Privacy Policy

1. Who we are

GenHub ("we," "us") operates the GenHub generators and the GenHub Pro subscription at genhub.pages.dev. For privacy questions, contact support@genhub.pages.dev. For users in the EEA/UK, GenHub is the data controller for the personal data described here.

2. Data we collect

• Nothing, for the free tools. Favicon generation, palette extraction, and static QR codes run entirely in your browser. The images and files you process are not uploaded to or stored on our servers.
• Account email. If you sign in, we store your email address and passwordless sign-in (magic link) tokens, which are hashed and expire after 15 minutes.
• Billing data. If you subscribe to Pro, payments are processed by Stripe. We store your Stripe customer and subscription identifiers and plan status. We never receive or store your full card number.
• Saved content (Pro). Saved palettes and dynamic QR code destinations you create.
• QR scan analytics (Pro). When someone scans your dynamic QR code, we record the time, approximate country/city (from network geolocation), device type, operating system, browser, and referrer. We do not store raw IP addresses — each IP is hashed with a salt that rotates daily, which lets us count unique scans for a day without retaining any personal identifier. No cookies are set on the person scanning.
• Operational logs. Standard request metadata and rate-limiting counters used to keep the service secure and reliable.

3. How we use data and our legal bases

We use the data above to provide and secure the service (performance of our contract with you), to process payments and prevent fraud (legitimate interests and legal obligation), and to produce the aggregate, privacy-first scan analytics that are a core Pro feature (legitimate interests of the code's owner). We do not sell your personal data, and we do not use it for advertising profiling.

4. Service providers (sub-processors)

• Cloudflare — hosting, edge compute, database (D1), and key-value storage. Geolocation of scans is derived from Cloudflare's network data.
• Stripe — subscription billing and payment processing.
• Resend — delivery of sign-in (magic link) emails, once email delivery is enabled.

These providers process data on our behalf under their own terms and security commitments.

5. Data retention

Magic-link tokens expire within 15 minutes. Account, billing, saved-content, and scan-analytics data are kept while your account is active and for as long as needed to provide the service and meet legal/accounting obligations. You can delete your dynamic QR codes and saved palettes at any time; deleting a code also deletes its scan records.

6. Your rights

Depending on where you live (including under the EU/UK GDPR and the CCPA), you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, email support@genhub.pages.dev and we will respond within the time required by law. You also have the right to lodge a complaint with your local data protection authority.

7. International transfers

Our providers may process data in countries other than yours, including the United States. Where required, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses offered by those providers.

8. Security

We use HTTPS everywhere, HttpOnly secure session cookies, hashed sign-in tokens, hashed (never raw) scan IPs, and rate limiting on sensitive endpoints. No system is perfectly secure, but we work to protect your data using reasonable technical and organizational measures.

9. Children

GenHub is not directed to children under 13, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

10. Changes and contact

We may update this policy; the "last updated" date above reflects the latest version. For any privacy request or question, email support@genhub.pages.dev. See also our Terms of Service.