Cenate
Join Early Access
Privacy

Privacy Policy

Cenate's current data-handling draft for accounts, prompts, uploads, previews, and cookies.

Last updated: May 8, 2026. This page is a product draft based on the current implementation and should receive legal review before production publication.

Core data

Account, prompts, uploads, previews

Current providers

Google, GitHub, Resend, Postgres, Blob, Redis, AI APIs

Cookie stance

Essential by default, optional categories managed per device

Overview

Cenate provides tools for generating, editing, previewing, and publishing web experiences from natural-language prompts, uploaded assets, and workspace activity. This Privacy Policy explains how Cenate collects, uses, stores, and discloses information when you use the website, workspace, authentication flows, and related services.

This policy is based on Cenate's current product implementation and infrastructure as reflected in the live codebase on May 8, 2026. It should be reviewed by legal counsel before being treated as a final production legal instrument.

Information We Collect

  • Account and identity data, including email address and sign-in details when you use email magic links, Google, or GitHub authentication.
  • Workspace content, including prompts, generated code, chat history, uploaded files, public-site submissions, preview images, and project metadata.
  • Technical and operational data, including IP address, browser and device data, timestamps, security logs, and rate-limiting events.
  • Billing and infrastructure-related records if Cenate later enables paid features, hosted previews, storage, or additional provider-backed services.

How Cenate Uses Information

  • To create and secure accounts, authenticate sessions, and restore access to workspaces.
  • To process prompts, generate site outputs, store project artifacts, and support preview, save, and public-site flows.
  • To maintain platform reliability, investigate abuse, enforce rate limits, and debug generation or upload failures.
  • To improve product quality, evaluate feature usage, and support future operational analytics subject to applicable consent requirements.

Service Providers and Infrastructure

Cenate currently relies on a set of third-party service providers to deliver core product functionality. Based on the current application implementation, these may include Auth.js and identity providers such as Google, GitHub, and Resend for authentication; PostgreSQL for structured application data; Vercel Blob for uploaded assets and preview images; Redis for rate limiting; and AI providers such as OpenAI for generation workflows where enabled.

When you use Cenate, some information is transmitted to or processed through these providers as necessary to deliver the requested service. Their handling of data is governed by their own privacy and security commitments in addition to Cenate's internal controls.

Prompts, Uploads, and AI Processing

  • Prompts, uploaded images, attachments, and related workspace instructions may be processed to generate websites, edits, and previews.
  • Generated outputs and supporting artifacts may be stored in your workspace so Cenate can support save, load, preview, and history features.
  • Cenate should not be used to upload sensitive regulated data unless and until the service expressly supports that use case.
  • Cenate does not represent this draft policy as granting unrestricted rights to use customer content for general-purpose model training outside product operation, debugging, and improvement workflows expressly enabled by the service.

Cookies and Similar Technologies

Cenate uses cookies or similar local-device storage for core functions such as authentication, session continuity, interface preferences, and consent choices. Depending on how the product evolves, Cenate may also use analytics or campaign-measurement technologies. Where required by law, Cenate will seek consent before enabling non-essential categories.

The in-product cookie panel allows you to acknowledge essential usage, manage optional preferences on the current device, and opt out of analytics or marketing-style preferences where available. Disabling non-essential categories may reduce personalization or limit Cenate's ability to measure feature performance.

How Information May Be Shared

  • With infrastructure and service providers that process information on Cenate's behalf.
  • With public visitors where you intentionally publish or submit content through a public-site flow.
  • When required by law, legal process, or a good-faith belief that disclosure is necessary to protect Cenate, its users, or the public.
  • As part of a business transfer, financing, merger, or asset sale involving all or part of the service.

Retention

Cenate retains information for as long as reasonably necessary to operate the product, preserve workspace continuity, enforce security controls, resolve disputes, and satisfy legal obligations. Different categories may be retained for different periods depending on whether they relate to authentication, uploads, logs, generated projects, or public-site submissions.

Because this is a draft policy grounded in the current codebase rather than a finalized retention schedule, Cenate should publish more precise retention windows once operational and legal requirements are fully defined.

Your Choices and Privacy Rights

  • You may request access to, correction of, or deletion of personal data that Cenate controls, subject to legal and operational exceptions.
  • You may manage optional cookie preferences on the device where the banner is shown.
  • If Cenate activates marketing or targeted-advertising technologies in the future, Cenate will honor applicable opt-out obligations under relevant privacy laws.
  • If you are located in a jurisdiction with additional rights, Cenate intends for this policy to be interpreted in a manner consistent with those mandatory protections.

Security

  • Cenate uses reasonable technical and organizational measures designed to protect accounts, stored project data, authentication flows, and uploaded files.
  • These measures may include access controls, provider-managed infrastructure protections, security logging, and service-level abuse controls such as IP rate limiting.
  • No internet service can guarantee absolute security, and users remain responsible for the information they choose to upload or publish.

Children's Privacy

Cenate is not intended for children under the age required by applicable law to form a binding contract for online services in their jurisdiction. If Cenate learns that personal data was collected from a child without appropriate authorization, Cenate will take reasonable steps to delete it.

Changes to This Policy

Cenate may revise this Privacy Policy as the product, infrastructure, or legal obligations change. When material updates are made, Cenate should update the effective date and provide additional notice where required.

Contact

For privacy-related questions or requests, contact the Cenate team through the support channels made available with the service. If Cenate publishes a dedicated privacy contact address in the future, this section should be updated to reflect it.