Privacy Policy

Last updated: April 27, 2026

1. Introduction

genvi Labs ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use genvi ("the Service"), a node-based AI creative studio platform.

By using genvi, you consent to the practices described in this Privacy Policy. If you have questions, contact us at privacy@genvi.co.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name (optional, when provided)
  • Profile avatar (optional)
  • Account creation date
  • Authentication method (email/password or Google SSO)

2.2 API Keys

As a BYOK (Bring Your Own Key) platform, you may provide API keys for third-party AI providers (Google AI, xAI, etc.). These keys are:

  • Encrypted at rest using AES-256 via Supabase Vault (pgsodium)
  • Only decrypted server-side during active API calls
  • Never transmitted to or stored in your browser
  • Never logged or accessible to our staff in plaintext

2.3 Content and Files

We store the following content you create or upload:

  • Project files (workflow definitions, node configurations, connections)
  • Uploaded media (images, videos, audio files)
  • AI-generated outputs (images, videos, text, audio)
  • Folder structures and organizational metadata
  • Text prompts and input parameters

2.4 Usage Data

We collect information about how you use the Service:

  • Log data (IP address, browser type, operating system, access times)
  • Feature usage statistics (nodes created, workflows executed)
  • Error logs and performance metrics
  • Storage utilization metrics

2.5 Payment Information

For paid subscriptions, we use third-party payment processors (Stripe). We do not store full credit card numbers. We retain billing address, transaction history, and subscription status.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process and execute your workflow requests
  • Store and retrieve your projects and files
  • Authenticate your identity and secure your account
  • Communicate with you about service updates, security alerts, and support
  • Monitor usage patterns and detect abuse or security threats
  • Process payments and manage subscriptions
  • Comply with legal obligations

4. How We Protect Your Information

4.1 Encryption

  • All data transmitted between your browser and our servers uses TLS 1.3 encryption
  • API keys are encrypted at rest using Supabase Vault with AES-256
  • Database connections are encrypted and authenticated
  • Stored files are encrypted in cloud storage (Supabase Storage)

4.2 Access Controls

  • Row-level security (RLS) policies enforce that users can only access their own data
  • Multi-factor authentication available for account security
  • Staff access to production data is limited and logged

4.3 Data Residency

Data is stored in Supabase, which uses AWS infrastructure. By default, data is stored in the region configured for your Supabase project (typically US-East).

5. Information Sharing

We do not sell your personal information. We share data only in the following circumstances:

5.1 Third-Party AI Providers

When you execute a workflow, we transmit your prompts and API credentials to the relevant AI providers (Google AI, xAI, etc.) to generate content. This transmission:

  • Uses your provided API keys
  • Is necessary for the Service to function
  • Is subject to the AI provider's privacy policies

5.2 Service Providers

We use trusted third parties for:

  • Cloud hosting and storage (Supabase)
  • Payment processing (Stripe)
  • Authentication services (Google OAuth)
  • Analytics (anonymous usage data)

5.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

6. Your Rights and Choices

6.1 Access and Export

You can access and export your data at any time:

  • Download individual files from the File Repository
  • Export workflows as JSON files
  • Request a full data export by contacting support

6.2 Correction and Deletion

You can:

  • Update account information in Settings
  • Delete files, projects, or folders at any time
  • Delete your entire account (permanent deletion within 30 days)
  • Revoke or rotate API keys in Settings

6.3 Marketing Communications

You can opt out of marketing emails at any time by clicking the unsubscribe link or contacting us. We may still send service-related communications.

7. Data Retention

We retain your data as follows:

  • Active Accounts: Data is retained indefinitely while your account is active
  • Deleted Content: When you delete files or projects, they are permanently removed immediately
  • Account Deletion: Upon account deletion, all personal data is removed within 30 days
  • Backups: Backup data may be retained for up to 90 days for disaster recovery
  • Logs: System logs are retained for 90 days, then anonymized or deleted

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management (essential)
  • Storing UI preferences (e.g., sidebar state)
  • Analytics to improve the Service (non-identifying)

We do not use third-party advertising cookies or tracking pixels for ad targeting.

9. Children's Privacy

genvi is not intended for users under 13 years of age (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately at privacy@genvi.co.

10. International Transfers

If you are accessing genvi from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We comply with applicable data protection laws including GDPR for EU users.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions, requests, or concerns:

  • Email: privacy@genvi.co
  • Data Protection Officer: privacy@genvi.co
  • Response time: Within 30 days

13. California Privacy Rights (CCPA)

California residents have the following rights under the CCPA:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or shared (we do not sell personal information)
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@genvi.co.

14. GDPR Compliance (EU Users)

For users in the European Economic Area (EEA), we comply with GDPR requirements:

  • Legal Basis: We process data based on contract performance (providing the Service) and consent
  • Data Subject Rights: You have rights to access, rectify, erase, restrict processing, and data portability
  • Withdrawal of Consent: You may withdraw consent at any time (may affect Service functionality)
  • Complaints: You may lodge complaints with your local data protection authority

Our representative for EU data protection matters can be contacted at privacy@genvi.co.