Privacy Policy

1. Overview

This Privacy Policy explains what information upgen, inc. (“upgen”, “we”, “us”) collects, why we collect it, how we use and share it, and the choices you have. It applies to upgen.app, the upgen browser extension, the upgen desktop application, and related services (collectively, the “Service”). Our core principle is simple: your data is yours. We collect only what we need to run the Service, and we don’t sell your data to anyone.

2. Information We Collect

2.1 Account information

When you join the waitlist, sign up, or sign in we collect your email address, an optional display name, and (when you sign up) a password, which we store only as a bcrypt hash. We never see your plaintext password.

2.2 Payment information

Payments are processed by Stripe, Inc. We do not see or store your card number, CVV, or bank credentials. We receive and store a Stripe customer ID, a subscription ID, the plan you selected, trial and renewal dates, and the last-four digits / brand of your payment method for display. Stripe’s handling of your data is governed by the Stripe Privacy Policy.

2.3 Content you upload or capture

We store the images and metadata you upload, import, or capture through the extension — including prompts, seeds, model names, source URLs, timestamps, and any ratings, favorites, tags, or prompts you create in-product. Your content is scoped to your account.

2.4 Feature-specific data

Hyperprompt requests, Hyperate match results, API tokens for the extension (stored as SHA-256 hashes), and captured-site scrapers (shared anonymously across users on a per-domain basis so the second person on a new site benefits from the first) are stored to operate those features.

2.5 Technical information

We collect standard log data such as IP address (hashed for our rate-limit counters), browser user-agent, referrer, and timestamps to keep the Service secure and diagnose problems. We use minimal first-party cookies required for sign-in and user preferences.

2.6 Voluntary feedback

If you fill out a survey, bug report, or “Report issue” in the extension, we store what you submitted, plus an HTML snippet of the page in question so we can debug unscrapable sites.

3. How We Use Your Information

• To provide, maintain, and improve the Service;
• To operate paid subscriptions, waitlist prepay, and promotional codes;
• To authenticate your account, prevent abuse, and enforce our Terms of Service;
• To run the features you invoke (library organization, graph and timeline views, Hyperprompt prompt assembly, Hyperate ranking, extension scraping);
• To respond to support requests and legal obligations; and
• To send you transactional email (waitlist confirmations, receipts, trial-ending reminders, security alerts).

4. We Do Not Train AI on Your Content

We do not use your uploaded images, prompts, favorites, or ratings to train, fine-tune, or evaluate third-party AI models, and we do not share Your Content with any AI provider for that purpose. Hyperprompt sends only the seed text and any favorite prompts you explicitly include; captured-image content is never transmitted to AI providers. The scraper-synthesis feature sends an HTML snippet (not image data) of a page you’re on to an AI model so that a reusable per-domain scraper definition can be generated once.

5. Sharing and Processors

We share your information only with:

• Service providers acting on our behalf under contract: Stripe (payments), Neon (PostgreSQL hosting), Cloudflare (image storage and CDN), and the AI model provider we route through for Hyperprompt and scraper synthesis;
• Legal and safety: we may disclose information if we reasonably believe disclosure is required by law, subpoena, or court order, or is necessary to investigate, prevent, or respond to illegal activity, security incidents, or harm to any person;
• Business transfers: if upgen is involved in a merger, acquisition, financing, reorganization, or sale, your information may be transferred as part of that transaction, and we will require the successor to honor this Policy or provide notice of changes.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

6. Storage, Retention, and Security

Images are stored on Cloudflare with encryption in transit and at rest. Passwords are stored only as bcrypt hashes. API tokens for the extension are stored only as SHA-256 hashes — a token you lose can be revoked, not recovered. We retain your account data for as long as your account is active and for a reasonable period thereafter to comply with legal, tax, and accounting obligations. You can delete your account at any time, after which we will delete or anonymize associated personal data within 30 days, except where retention is required by law.

7. Your Rights and Choices

Depending on where you live, you may have the right to access, correct, port, or delete your personal information; to object to or restrict certain processing; and to withdraw consent. To exercise any of these rights, email privacy@upgen.app. We will respond within the timeframes required by law. You also have the right to export your full library at any time from your account settings.

California residents have specific rights under the CCPA/CPRA, and residents of the EEA, UK, and Switzerland have rights under the GDPR and UK GDPR. If you believe we have not resolved your concern, you have the right to lodge a complaint with your local supervisory authority.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, email privacy@upgen.app and we will delete it.

9. Illegal Content — Zero Tolerance

upgen does not tolerate illegal content in any form. This includes (without limitation) child sexual abuse material, non-consensual intimate imagery, content depicting or promoting terrorism or targeted violence, and content that violates intellectual property, privacy, or other rights. We may remove such content without notice, suspend or terminate the responsible account, preserve relevant data, and report the matter to law enforcement and the National Center for Missing & Exploited Children (NCMEC) where required.

We assume no responsibility and accept no liability for content that users upload, capture, generate, export, or share through the Service. Whatever that content shows, our liability is limited to the fullest extent permitted by law. Please see our Terms of Service, Sections 6, 7, 11, and 12 for details.

To report illegal content, email abuse@upgen.appwith a link and description. Include “URGENT” in the subject for content involving minors, and we will escalate immediately.

10. International Transfers

upgen is based in the United States, and your information may be processed in the U.S. and other countries where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

11. Changes

We may update this Privacy Policy from time to time. If changes are material, we’ll notify you by email or an in-product notice. The “Last updated” date at the top of this page always reflects the latest revision.

12. Contact

upgen, inc. — privacy@upgen.app. For security issues, email security@upgen.app.