Privacy Policy

This Privacy Policy explains what data GenWaifu.ai (“we,” “us”) collects when you use the Service, how we use it, and the choices you have. By using the Service you consent to the practices described below.

Account data

• Email address (always, from whichever sign-in method you choose)
• Third-party auth identifiers and display name / avatar (if you sign in with Google, Discord, or X)
• A normalized form of your email used for duplicate-account detection
• Locale preference and a flag indicating whether you have an active Member status

Generation data

• The settings you selected (character, outfit, pose, scene, style, etc.) and the resulting prompt
• The image your generation produced, stored in Cloudflare R2 via Supabase Storage
• Timing metadata (when submitted, how long it rendered) and the GPU it ran on, for operational analytics
• Optional saved presets you create

Payment data

• A record of each credit purchase (amount, pack size, timestamp, Stripe payment intent ID)
• We do not store your card number, CVV, or full billing details — those are collected by Stripe directly

Technical data

• IP address and browser/device info at sign-in and for abuse prevention
• Server logs (request URLs, status codes, timestamps) via Vercel, retained for diagnostic purposes
• Cloudflare Turnstile challenge tokens during signup (used once, then discarded)

• Providing the Service: authentication, running generations, storing and delivering images, billing, supporting Member perks
• Abuse prevention: rate limiting, disposable-email blocking, duplicate-account detection, content-filter enforcement
• Analytics: aggregated render-time and GPU-performance data to optimize routing and cost (never shared with third parties)
• Communications: transactional email related to your account (magic link sign-in, security alerts). We do not send marketing email
• Legal compliance: responding to lawful requests, enforcing our Terms, protecting against fraud

We rely on the following service providers to run the Service:

• Supabase — authentication, database, and file storage. Hosts our users, generation history, and images. Data is stored on Supabase's infrastructure (US-based).
• Cloudflare — DNS, CDN, R2 object storage for image delivery, Access gating for GPU tunnels, Turnstile for bot protection.
• Vercel — web application hosting and request logs. Logs are retained per Vercel's standard policy.
• Stripe — payment processing, tax calculation (Stripe Tax), and dispute handling. Stripe receives your card, billing address, and transaction detail directly; see Stripe's Privacy Policy.
• OAuth Providers (Google, Discord, X) — if you sign in with one of these, they share a unique identifier, your email, and a display name / avatar with us per their policies.
• Vast.ai — rented GPU compute runs your generations. We do not transmit your account identity to Vast; generations run as anonymous prompts.

The Service uses cookies and local storage for essential purposes only: keeping you signed in (Supabase session cookies), remembering your theme / locale preferences, and short-lived state during Stripe checkout. We do not use advertising or cross-site tracking cookies.

• Your account: retained indefinitely until you delete it or we terminate it under the Terms.
• Generated images (non-Member): automatically deleted after 30 days via a daily cleanup job. Images you explicitly publish to the public showcase are retained while your account exists.
• Generated images (Member): retained indefinitely for as long as your account exists.
• Credit ledger: retained indefinitely as the source of truth for balance and billing reconciliation. Append-only — we do not delete historical ledger entries.
• Technical logs: retained per Vercel's default log retention (typically up to 30 days).

You can:

• Access your account data through the in-app profile and gallery views;
• Delete individual generations from My Gallery at any time;
• Request account deletion by emailing genwaifusupport@gmail.com. We will delete your profile and generations within 30 days, subject to retention of minimal records required for tax, fraud, and legal compliance purposes;
• Request a copy of your data via the same email.

If you are in the EU, UK, California, or any jurisdiction granting additional data rights, those rights apply. Email us and we will respond within the legally required window.

GenWaifu.ai is operated from Canada. Our providers operate globally; your data may be processed in the United States, the European Union, or other jurisdictions where our providers run infrastructure. By using the Service you consent to these transfers.

The Service is not directed to children under 18. We do not knowingly collect data from children under 18. If you believe a child has created an account, contact us and we will delete the account.

We use industry-standard safeguards: HTTPS everywhere, Row-Level Security on all user-scoped tables, service-token gating on GPU endpoints, and restricted service roles for administrative operations. No system is perfectly secure; we cannot guarantee that your data will never be compromised, but we will notify affected users of any material breach per applicable law.

We may update this Policy as the Service evolves. Material changes will be marked with a new “Last updated” date at the top. Continued use of the Service after changes constitutes acceptance.

Privacy questions, data requests, or complaints: genwaifusupport@gmail.com.