Privacy Policy

1. Who we are

"gen8r" ("we", "us", "our") is operated by LiftLogic AI, the data controller for the personal information described in this policy. Our website is gen8r.ai and our application is app.gen8r.ai.

For privacy questions, data-access requests, or to withdraw consent, contact privacy@gen8r.ai.

2. What we collect

You provide directly

• Account — name, email, phone, business name, industry
• Brand — voice, audience, logo, colours, optional face photo for personalised posts
• Connected platforms — channel identifiers (Slack workspace, Telegram chat) and Meta access tokens needed to publish on your behalf
• Content — campaign briefs, captions, scheduled posts, files you upload

Payment

All card data is handled by Stripe. We do not store credit-card numbers — only a Stripe customer ID to manage your subscription.

Collected automatically

• API call logs (model used, tokens, latency) for billing and troubleshooting
• Server logs (IP for rate-limiting, error traces) on a 30-day rolling basis
• Engagement metrics for posts you've published, pulled from Meta Insights

3. How we use it

• Provide the service — generate campaigns, render flyers, source images, schedule and publish posts on your behalf
• Bill you — verify your card via Stripe and process subscription charges
• Communicate with you — send transactional messages (campaign-ready notifications, approval prompts, billing receipts, support replies)
• Operate and improve the platform — debug errors, monitor performance, prevent abuse
• Comply with the law — keep tax records, respond to lawful requests

4. Legal basis for processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, the legal bases for processing your data are:

• Contractual necessity — to provide the service you signed up for
• Legitimate interests — operating, securing, and improving the platform (where these don't override your rights)
• Consent — optional features you opt in to (e.g. personal photo upload)
• Legal obligations — tax recordkeeping, lawful requests

5. Sub-processors

To deliver the service, we share data with the following providers, each under their own privacy and data-processing terms:

• Payment — Stripe
• AI providers (LLMs and image generation) — OpenRouter (which routes to OpenAI, Google, Anthropic), Replicate
• Web search enrichment — Tavily
• Stock images — Pixabay, Pexels, Unsplash
• Publishing — Meta (Facebook, Instagram)
• Inbound channels — Slack, Telegram
• Hosting & infrastructure — Oracle Cloud, MongoDB Atlas, Vercel
• Email — Resend

6. What we don't do

• We do not sell your personal data
• We do not share your data with advertisers for ad targeting
• We do not use your content, photos, or prompts to train AI models
• We do not share data with anyone not listed in the sub-processor section above

7. Personal photos (PersonalPost)

If you upload a face photo to use the personalisation feature, we apply additional safeguards:

• Your photo is stored in our hosting environment (Oracle Cloud Sydney) at a private path keyed to your brand ID.
• It is shared with our image-generation providers (Google Gemini and OpenAI) only when you ask for a personal post or personal flyer.
• Providers receive the photo as a one-shot reference for that single render; they do not retain it for training or future generations.
• You can replace your photo at any time. The new photo replaces the old; previously generated posts retain the photo they were created with.
• You can delete your photo at any time. Deletion removes the file from our storage immediately. Posts already published to Facebook/Instagram remain there until you remove them on those platforms.
• Consent is captured once at first upload and not assumed for replacement uploads. The exact wording is: "I consent to use my photo for AI image generation, deletable anytime, no model training, no third-party sharing beyond image providers."

8. Cookies & tracking

Our marketing site (gen8r.ai) does not use third-party advertising or analytics cookies. We do not run Google Analytics, Facebook Pixel, or similar tracking scripts.

Our application (app.gen8r.ai) sets a session cookie or local-storage token to keep you signed in. This is a strictly necessary cookie for authentication. No other cookies are set.

Where third-party widgets are embedded (e.g. Calendly, Stripe Checkout), those providers may set their own cookies on their own domains. They are governed by their own privacy policies.

9. How long we keep things

• Account and content — kept while your account is active. You can delete individual items or your whole account at any time.
• Personal photos — kept until you delete them or close your account.
• Server logs — 30 days rolling.

10. Your rights

Subject to applicable law, you have the right to:

• Access a copy of the data we hold about you
• Correct data that's inaccurate
• Delete your data
• Export your data in a portable format
• Withdraw consent for processing that relies on consent (such as your personal photo)

Additional rights for EEA / UK residents

• Restrict or object to processing based on legitimate interests
• Withdraw consent at any time without affecting prior lawful processing
• Lodge a complaint with your local data-protection authority

California residents (CCPA / CPRA)

• Right to know — what data we collect, use, and disclose
• Right to delete — request deletion of your personal information
• Right to correct — request correction of inaccurate data
• Right to opt out of sale — note: we do not sell personal information
• Non-discrimination — we will not discriminate against you for exercising your rights

To exercise any of these rights, email privacy@gen8r.ai. We will respond within 30 days. We may need to verify your identity before acting on a request.

Meta data deletion

When you disconnect Gen8r from your Facebook or Instagram account — either by removing Gen8r from your Facebook account settings (Settings → Apps and Websites) or by emailing privacy@gen8r.ai with a request to disconnect Meta — we delete the following within 30 days:

• Your Facebook Page Access Token and Instagram User Access Token
• Your Facebook Page ID and Instagram Business Account ID

We also stop fetching engagement metrics for posts previously published via those connections. Your Gen8r account, Telegram chat connection, Slack workspace, brand kit, and historical post records remain unaffected. To delete those as well, email privacy@gen8r.ai and reference "full account deletion".

11. International data transfers

Our application is hosted in Australia (Oracle Cloud Sydney), but several of our sub-processors are based in the United States or the European Union. Where data is transferred outside the country it was collected in, we rely on the provider's own standard contractual clauses or equivalent safeguards. By using gen8r, you accept that your data may be processed in those jurisdictions.

12. Security

We protect your data with:

• TLS encryption for all data in transit between your browser/bot and our servers
• Encryption at rest in MongoDB Atlas
• Role-based access controls — only the people who need access for support or operations can see your data
• Audit logs for administrative actions on your brand record
• Regular dependency updates and infrastructure patching

No system is perfect. If we ever detect a breach affecting your data, we will notify you and the relevant authority within the timeframes required by law.

13. Children's privacy

gen8r is a business tool. We do not knowingly collect data from anyone under 18, and our service is not intended for use by minors. If you believe a minor has provided us with data, contact privacy@gen8r.ai and we will delete it.

14. Changes to this policy

We will update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to active users by email or in-app notice at least 14 days before they take effect.

15. Contact

Privacy questions: privacy@gen8r.ai
General support: support@gen8r.ai
Operating entity: LiftLogic AI
Website: gen8r.ai