GNR8Home
Legal / Privacy Policy
Legal

Privacy Policy

Last updated 25 May 2026

This is the short version: we collect what we need to run GNR8, we keep it in Australia where we can, we do not sell anything to anyone, and you can pull it all out or delete it whenever you want.

What we collect

  • Account info. Your name, email, and the workspace (brand) you set up. Plus optional billing details (handled by our payment processor; we never see your card number).
  • Content you create. Brand kit (logo, photos, colours, voice rules), campaign briefs, drafted ads and posts, testimonials you upload, anything you type into the app.
  • Usage telemetry. Which actions you ran, when, how long they took, whether they failed. We use this to debug and improve the product.
  • Server logs. Standard web server logs (IP address, browser, timestamp). Kept for 30 days for security and debugging.

Why we collect it

  • To run the service - generate the ads and posts you ask for.
  • To support you - if something breaks we need to see what happened.
  • To bill you correctly - count credits used per period.
  • To improve the product - using anonymised metrics, never the actual text of your content.

Where it lives

Your application data lives in a Supabase project hosted in Sydney, Australia. Backups stay in Australia. Your storage (uploaded photos, generated images) lives in the same region.

AI processing happens through external model providers. When we send your content to a model to draft a post or generate an image, that content briefly transits the model provider's systems. We use providers whose terms confirm they do not train their models on customer inputs:

  • Anthropic (Claude) - no training on API inputs.
  • Google (Gemini API) - no training on API inputs when using paid tier.

Sub-processors

These are the third parties that handle parts of running GNR8 for us. Each is contractually bound to handle your data in line with this policy.

  • Supabase - application database, auth, storage (Sydney region).
  • Vercel - hosting and edge delivery.
  • Anthropic - Claude API for drafting copy and research.
  • Google - Gemini API for image and video generation.
  • Resend - transactional email delivery.
  • Sentry - error monitoring (no PII captured by configuration).
  • Stripe - payment processing (when paid plans are live).

How long we keep it

For the life of your account, plus 30 days after the workspace is archived. After 30 days, all workspace data is permanently deleted from production. Backups roll off within 90 days.

Server logs roll off after 30 days. Anonymised usage metrics (which template, which model, how long it took - no content) we keep indefinitely.

Your rights

You can do these things from inside the app:

  • Access and portability. Export everything we hold for your workspace as a JSON file. Use /account/data-export. The download link is emailed and expires after 24 hours.
  • Correction. Edit any of your own data through the app (brand kit, campaigns, posts). For account fields, update them in /account.
  • Deletion. Archive your workspace via /account/delete-tenant. It restores within 30 days from the link in the confirmation email; after 30 days it is gone for good.

For any request we cannot handle in-app, email rick@automation-expert.ai and we will respond within 30 days.

Cookies

We use only essential cookies (auth session, admin impersonation, system banner state, your vertical selection). No analytics, no tracking, no marketing pixels. Full breakdown on the Cookie Policy.

Security

Everything in transit uses TLS. Everything at rest is encrypted by Supabase. Tenant data is isolated by row-level security policies at the database layer, so one workspace can never see another workspace's data even by accident.

The service-role key (which bypasses RLS) is gated behind server-only modules and an admin allowlist. If we ever have a security incident that affects your data we will email you within 72 hours of becoming aware.

Children

GNR8 is not for under-18s. If you think we have an account belonging to someone under 18, email us and we will close it.

Changes to this policy

When we make a material change we will email you at least 14 days before it takes effect. The current version always lives at this URL.

Contact

Anything about your data, this policy, or a privacy request: email rick@automation-expert.ai.

← Terms of ServiceCookie Policy →