genLO

Privacy Policy

Version 1.0 · Effective 26 April 2026

This policy explains what personal data genLO collects, why we collect it, who we share it with, and how you can exercise your rights under Singapore’s Personal Data Protection Act 2012 (the “PDPA”).

We aim for plain English. If anything is unclear, email our Data Protection Officer at marxk@loop.com.sgand we’ll clarify.

1. Who we are

“genLO” is the SaaS service provided by genLO Pte Ltd (UEN pending registration), operated during the v0 / beta period by LOOP Marketing Group Pte Ltd, a Singapore company. We’re the data controller for the personal data described below.

Our Data Protection Officer (DPO) is Marxk Madhavan. Contact: marxk@loop.com.sg.

2. What data we collect

When you use genLO, we collect:

  • Account data: email address, hashed password (bcrypt via Supabase Auth — we never see your password in plaintext).
  • Business profile:the answers you give in the onboarding wizard — business name, industry, what you do, who you serve, voice preferences, words you don’t want to sound like.
  • Uploaded images: the photo you upload to animate. Stored in Supabase Storage (Singapore region).
  • Generated outputs: the animated video and three caption variants we produce for you.
  • Usage data: project history, token spend, feature requests.
  • Technical data: IP address (via Supabase auth logs for security), user agent / browser metadata, session cookies.

3. Why we collect it

  • To deliver the service: animate your image, generate captions, give you a dashboard with your projects, gate free-tier usage.
  • To keep your account secure: authentication, abuse detection, rate limiting.
  • To communicate with you: verification emails, deletion-confirm emails, occasional product updates.
  • To improve the service:aggregated, anonymised usage patterns help us prioritise features. We don’t train AI models on your uploaded images or generated content.

4. Sub-processors

We use a small set of trusted third-party services to deliver genLO. Each one only sees the data they need to do their job.

  • Supabase (database, authentication, file storage) — hosted in ap-southeast-1 (Singapore). Privacy policy.
  • Anthropic (caption generation + image safety pre-check via Claude) — processes uploaded images and your business profile briefly during generation. United States. Privacy policy.
  • Replicate (image-to-video animation) — receives a signed URL pointing at your uploaded image. United States. Privacy policy.
  • SMTP2GO (transactional email delivery) — receives your email address and the contents of system emails (verification, deletion confirmation). Privacy policy.
  • RunCloud + Hetzner (server hosting for the genLO web app) — handles HTTPS traffic and short-lived files in transit. Hosting region: Hetzner Falkenstein, Germany. RunCloud privacy · Hetzner privacy.

5. International transfers

Anthropic and Replicate process your uploaded images and prompts on servers outside Singapore (primarily the United States). Hosting via Hetzner is in Germany. By signing up, you consent to these transfers for the purpose of delivering the service. We pick sub-processors with published privacy commitments and standard contractual protections.

6. How long we keep your data

  • Uploaded images: deleted automatically 30 days after upload.
  • Generated videos: deleted automatically 90 days after generation.
  • Account data + project metadata: retained while your account is active.
  • On account deletion: all user-owned data is hard-deleted within 7 days. Backups roll off within a further 30 days. Aggregate, anonymised analytics may persist.

7. Your rights under PDPA

Under Singapore’s PDPA you have the right to:

  • Access the personal data we hold about you.
  • Correct personal data that is inaccurate or incomplete.
  • Withdraw consentfor further processing (note: this may mean we can’t continue providing the service).
  • Delete your account and the data we hold about you.

To exercise any of these rights, email marxk@loop.com.sg from the address on your account, or use the Delete my account button in your dashboard settings. We respond within 30 calendar days.

8. Children

genLO is intended for adults running businesses. The service is not directed at users under 18. Uploads of images of minors are blocked at our automated safety pre-check.

9. Cookies

We use the smallest set of cookies that lets the service work:

  • Session cookie (essential): keeps you logged in. Set by Supabase Auth, expires when you sign out.
  • genlo_ref (functional): a 30-day cookie that remembers which referral link brought you to the site so we can credit your referrer. Cleared at signup, anonymised after attribution.

We don’t use advertising trackers, third-party analytics (Google/Facebook), or fingerprinting libraries. No EU GDPR cookie banner is shown because we don’t set non-essential cookies.

10. Security

Passwords are hashed with bcrypt via Supabase Auth. All traffic is HTTPS-only. Storage objects sit behind Supabase Row-Level Security policies that restrict access to the owning user. We rotate secrets, enable 2FA on admin accounts, and apply security patches promptly.

No system is perfect. If you believe your account is compromised, email marxk@loop.com.sg immediately.

11. Updates to this policy

We may update this policy as the service evolves. The version number and effective date at the top of this page reflect the latest revision. For material changes (new sub-processor, new data category, change to retention) we notify active users via email at least 14 days before the change takes effect.

12. Contact us

Data Protection Officer: Marxk Madhavan · marxk@loop.com.sg
Postal: c/o LOOP Marketing Group Pte Ltd, Singapore (full address on request).

Questions? Email marxk@loop.com.sg.