pretty

Privacy & legal

Privacy Policy

Effective: May 2026

Introduction

p27 Brands GmbH ("we", "us", "our") operates make-pretty, including this website and the related software, APIs, documentation, and services (together, the "Service"). We respect your privacy and are committed to protecting the personal data you share with us.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices and rights you have. It applies whenever you visit our website, create an account, or use make-pretty to generate, edit, or review presentations.

By using the Service, you acknowledge that you have read this notice. If you do not agree with it, please do not use the Service.

Commercial and enterprise use. This Policy describes our practices where we act as a controller of personal data. If your organization (for example, your employer) provides you with access to make-pretty under a separate agreement, that agreement and your organization's instructions may govern how your data is processed, and this Policy may not fully apply to those scenarios.

1. Personal data we collect

1.1 Information you provide directly

  • Account information: identifiers such as your name and email address when you register, sign in, or subscribe to product updates.
  • Payment information: processed by our payment or marketplace partners when you purchase a paid plan. We typically receive limited billing metadata (such as plan, amount, country, and the last four digits of your card) rather than full payment credentials.
  • Inputs and file content: make-pretty is built to edit presentations and related materials. Prompts, slide text, layouts, images, and uploads you submit may contain personal data if you or your organization put it there. We process this content to operate the Service for you.
  • Communications: if you contact us for support, sales, or feedback, we process your contact details and the contents of your messages.
  • Feedback: ratings, bug reports, and suggestions you submit may be stored together with relevant technical context so we can reproduce issues and improve the Service.

1.2 Information we collect automatically

  • Device information: device type, operating system, browser type and version, and similar technical details about the environment you use to access the Service.
  • Log information: IP address, timestamps, request metadata, error logs, and diagnostic data used for reliability, troubleshooting, and security.
  • Usage data: features used, session metadata, and interactions that help us operate and improve the product.
  • Cookies and similar technologies: we and our providers use cookies, local storage, and similar technologies to run the site, keep you signed in, remember preferences, and measure performance. You can manage cookies through your browser settings.
  • Approximate location: derived from your IP address for security, fraud signals, and performance routing. We do not perform continuous or precise GPS tracking.

1.3 Information from third parties

We may receive limited information about you from third parties that help us operate the Service, such as authentication and single sign-on providers, payment and marketplace partners, customer support tools, and security services. We use that information together with the data described above for the purposes set out in this Policy.

1.4 What we do not seek to collect

The Service is not directed to children under the age of 18, and we do not knowingly collect personal data from them. We also do not ask you to provide special categories of personal data (for example, health, biometric, or government-identifier data) in order to use the Service. If you believe we have inadvertently received such information, please contact us and we will take appropriate steps.

2. How we use personal data

We use personal data for purposes including:

  • Providing, maintaining, securing, and debugging the Service;
  • Creating and administering accounts and processing payments or entitlements;
  • Communicating with you about the Service, support requests, and material changes;
  • Detecting, preventing, and investigating abuse, fraud, and violations of our terms;
  • Complying with legal obligations and protecting rights, safety, and property;
  • Improving and developing the Service, including quality, reliability, and safety, consistent with applicable law and any agreements we have with you or your organization.

We may aggregate or de-identify information so that it no longer identifies you, and use it for analytics, research, and product development. We maintain de-identified information in de-identified form except where the law requires otherwise.

Model training. We do not use the content of your prompts, slides, or uploads to train generally available foundation models. Where we use your inputs to evaluate or improve features specific to make-pretty, we do so in accordance with the applicable product settings and in-product notices. Please avoid submitting sensitive personal data into the Service unless you have a clear need to do so.

3. How we disclose personal data

We may disclose personal data:

  • Service providers and subprocessors: hosting and cloud infrastructure, AI model providers, analytics, email and messaging, customer support, security monitoring, payments, and IT vendors who process data on our behalf and under our instructions.
  • Affiliates: entities under common control with p27 Brands GmbH, where relevant to operating the Service.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, or asset sale, subject to appropriate safeguards.
  • Legal and safety: when we believe disclosure is required by law or legal process, or necessary to protect rights, property, or safety.
  • Integrations you enable: if you connect make-pretty to third-party services (for example, your organization's identity provider or storage), we share the information needed to operate that integration with those parties, who then process it under their own terms and privacy policies.
  • With your direction or consent.

We do not sell your personal data, and we do not use it for cross-context behavioural advertising as defined under certain U.S. state privacy laws.

4. Retention

We retain personal data only for as long as needed for the purposes described in this Policy, including providing the Service, security, legal compliance, dispute resolution, and enforcement of agreements. Retention periods vary depending on the data category and applicable legal requirements. When personal data is no longer needed, we delete, erase, or anonymise it in line with applicable law.

5. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, and misuse. These include encryption in transit, access controls, audit logging, and vendor due diligence. No online service is completely secure, however, so please take care with the information you submit and keep your account credentials safe.

6. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export the personal data we hold about you, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at paul@make-pretty.com. We may need to verify your identity before responding to your request.

Automated decisions and profiling: we do not make solely automated decisions that produce legal or similarly significant effects concerning you within the meaning of the GDPR.

7. International data transfers

We may process personal data in Germany, the European Economic Area, the United States, and other countries where we or our service providers operate. Where required, we use appropriate safeguards for transfers outside the EEA and the UK, including the EU Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

8. Legal bases (EEA and UK)

Where the GDPR or the UK GDPR applies, we process personal data on one or more of the following legal bases:

  • Contract (Art. 6(1)(b)) — to provide the Service you request and perform our agreement with you;
  • Legitimate interests (Art. 6(1)(f)) — for example, security, fraud prevention, product improvement, and internal analytics, balanced against your rights and interests;
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable law; and
  • Consent (Art. 6(1)(a)) — where we ask for it for a specific purpose, such as certain cookies or optional communications.

9. Changes to this Privacy Policy

We may update this Policy from time to time. When we do, we will post the revised version on this page and update the effective date above. If the changes are material, we will provide additional notice where required by law. Continued use of the Service after changes take effect indicates that you are on notice of the update.

10. Contact

Questions or concerns about this Privacy Policy or our handling of personal data: paul@make-pretty.com.

Imprint · Terms of Service · Privacy