DESIGNSKILL AGENT
Legal & Transparency

Privacy Policy

Last updated: July 2026. Plain-language transparency on how we process and store data.

01 // DATA COLLECTION

Data We Collect

DesignSkill Agent processes and collects only information directly necessary to provide our web design token extraction services:

  • Target URLs: When you run a scrape job, the headless browser must request and download resources from the live website URL you provide.
  • Extracted Design Styles: We analyze CSS stylesheet rules, inline styling elements, and computed DOM properties. This data is normalized into raw theme variables.
  • Access Request Info: To generate API keys, we collect full name, business email, company name, project title, and intended use-case parameters.
  • Payment Proof Data: For paid top-up bundles, we record the transaction reference number (UTR) and any optional receipt screenshot you upload.

02 // PURPOSE

Why We Process This Data

We process this data for specific, limited purposes matching actual service features:

  • API Authorization: Verifying requests via Bearer tokens to grant access.
  • Quota Enforcement: Atomic deduction of credit balances on scrape/enrich jobs.
  • Troubleshooting & Telemetry: Log files tracking latency, endpoint access, and HTTP status codes to diagnose errors (e.g. cold-boot timeouts or target hostname blockers).

03 // STORAGE

Data Storage & Retention

Our backend database runs on Supabase. We do not store full website scrapes long-term:

  • Scrape Results Cache: Results from your extractions are processed on-the-fly and served directly. We do not maintain a persistent database repository of third-party scraped website assets.
  • Usage Logging: The last 20 requests processed by your active API key are shown in the Developer Portal for troubleshooting. Older usage logs are periodically archived and pruned.
04 // COOKIES

Cookie Usage & Google Analytics

We use Google Analytics 4 (GA4) for anonymous telemetry traffic analysis to understand user engagement:

  • Consent-Mode Default: All analytics tracking remains disabled (`denied` consent state) by default on initial page loads.
  • Opt-In Flow: Explicit acceptance via our cookies banner will save a cookie named dsk_cookie_consent=accepted with a 1-year lifetime (`SameSite=Lax`) and activate tracking.
  • Opt-Out Choice: Declining the cookies prompt sets a dsk_cookie_consent=declined cookie, ensuring tracking scripts remain blocked.
05 // YOUR RIGHTS

User Control & Rights

You maintain full control over your credentials and logs:

  • Key Rotation: You can rotate your API key instantly inside the Developer Portal. This revokes the compromised key immediately and prevents unauthorized usage.
  • Account Deletion: If you wish to revoke your key permanently and wipe your pending application information, contact the operator at or standard support channels.