Legal

Privacy Policy

Effective April 19, 2026

1. Who We Are

genface (“we”, “us”, “our”) operates the website genface.art and the AI content-pack generation service offered through it. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have.

2. Data We Collect

When you place an order we collect:

  • · Contact data — email address provided at checkout.
  • · Uploaded face image(s) — used to generate your pack.
  • · Order data — selected scenes, pack configuration, order ID, timestamps, payment status.
  • · Payment metadata — we do not store full card numbers; processors return a transaction ID and status.
  • · Technical data — IP address, user-agent, and standard server logs.

3. How We Use Data

  • · to generate and deliver your pack;
  • · to process payments and send order confirmations;
  • · to provide customer support;
  • · to prevent fraud, abuse, and violations of our Terms;
  • · to comply with legal obligations and respond to lawful requests.

4. Legal Basis

We process data on the basis of: performance of the contract between us, our legitimate interest in operating and securing the Service, and your consent where required (e.g. for the processing of your uploaded face image).

5. Third-Party Processors

We share the minimum data necessary with:

  • · Lava.top — card payment processing.
  • · NOWPayments — cryptocurrency payment processing.
  • · AI generation providers — your uploaded face and prompts are passed to our generation providers solely for the purpose of producing your pack.
  • · Hosting and CDN — our server provider, for infrastructure operation.

We do not sell your personal data to third parties.

6. Retention

Uploaded face images are retained only as long as needed to generate and deliver your pack, and are then deleted on a rolling basis (typically within 30 days). Order and payment records are retained for up to 5 years to comply with tax and anti-fraud obligations.

7. Cookies

We use strictly necessary cookies to maintain your session and order state. We do not use advertising or cross-site tracking cookies.

8. Your Rights

Subject to applicable law (including the GDPR and UK GDPR where relevant) you have the right to access, correct, delete, export, or restrict processing of your personal data, and to object to processing and withdraw consent. To exercise any of these rights, email support@genface.io. We will respond within 30 days.

9. International Transfers

Our infrastructure and processors may be located outside your country. Where transfers occur, we rely on standard contractual clauses or equivalent safeguards.

10. Security

We use TLS in transit, access controls, and encryption at rest where appropriate. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. Children

The Service is not directed at and may not be used by anyone under 18. We do not knowingly collect data from minors. If we become aware that a minor has provided us data, we will delete it.

12. Changes

We may update this Policy from time to time. Material changes will be indicated by updating the “Effective” date above.

13. Contact

For any privacy question, contact support@genface.io.