Privacy Policy

Last updated: May 26, 2026

ASI Inc. ("we") provides Illustmaker (the "Service"). This policy describes what information we collect when you use the Service, how it is used, and how it is protected.

1. What we collect

The Service is generally usable without any registration. We only collect the following:

  • Access logs: IP address, user agent, referrer URL, request timestamp.
  • Edit data: vector data created in the editor. Stored in your browser's localStorage; never transmitted to our servers automatically.
  • MCP session data: SVG sessions created via the MCP API (kept on our servers for up to 7 days).
  • API key info: email (optional), intended use, IP, UA, request count at the time of key issuance. The key itself is stored as a SHA-256 hash; we do not retain the plaintext.
  • Statistics: total visits, MCP session counts, concurrent users — aggregated anonymously by IP+UA hash.

2. How we use it

  • To provide and operate the Service
  • To prevent abuse and unauthorized access
  • To improve quality and analyze usage
  • To rate-limit / revoke abused API keys
  • To deliver important notices from us (e.g. API spec changes)

3. Retention & deletion

Edit data (browser)Stored only on your device. Never on our servers.
MCP sessionsAuto-deleted 7 days after creation.
Access logsUp to 90 days.
API keysRetained until revoked; hash deleted 30 days after revocation.
StatisticsKept indefinitely (aggregated, non-identifying).

4. Third parties

We do not share collected information with third parties except where required by law.

The Service uses the following third-party services; your use of the Service implies the data processing performed under those providers' terms:

  • Google Analytics 4 (Google LLC) — visitor analytics. Google Privacy Policy
  • Google Fonts — web font delivery

5. Cookies & analytics

We use cookies and localStorage for the following purposes:

  • Theme settings, panel layout, in-progress document save
  • Anonymous analytics via Google Analytics

You may disable cookies / localStorage in your browser settings, but some features (e.g. auto-save) may be limited.

6. MCP API data handling

The MCP API is an interface for AI agents and external systems to operate the Service programmatically. Please note:

  • Design data you send (SVG, text, image URLs etc.) is kept on our servers for up to 7 days.
  • Anyone who knows the session URL (/illustmaker/?s=xxxxxx) can view and edit. Do not send sensitive information.
  • illust.import_from_url fetches external images on the server side and inlines them as data URIs. Private IPs / internal metadata hosts are blocked by SSRF protection.
  • We do not recommend sending personal info (names, phone numbers, etc.) or confidential materials through the API.

7. AI training data

Regarding data received by our servers via the Service (edit sessions, gallery posts, MCP API traffic):

  • We (ASI Inc.) will never use such data to train or fine-tune AI models.
  • We do not share it with third-party AI companies (OpenAI, Anthropic, Google, others).
  • Gallery posts marked public are visible to other users only because the author explicitly chose to publish them, but they are still not used for AI training.

Note: when you use an external AI agent (Claude / ChatGPT / Cursor / Cline etc.) to operate the Service, whether those AI providers use your prompts/outputs for training is governed by each provider's terms. We have no control over that.

8. User rights

You may request disclosure, correction, or deletion of information we hold about you. Please contact us via the channels below.

You can revoke your own API keys at the <code>/illustmaker/api/keys.php</code> endpoint.

9. Changes

We may update this policy as needed. Material changes will be announced on the home page.

10. Contact

For questions about this policy, please reach out via:

OperatorASI Inc.
AddressSetagaya-ku, Tokyo, Japan
Inquiries<a href="https://asi.co.jp/contact/">asi.co.jp/contact</a>