Privacy Policy

Last updated: January 27, 2025

1. Introduction

Spawn ("we," "our," or "us") is operated by Genesis Protocol. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Spawn, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication data (via Google OAuth)
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • User Content: URLs and content you submit for validation
  • Communications: Messages you send us via LinkedIn or other contact methods

2.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, validation history
  • Device Information: IP address, browser type, operating system
  • Analytics Data: Session duration, interaction patterns, conversion events
  • Cookies: Authentication tokens, session management, preferences

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process validations and generate MVP code
  • Manage your account and subscription
  • Process payments and prevent fraud
  • Send service updates and billing notifications
  • Analyze usage patterns to improve the Service
  • Provide customer support
  • Comply with legal obligations
  • Enforce our Terms of Service

4. Data Storage and Security

4.1 Where We Store Data

We use a hybrid database architecture for optimal performance and reliability:

  • Google Cloud Firestore: Real-time user data, subscription status, usage limits
  • Google Cloud SQL (PostgreSQL): Analytics, audit logs, historical data
  • US-based servers: All data stored in United States data centers

4.2 Security Measures

  • Industry-standard encryption (TLS/SSL) for data in transit
  • Encrypted data at rest in Google Cloud
  • Secure authentication via Google OAuth
  • Payment processing through PCI-compliant Stripe
  • Regular security audits and monitoring
  • Access controls and authentication logging

While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • Google Cloud Platform: Infrastructure and database services
  • Stripe: Payment processing
  • Anthropic: AI processing (Claude API)
  • Vercel: Hosting and deployment

5.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

  • Comply with legal process
  • Protect our rights and property
  • Prevent fraud or security issues
  • Protect user safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.

6. Data Retention

  • Account Data: Retained while your account is active
  • Usage History: Retained for analytics and service improvement
  • Billing Records: Retained for 7 years for tax compliance
  • Audit Logs: Retained for 2 years for security purposes
  • Deleted Accounts: Most data deleted within 90 days, except as required by law

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Opt-out: Unsubscribe from marketing emails
  • Object: Object to certain data processing activities

To exercise these rights, contact us via LinkedIn. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, security, session management (required)
  • Analytics Cookies: Understanding usage patterns and improving the Service
  • Preference Cookies: Remembering your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may impact Service functionality.

9. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

10. Children's Privacy

Spawn is not intended for users under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

11. International Users

If you access Spawn from outside the United States, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

GDPR Compliance: If you are in the European Economic Area, you have additional rights under GDPR, including data portability and the right to lodge complaints with supervisory authorities.

CCPA Compliance: California residents have rights under the California Consumer Privacy Act, including the right to know what data is collected and the right to deletion.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide information about the breach, affected data, and steps we are taking.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or Service notification at least 30 days before taking effect. Continued use after changes constitutes acceptance.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at: