Privacy Policy
Effective Date: March 19, 2026
1. Introduction
This Privacy Policy describes how Roman Melnychuk, operating as Metagenly ("we," "us," or "our"), collects, uses, stores, and shares your personal data when you use the Metagenly platform at metagenly.io (the "Service"). Metagenly is operated by an individual (sole proprietor) and is not a registered legal entity.
By creating an account or using the Service, you agree to the collection and use of your data as described in this Policy. If you do not agree, please do not use the Service.
2. Data We Collect
2.1 Account Data
- —Email address — used for authentication, account recovery, and service communications.
- —Hashed password — stored using industry-standard hashing; we never store or have access to your plaintext password.
2.2 Billing Data
Payments are processed entirely by Paddle (our merchant of record). We store the following billing identifiers in our database:
- —Paddle customer ID and subscription ID
- —Subscription plan name and status
- —Monthly file-upload usage count (tracked against your plan limit)
We do not collect or store your credit card number, bank account details, or other direct payment instruments. Paddle handles all payment processing subject to its own privacy policy.
2.3 File Data
When you upload an image or video to Metagenly:
- —The original file is never stored on our servers and is never transmitted to any third party.
- —Our server resizes the upload to a 250×250 pixel WebP preview image.
- —We store only this low-resolution preview, along with the original file name, file type, and file size.
- —Preview images are automatically deleted after 14 days.
2.4 Generated Metadata
The core output of the Service — AI-generated titles, keywords, and Adobe Stock categories — is stored in your account and retained until you delete it or close your account.
2.5 Usage and Token Data
We track aggregate token usage and estimated cost per generation request for internal analytics and rate-limiting purposes. This data is associated with your account.
2.6 Waitlist Data
If you signed up for our pre-launch waitlist, we collected your email address only. Waitlist emails are deleted within 30 days of a deletion request.
2.7 Preferences (Client-Side Only)
Generation settings (such as preferred keyword count or language) are stored in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.
3. How We Use Your Data
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Email, hashed password | Account creation, authentication, password recovery | Performance of contract / legitimate interest |
| Billing identifiers | Subscription management, usage enforcement | Performance of contract |
| File previews (250×250 px) | AI metadata generation | Performance of contract |
| Generated metadata | Core product output, CSV export | Performance of contract |
| Token usage / cost | Internal analytics, rate limiting | Legitimate interest |
| Waitlist email | Pre-launch notifications | Consent |
4. AI Processing Disclosure
Metagenly uses the OpenAI API to generate metadata for your uploads. When you trigger a generation request, the 250×250 pixel preview image is sent to OpenAI's servers for processing. The original full-resolution file is never sent to OpenAI or any other third party.
OpenAI processes this data as our subprocessor. According to OpenAI's API data usage policy, data submitted through the API is not used to train their models.
5. Third-Party Subprocessors
| Service | Role | Data Shared | Data Location |
|---|---|---|---|
| OpenAI | AI metadata generation | 250×250 px preview images | United States |
| Supabase | Database and authentication | All user, file, and metadata records | United States / EU |
| Cloudflare R2 | Preview image object storage | Preview image files (binary) | Global (Cloudflare network) |
| Cloudflare Workers | File access proxy / edge compute | Proxied HTTP requests | Global (Cloudflare network) |
| Paddle | Subscription billing (merchant of record) | Email, plan info, billing events | United Kingdom / United States |
6. Data Retention
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Preview images (R2) | 14 days | Automatic scheduled deletion |
| Generated metadata | Until user deletes file or account | User-initiated or account closure |
| Account data | Until account deletion | User request |
| Billing identifiers | Until account deletion (Paddle retains independently) | User request / regulatory requirements |
| Waitlist emails | Until deletion request | Within 30 days of request |
7. Your Rights and Controls
- —Delete files: Removes the file record, all associated metadata, and the R2 preview image.
- —Edit metadata: Manually modify AI-generated titles, keywords, and categories at any time.
- —Export data: Download a CSV export of all your generated metadata.
- —Cancel subscription: Manage or cancel via the Paddle customer portal. Cancellation downgrades your account to the free tier.
- —Delete account: Request account deletion by contacting support@metagenly.io. This triggers a cascade delete of all user-linked data.
7.1 Account Deletion Procedure
When you request account deletion, the following data is permanently removed:
- —Your user profile (email, hashed password)
- —All file records and associated metadata
- —All preview images stored in Cloudflare R2
- —Billing identifiers in our database (Paddle may retain records independently per their policies)
- —Token usage and analytics data associated with your account
Deletion is processed within 30 days of your request. Some data may persist in encrypted backups for up to 90 days before being purged.
8. Cookies and Local Storage
- —Authentication cookies: Session tokens set by Supabase for login persistence. These are strictly necessary and cannot be disabled.
- —localStorage: Used to store your generation preferences (e.g., keyword count, language). This data is stored entirely on your device.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. See our Cookie Policy for more details.
9. Data Security
- —Passwords are stored using industry-standard one-way hashing (never stored in plaintext).
- —All data in transit is encrypted via TLS (HTTPS).
- —Database access is scoped per user using Supabase Row-Level Security (RLS).
- —Preview images are stored in Cloudflare R2 with access controlled through authenticated Cloudflare Workers proxies.
- —Original full-resolution files are never stored or transmitted beyond your browser.
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Metagenly is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@metagenly.io and we will delete it promptly.
11. International Data Transfers
Your data may be transferred to and processed in the United States and other countries where our subprocessors operate. By using the Service, you acknowledge that your data may be transferred outside your country of residence. We rely on our subprocessors' compliance with applicable data protection frameworks.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. The "Effective Date" at the top of this document will be updated accordingly.
13. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Roman MelnychukOperating as Metagenly
support@metagenly.io