Privacy Policy

Last updated: 2/24/2026

1. General Provisions

This Privacy Policy (hereinafter referred to as the "Policy") applies to all information that the GenRoom service, located at genroom.io (hereinafter referred to as the "Service"), may collect about the User while using the Service.

Using the Service constitutes unconditional agreement by the User with this Policy and the terms of processing their personal data.

Personal data processing is carried out in accordance with applicable data protection laws.

2. Definitions

  • Personal Data — any information relating to a directly or indirectly identified or identifiable natural person.
  • Operator — GenRoom, the entity that organizes and carries out the processing of personal data.
  • Processing of Personal Data — any action performed on personal data, including collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, and destruction.
  • Confidentiality of Personal Data — a mandatory requirement for the Operator to prevent the dissemination of personal data without the consent of the data subject.

3. Data We Collect

3.1. During registration and use of the Service, we collect:

  • Email address
  • First and last name (if provided)
  • IP address
  • Cookies and analytics data
  • Generation history (uploaded and generated images)
  • Payment history and credit balance
  • UTM tags from registration source

3.2. Automatically collected data:

  • Browser type and operating system
  • Browser language
  • Date and time of Service access
  • Referring website address
  • Technical device data

4. Purposes of Personal Data Processing

We use personal data for:

  • User identification and providing access to the Service
  • Payment processing and financial record keeping
  • Sending notifications about generation status
  • Technical user support
  • Improving Service quality and developing new features
  • Analyzing Service usage and statistics
  • Preventing fraud and abuse
  • Compliance with applicable laws

5. Legal Basis for Processing

Personal data processing is carried out based on:

  • User consent to personal data processing (registration and use of the Service)
  • Service agreement (Terms of Service)
  • Requirements of applicable law

6. Procedures and Conditions of Personal Data Processing

6.1. Personal data processing is carried out using automated tools and without using such tools.

6.2. Personal data is stored on secure servers using modern encryption and information protection technologies.

6.3. The Operator takes necessary organizational and technical measures to protect personal data from unauthorized access, destruction, modification, blocking, copying, and dissemination.

6.4. Personal data is stored for the period necessary to achieve the processing purposes, but not less than 3 years from the User's last interaction with the Service.

7. Transfer of Personal Data to Third Parties

7.1. We may transfer personal data to the following third parties:

  • Payment systems — for payment processing
  • Email services — for sending notifications
  • Analytics services — for analyzing Service usage
  • Hosting providers — for data storage

7.2. All third parties are required to ensure the confidentiality and security of personal data.

7.3. We do not sell or transfer personal data to third parties for their marketing purposes.

7.4. Personal data may be transferred to government authorities in cases provided for by applicable law.

8. Use of Cookies and Analytics

8.1. The Service uses cookies to ensure website functionality and personalize the user experience.

8.2. Cookies are small text files that are saved on the User's device when visiting the website.

8.3. The User can disable cookies in browser settings, however this may limit Service functionality.

8.4. Web analytics services (Plausible, PostHog, Google Analytics, etc.) may be used to analyze traffic and user behavior.

9. Rights of the Data Subject

The User has the right to:

  • Obtain information about what personal data is being processed
  • Request correction of their personal data
  • Request deletion of their personal data
  • Withdraw consent to personal data processing
  • Receive a copy of their personal data
  • Appeal the Operator's actions to the authorized data protection authority

To exercise your rights, contact: hello@genroom.io

10. Personal Data Security

To protect personal data, we employ:

  • Data encryption in transit (SSL/TLS)
  • Secure password storage (hashing)
  • Restricted access to personal data
  • Regular security audits
  • Data backup
  • Protection against unauthorized access

11. Minors' Data

11.1. The Service is not intended for persons under 18 years of age.

11.2. We do not knowingly collect personal data of persons under 18 years of age.

11.3. If we become aware that personal data of a minor has been collected, we will delete this data immediately.

12. Changes to the Privacy Policy

12.1. The Operator reserves the right to make changes to this Policy without notifying the User.

12.2. The new version of the Policy takes effect from the moment it is posted on genroom.io.

12.3. The current version of the Policy is always available at: genroom.io/privacy

13. Contact Information

For all questions regarding personal data processing, you may contact:

GenRoom

Email: hello@genroom.io