
Privacy requests: privacy@mudbuddypottery.com
Postal address:
MudBuddy Pottery Pty Ltd
3-5 Cleveland Ave
Surry Hills NSW 2010
Australia
For privacy requests, include "Privacy Request" in your subject line.
Your Rights
All users have the right to:
- Request access to your data
- Request corrections to inaccurate data
- Request deletion of your data
- Withdraw consent for optional data processing
- Request a copy of your data by contacting privacy@mudbuddypottery.com
- Opt out of analytics and session recordings by contacting privacy@mudbuddypottery.com
To exercise these rights, email privacy@mudbuddypottery.com.
How You Access MudBuddy
MudBuddy is available as:
- Web app at app.mudbuddypottery.com
- iOS app (App Store) and Android app (Google Play)
Our mobile apps load the web app in a native container and use the same features and terms. Mobile apps request camera access for QR scanning and photo uploads. Camera data is processed locally. No video or camera feed is sent to our servers. Most app updates deploy via the web without requiring an app store update.
Third-Party Services
MudBuddy uses these services to operate:
| Service | Purpose | Data They Receive | Privacy Policy |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All account data, photos | supabase.com/privacy |
| Stripe | Payment processing | Email, payment details, bank details (studios) | stripe.com/privacy |
| Anthropic | AI photo analysis and guidance | Photos, chat messages, piece details | anthropic.com/privacy |
| PostHog | Analytics and service improvement | User ID, page views, session recordings (masked) | posthog.com/privacy |
| Resend | Transactional emails | Email address | resend.com/privacy |
| Vercel | Web hosting | IP addresses, request metadata | vercel.com/legal/privacy-policy |
| Calendly | Demo booking (website only) | Name, email, timezone | calendly.com/privacy |
Cookies and Tracking
Essential (required):
- Supabase authentication cookies - keep you logged in
- Local storage - preserves your preferences, in-progress firing submissions, camera settings, and selected studio. This data stays on your device and is cleared when you log out
Analytics (help us improve):
- PostHog - tracks page views and app usage events such as when you create a piece, submit for firing, complete a payment, or use the AI chat. These events include context like the type of action but do not include the content of your messages or photos. We also associate your account type, subscription tier, and studio affiliation with your analytics profile to understand how different user segments use the app. A full list of tracked events is available on request
- PostHog session recordings with all text inputs masked
Payments:
- Stripe cookies - set during checkout
Marketing site only:
- Calendly cookies - set on demo booking page
We do not use advertising cookies, Google Analytics, or Facebook Pixel.
Data Security
We protect your data with:
- Encrypted database storage (Supabase)
- Encrypted data transmission (HTTPS/TLS)
- Secure authentication (PKCE flow)
- Access restricted to authorised team members
No system is 100% secure. We take reasonable measures but cannot guarantee absolute security.
International Data Transfers
Your data may be processed in:
| Location | Services | Data |
|---|---|---|
| Australia | Supabase | Primary database, files, authentication |
| European Union | PostHog | Analytics |
| United States | Anthropic, Stripe, Vercel | AI processing, payments, hosting |
By using MudBuddy, you consent to these transfers.
3. For Potters
This section is specifically for individual potter accounts.
What We Collect About You
Information you provide:
- Account details (email, name, profile photo)
- Unit preferences (metric/imperial, celsius/fahrenheit)
- Your pottery pieces (names, photos, clay body, dimensions, weights, stage details, notes)
- Chat conversations with the AI assistant
- Feedback and feature requests
Information collected automatically:
- How you use the app (pages visited, features used)
- Device and browser information
- Session recordings (with text inputs masked)
If you join a studio:
- Your membership status and join date
- Credit balance at that studio
- Firing submissions (pieces, weights, types)
- Payment history with that studio
If you take pottery classes:
- Class enrollment details
- Class piece submissions
- Attendance records visible to your teacher
How We Use Your Data
| Purpose | Data Used |
|---|---|
| Track your pottery pieces | Piece details, photos, stage information |
| Provide AI guidance | Photos, chat messages, piece context |
| Process payments | Email, piece details, payment amounts |
| Improve the service | Usage patterns, feedback, session recordings |
| Send important emails | Email address |
Photo Privacy Protection
Photos you upload are automatically processed to remove metadata (such as location, device information, and timestamps) before being stored, protecting your privacy. This processing happens on your device before the photo is uploaded.
AI Features and Your Data
When you use AI features:
- Your photos (with metadata removed) and messages are sent to Anthropic for processing
- When you ask MudBuddy AI a question, it may look up your pottery data (piece names, stages, materials, firing history, credit balance) to provide relevant answers. This data is sent to Anthropic as part of the conversation. The AI can only access your own data, never other users' data
- Anthropic does not use your content to train AI models
- Anthropic retains data for up to 30 days for safety and abuse monitoring only
- Your conversation history is stored to maintain context
Subscription and Payments
- Your subscription tier is stored to manage feature access
- Stripe handles all payment card processing - we never see your full card number
- Payment history is retained for tax and legal compliance
Studio Credit Purchases
When you purchase studio credit:
- Credit purchases generate payment records processed by Stripe
- Credit ledger entries contain a "reason" field which may include context provided by the studio (e.g. "Birthday gift")
- Financial records (credit ledger, payment history) are retained for 7 years to meet Australian tax/audit requirements, even after account deletion. This data is anonymised on deletion but not erased
Plain language summary of studio credit: When you buy studio credit, you're purchasing store credit issued by the studio through our platform. The studio holds and honors the credit, while we process the payment.
Data Retention
| Data | Kept Until |
|---|---|
| Account and profile | You delete your account |
| Pieces and photos | You delete them or your account |
| Chat history | You delete your account |
| Firing history | You delete your account |
| Payment records | 7 years (legal requirement) |
Deleting Your Account
When you delete your account:
- Your profile, pieces, photos, and chat history are permanently deleted
- Financial records (firing payments, credit transactions) are retained for 7 years to meet Australian tax requirements. These records are anonymised: your name and email are removed, but transaction amounts and dates are preserved for the studio's business records
- Data with third parties (Anthropic, Stripe, PostHog) follows their retention policies
To delete your account, go to Account Settings or email privacy@mudbuddypottery.com.
4. For Studios
This section is specifically for studio business accounts.
What We Collect About Your Business
Information you provide:
- Business details (studio name, city, logo)
- Equipment configuration (kilns, shelves)
- Firing prices and policies
- Bank account details for payouts (collected by Stripe)
Information collected automatically:
- How you use the app (pages visited, features used)
- Session recordings (with text inputs masked)
How We Use Your Business Data
| Purpose | Data Used |
|---|---|
| Display your studio to potters | Name, city, logo |
| Configure firing services | Kilns, shelves, pricing |
| Process payments to you | Stripe Connect account details |
| Improve the service | Usage patterns, session recordings |
Payment Processing (Stripe Connect)
- Stripe collects your bank account and business verification details directly
- MudBuddy never sees or stores your bank account numbers
- Stripe handles all payment compliance (KYC, tax reporting)
- Payout details are visible in your Stripe dashboard
Studio Insights and Analytics
Studios can view aggregated insights about member activity, including submission patterns, piece counts, and usage trends. These insights help studios manage their operations. Individual member activity is visible to the studio as part of the membership relationship.
Your Responsibilities for Member Data
When potters join your studio, you become a data controller for certain information. You must:
- Use member data only for providing pottery studio services
- Not sell, share, or export member data to third parties
- Respond to member requests about their data
- Keep member data secure
- Notify us immediately of any data breach
See our Terms of Service for full details on your data handling obligations.
Data Retention
| Data | Kept Until |
|---|---|
| Studio profile | You delete your account |
| Member list and history | You delete your account |
| Firing records | 7 years (legal requirement) |
| Payment records | 7 years (legal requirement) |
If You Close Your Studio
When you close your studio account:
- Your studio profile is deleted
- Active members are removed from your studio
- Historical firing and payment records are retained for legal compliance
- Member data returns to their individual potter accounts
5. When Potters and Studios Interact
This section explains how data flows between potters and studios.
What Studios Can See About Their Members
When a potter joins your studio, you can see:
| Data | Visible | Why |
|---|---|---|
| Full name | Yes | Identify members |
| Email address | Yes | Contact members |
| Profile photo | Yes | Identify members |
| All piece photos | Yes | Track work for firing |
| Piece names and details | Yes | Manage firings |
| Firing history at your studio | Yes | Business records |
| Payment history with you | Yes | Financial records |
| Credit balance | Yes | Manage credits |
You cannot see:
- Their AI chat conversations
- Their subscription status
- Their membership at other studios
- Pieces not submitted to your studio
Pottery Classes
When a studio creates pottery classes:
- Teachers can see enrolled student names, email addresses, and class piece data
- Students see only the teacher's name
- Class pieces are visible to the teacher and studio staff
- Studios remain the data controller; teachers act under the studio's authority
- When a student drops out, pieces remain in the student's account but the class association is removed
When a studio designates a teacher for a class, the teacher has access to enrolled student names, email addresses, and class piece data under the studio's direction.
What Potters Can See About Studios
As a member, you can see:
| Data | Visible |
|---|---|
| Studio name and city | Yes |
| Studio logo | Yes |
| Your credit balance | Yes |
| Your firing history | Yes |
| Firing prices | Yes |
| Other members | No |
| Studio revenue | No |
When a Potter Joins a Studio
When you join a studio:
- A membership record is created linking your account to the studio
- The studio can immediately see your name, email, and profile photo
- As you submit pieces for firing, the studio can see those pieces and photos
When a Potter Leaves a Studio
When you leave a studio:
- Your membership becomes inactive
- Your historical firing records remain visible to the studio (for their business records)
- Your credit balance is frozen (contact the studio for refunds)
- Your personal piece collection remains in your account
- You can rejoin the same studio later
Data Access After Leaving
| Data | Potter Access | Studio Access |
|---|---|---|
| Pieces in potter's collection | Full access | No longer visible |
| Historical firing records | Can view own history | Retained for records |
| Historical payments | Can view own history | Retained for records |
| Credit balance | Visible but frozen | Visible, can process refund |
6. Legal
GDPR Rights (EU Users)
If you're in the European Economic Area, you have additional rights:
- Right to access - Get a copy of your data
- Right to rectification - Correct inaccurate data
- Right to erasure - Delete your data ("right to be forgotten")
- Right to data portability - Receive data in machine-readable format
- Right to object - Object to processing, including session recording
- Right to restrict processing - Limit how we use your data
- Right to withdraw consent - Withdraw consent anytime
Our legal basis for processing:
- Contract performance - Providing the service you signed up for
- Legitimate interest - Improving our service, preventing fraud
- Consent - Marketing emails, session recordings
Australian Privacy Principles
MudBuddy complies with the Australian Privacy Principles under the Privacy Act 1988. Australian users have rights to access and correct their personal information.
Children's Privacy
MudBuddy is not intended for children under 16. We don't knowingly collect data from children under 16. If you believe a child has provided us personal information, contact us and we'll delete it.
For pottery classes that include participants under 16, those participants must use the studio's physical systems rather than creating app accounts. Studios are responsible for managing any data about minor participants according to their own policies.
Updates to This Policy
We may update this policy. If we make significant changes, we'll notify you by:
- Email (if you have an account)
- Notice on our website
Changes take effect when we update the "last updated" date above. We encourage you to review this policy periodically.
Questions?
Contact us at privacy@mudbuddypottery.com with any questions about this policy.
© 2026 MudBuddy Pottery Pty Ltd. All rights reserved.