Privacy Policy

1. Information We Collect

We collect the information you choose to provide, such as:

• Your name and email address
• Your profile information (bio, avatar, etc.)
• Your repositories, organizations, and designs
• Usage data and analytics to improve our service

If you mark any content as private, it will remain private and will not be shared without your permission.

2. Cookies and Tracking

We use essential cookies to make our platform work properly, such as keeping you logged in and remembering your preferences. We don't use advertising or tracking cookies and never sell your data. We may collect limited, privacy-friendly analytics to understand platform usage trends without identifying individuals.

3. How We Use Your Information

We use your information to provide and improve the GeneStream service, including:

• Provide and maintain the GeneStream service
• Communicate with you about your account or updates
• Ensure the security and integrity of the platform
• Improve our features based on usage patterns
• Comply with legal and regulatory requirements

We do not sell or rent your personal information to anyone. We limit our use of your data to providing or improving user-facing features of GeneStream.

4. Third-Party Authentication

GeneStream offers multiple authentication methods including Google, LinkedIn, and passkeys. All authentication is managed through Auth0, our trusted authentication provider.

If you choose to authenticate with Google or LinkedIn, we may access limited profile information as authorized by you, including your name, email address, and profile picture. We use this information solely to:

• Authenticate your identity and create your GeneStream account
• Enable features you request
• Improve GeneStream's functionality and user experience

We do not use OAuth provider data for: targeted advertising, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, personalized or retargeted advertisements, interest-based advertisements, creating unrelated databases, or training AI models.

We do not share, transfer, or disclose data from OAuth providers to third parties except as necessary to provide GeneStream's core functionality or as required by law. We never sell this data.

GeneStream's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

5. Data Security and Access Controls

We implement industry-standard security measures to protect your data. All network communications use HTTPS/TLS encryption, and data is stored in encrypted databases hosted in AWS data centers. Security procedures are in place to protect the confidentiality of your data.

Each organization's repositories are logically isolated and access is strictly limited to authorized users. We monitor access and enforce granular permission controls to safeguard your designs.

6. Data Retention and Your Rights

You have the right to access, correct, export, or delete your data. We store your personal information for the period of time necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. When the data retention period expires, we will securely delete or destroy your data.

Deleting your account removes your private content and personal information from active systems, though backups may persist for a limited period for disaster recovery purposes.

We align with the principles of the GDPR and CCPA and support data subject requests by email at admin@genestream.io. You may request for your data to be deleted by contacting us at this email address.

7. Third-Party Services

We rely on trusted third parties such as AWS (for hosting) and Auth0 (for authentication) to help us provide GeneStream's services. These providers comply with major security frameworks like SOC 2 and ISO 27001. We do not transfer or disclose your information to third parties for purposes other than providing and improving GeneStream's functionality.

8. International Users & Data Residency

By using GeneStream, you consent to the transfer and processing of your data in the United States. Your designs and personal data are stored securely in AWS data centers with encrypted backups.

9. Limitation of Liability

To the maximum extent permitted by law, GeneStream shall not be liable for any indirect, incidental, or consequential damages arising from your use of our service or any data loss or security incidents.

10. Updates to This Policy

We may update this policy from time to time as our platform evolves. If changes are significant, we will notify users by email or in-app notice.