Privacy Policy
Last updated: 2 July 2026
Template notice: this page is a drafting starting point, not legal advice. Replace bracketed placeholders and have it reviewed by a qualified lawyer — particularly if you have users in the EU/UK (GDPR), California (CCPA/CPRA), or other regions with specific privacy statutes, since obligations (e.g. appointing an EU representative, a formal Records of Processing Activities document) depend on where your users and your business are located.
This Privacy Policy explains what data GenClear, operated by [YOUR LEGAL ENTITY NAME] ("we", "us"), collects when you use our watermark-removal service, why we collect it, and the choices you have. It should be read together with our Terms of Service.
1. Who is responsible for your data
[YOUR LEGAL ENTITY NAME], located in [YOUR COUNTRY / ADDRESS], is the data controller for the personal data described below. Contact us at [email protected] for any privacy question or request.
2. Data we collect
Account data
- Email address and, optionally, your name — collected when you register or sign in with Google.
- Password: we store only a salted bcrypt hash, never your plaintext password.
- If you sign in with Google, we receive your Google account ID, email, and name from Google — we do not receive your Google password.
- API keys are stored as a one-way hash; the plaintext key is shown to you once and cannot be recovered by us.
Content you upload
- The video files you upload, and the processed (watermark-removed) output and preview thumbnails generated from them.
- File metadata: original filename, size, duration, resolution, a content hash (SHA-256), and detected watermark type.
Usage and device data
- IP address — used transiently for rate-limiting (e.g. capping anonymous uploads per hour) and abuse prevention.
- Job history: status, progress, processing time, and timestamps for videos you submit.
- Basic technical data sent by your browser (user agent) as part of normal HTTP requests.
Payment data
- If you subscribe to Pro, payment is handled entirely by Stripe. We never see or store your card number. We store only your Stripe customer ID, subscription ID, and subscription status so we can grant Pro access.
Cookies
See the Cookie Policy for the full list of cookies we set.
3. Why we use your data (legal basis)
- To provide the Service — processing your video, maintaining your session, showing your job history. (Contract necessity.)
- To operate a free/paid tier — tracking credits, plan, and subscription status. (Contract necessity.)
- To prevent abuse — rate-limiting by IP, blocking suspicious accounts. (Legitimate interest.)
- To process payments — via Stripe, for Pro subscribers. (Contract necessity.)
- To communicate with you — transactional emails (e.g. password reset), and, where you have agreed, product updates. (Contract necessity / consent.)
- To comply with the law — e.g. responding to lawful requests, or reporting unlawful content we become aware of. (Legal obligation.)
4. How long we keep data
- Uploaded files and processed results: deleted automatically — guest uploads within 24 hours, registered free-tier results within 48 hours, and Pro-tier results as soon as ~1 hour after processing. Deleting a job from your dashboard removes it immediately.
- Deduplication cache: a short-lived cache keyed by a hash of file content (not your identity) lets a re-uploaded identical file return instantly; cache entries are purged after roughly 72 hours.
- Account data: retained while your account is active. If you delete your account, we delete your personal data and remaining files, except where we must retain limited records (e.g. billing records) to meet legal or tax obligations.
- Server logs: retained for a limited operational period for security and debugging, then rotated out.
5. Who we share data with
We share data only with service providers who help us run the Service, under contracts that restrict their use of it:
- Stripe (payments) — processes your subscription and payment details.
- Google (OAuth) — if you choose to sign in with Google.
- Cloudflare (network/tunnel) — routes traffic to our server and provides DDoS protection.
- Video files and processing happen on infrastructure we operate ourselves — we do not send your uploaded video content to any third-party AI or storage provider.
We do not sell your personal data. We may disclose data if required by law, to enforce our Terms, or to protect the rights, property, or safety of GenClear, our users, or the public.
6. International transfers
Some of our service providers (e.g. Stripe, Google, Cloudflare) may process data outside your country, including in the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for such transfers.
7. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data (you can update your name and password from your account page);
- request deletion of your data or account;
- request a portable copy of your data;
- object to or restrict certain processing;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with your local data-protection supervisory authority.
To exercise any of these rights, email [email protected]. We will respond within the time required by applicable law (for example, one month under GDPR, extendable in complex cases).
8. Security
We use industry-standard measures to protect your data, including encrypted password hashing (bcrypt), signed and HTTP-only session cookies, time-limited download links, isolated processing sandboxes with no outbound internet access for uploaded files, and access controls on our infrastructure. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Children's privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, contact us so we can delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here with a new "Last updated" date, and where changes are material, make reasonable efforts to notify registered users.
11. Contact
For any privacy question, request, or complaint, email [email protected].