GENXY
Get Started
Privacy policy

How personal data is collected, used, shared, and retained.

Last updated: March 17, 2026

Privacy Policy

Version effective date: March 17, 2026

1. Scope

This Privacy Policy describes how Meaningful Creations Inc. ("Meaningful Creations," "we," "us," or "our"), operating under the GENXY brand, collects, uses, shares, retains, and protects personal information when you use our website, web app and account surfaces, optional Discord-linked companion flows, and related services.

This policy should be read together with:

2. Information We Collect

2.1 Information you provide

  • account registration details, profile information, and optional linked third-party identifiers you provide or authorize us to process;
  • support request details, communications, and uploaded evidence;
  • billing-related identifiers needed to process purchases, subscriptions, disputes, and refunds;
  • prompts, instructions, media references, generated output preferences, and related request inputs you submit for generation;
  • showcase publication choices, privacy settings, and other account-surface actions.

2.2 Information collected automatically

  • device, browser, and client metadata;
  • log, audit, and diagnostic data;
  • IP-derived coarse location, risk indicators, and abuse-prevention telemetry;
  • cookie and similar technology signals;
  • service-usage telemetry tied to account, entitlement, pricing, moderation, and request lifecycle controls.

2.3 Information from third parties

  • optional linked-integration account and interaction metadata, including Discord account metadata when Discord companion flows are used;
  • payment and transaction status metadata from payment and merchant-of-record providers;
  • provider-side task, moderation, and fulfillment metadata from integrated third-party AI providers;
  • security, fraud, hosting, analytics, or infrastructure vendor signals used to protect the Services.

2.4 Optional linked-integration identifiers and interaction metadata

Where applicable to companion integrations, we may process linked identifiers and interaction records, such as Discord user IDs, server or channel context identifiers, command interaction IDs, and related fulfillment or notification metadata needed to attribute usage, manage integration state, and deliver optional companion services.

3. How We Use Information

We process personal information to:

  • provide, operate, and maintain the Services;
  • authenticate accounts, manage session and optional linked-identity state, and secure the platform;
  • process billing, subscriptions, refunds, disputes, and account entitlements;
  • route generation requests to integrated third-party AI providers and reconcile fulfillment outcomes;
  • respond to support requests and investigate service incidents;
  • detect abuse, fraud, policy violations, and security threats;
  • maintain audit trails, evidence, and compliance records;
  • improve service quality, reliability, safety systems, and operational performance;
  • comply with legal obligations and defend legal claims.

3A. Model Improvement, Quality Review, and Human Review

  • We do not use your Inputs or Outputs to train or fine-tune our own generative models by default.
  • We may use limited data, samples, metadata, and records as reasonably necessary to operate, secure, support, debug, audit, review quality, investigate abuse, process disputes, and improve the Services.
  • Prompts, reference media, and related metadata may be shared with integrated third-party AI providers when necessary to fulfill your request.
  • We may conduct limited human review where reasonably necessary for support, abuse prevention, legal compliance, billing/refund disputes, or service-quality investigation.
  • Integrated providers may also retain or process suspected risk-related prompts, outputs, moderation results, or related metadata for troubleshooting, abuse prevention, safety improvement, legal compliance, or lawful requests under their own policies.
  • Where a provider offers configurable content pre-filter controls, provider-side safety logging or moderation handling may still occur even if a configurable pre-filter is reduced or disabled.
  • If we later introduce a model-training or improvement program that uses customer Inputs or Outputs beyond these operational purposes, we will provide additional notice and any required controls before doing so.

4. Legal Bases (where required)

Depending on jurisdiction, we process data on one or more legal bases:

  • performance of a contract;
  • legitimate interests (for example security, abuse prevention, and service operations);
  • compliance with legal obligations;
  • consent, where required by law.

4A. Taiwan Personal Data Protection Act (PDPA) Notice

Where Taiwan law applies, we process personal data in accordance with the Taiwan Personal Data Protection Act (PDPA), including the following baseline requirements:

  • data-subject rights under PDPA Article 3;
  • collection by non-government agencies only within necessary and specific purposes under PDPA Article 19;
  • processing and use within lawful bases and compatible scope under PDPA Article 20;
  • cross-border transfer restrictions where competent authorities impose limits under PDPA Article 21.

5. Sharing of Information

We may share personal information with:

  • service providers and infrastructure vendors acting on our instructions;
  • Discord platform services where needed to operate optional Discord companion request, status, or notification flows;
  • integrated third-party AI providers that process prompts/media to produce requested outputs or return moderation and fulfillment metadata;
  • payment and merchant-of-record partners for transaction processing, dispute handling, and refund operations;
  • professional advisors, auditors, insurers, and investigators under confidentiality obligations;
  • public authorities, regulators, or rights holders where required by law, legal process, or a valid rights-enforcement request;
  • acquirers in connection with corporate transactions (for example merger, financing, or asset sale).

We do not sell personal information as "sale" is defined under applicable law. We also do not use customer Inputs or Outputs for cross-customer model training by default.

6. Data Retention

We retain data only as long as needed for business, legal, security, and compliance purposes, including:

  • account lifecycle and service delivery;
  • fraud and abuse prevention;
  • moderation and policy enforcement review;
  • accounting, tax, reconciliation, refund, and dispute evidence;
  • security investigation, incident response, and audit evidence;
  • legal claim establishment, exercise, or defense.

Retention periods may vary by data category, plan type, jurisdiction, and severity of the underlying event.

6A. Deletion Requests, Legal Holds, and Safety Retention

  • If you request deletion, we will evaluate the request under applicable law and our retention obligations.
  • We may retain limited records after deletion where necessary for fraud prevention, financial reconciliation, legal compliance, abuse enforcement, dispute handling, or legal hold.
  • Deleted or deactivated content may remain in backups or restricted evidence stores for a limited period consistent with operational and legal requirements.
  • Integrated third-party AI providers may also retain limited risk, moderation, or troubleshooting records under their own legal, safety, and operational obligations; deletion requests sent to GENXY do not guarantee removal of data independently retained by those providers.

7. International Data Transfers

Your information may be processed in countries outside your country of residence. Where required, we apply safeguards for cross-border transfers consistent with applicable law.

8. Security, Abuse Monitoring, and Account Protection

We maintain administrative, technical, and organizational controls designed to protect personal information against unauthorized access, loss, misuse, and alteration. These controls may include logging, anomaly detection, moderation workflows, access restrictions, credential controls, and abuse-monitoring systems.

No system is completely secure.

9. Your Rights

Subject to applicable law, you may have rights to:

  • access, correct, or delete personal information;
  • restrict or object to processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a data protection authority.

For personal data governed by Taiwan PDPA, data subjects may also exercise PDPA Article 3 rights, including the right to:

  • inquire about and review personal data;
  • request a copy of personal data;
  • request supplementation or correction;
  • request cessation of collection, processing, or use under statutory conditions;
  • request deletion under statutory conditions.

To exercise rights, contact: privacy@genxy.app

10. Cookies and Similar Technologies

We use cookies and similar technologies to support core functionality, security, and analytics. You may adjust browser-level cookie settings, but some features may not function as expected if cookies are disabled.

11. Children's Data

The Services are not directed to children who are below the minimum age of digital consent in their jurisdiction. If you believe a child has provided personal information in violation of applicable law, contact us so we can review and take appropriate action.

12. Changes to This Policy

We may update this policy periodically. Updated versions will include a revised effective date.

13. Contact

Operating entity: Meaningful Creations Inc.

For privacy requests or questions:

  • privacy@genxy.app