Privacy Policy

Controller: Gennaro Labs ("we", "us", "our"), providing the Convertrilo Services.

Email: hello@gennarolabs.com

For EU users, we process personal data in accordance with GDPR. For Türkiye users, we process personal data in accordance with KVKK. You may contact us to exercise your rights under either framework.

• We process your uploaded files solely to perform encoding per your instructions and to deliver output files back to you. We do not publish or distribute your content.
• Input files are deleted after a successful encoding completes. If a job fails or is aborted, we may retain inputs briefly for troubleshooting before deletion.
• You can delete generated output files at any time via the product UI; deletion removes them from our storage.
• We are not a hosting or archival service. If you choose not to delete outputs, we may retain them for a limited time to enable re-download and support; retention windows may vary by plan.
• We do not monitor content proactively, but we may investigate abuse reports (e.g., piracy or unlawful content) and take appropriate action in line with our Terms of Service.

• Account & Identity Data: name, email address, authentication identifiers, and team/organization metadata.
• Usage Data: app interactions, feature usage, time stamps, device and browser information, IP address, and performance metrics.
• Transactional Data: subscription status, invoices, payments (processed by our payment provider — we do not store full card numbers).
• Content & Files: media you upload for encoding, resulting outputs, filenames and technical metadata (e.g., duration, codec, size). You are responsible for ensuring you have the rights to upload/process this content.
• Support Data: communications with us (email, forms), including attachments and diagnostic information.
• Cookies & Similar Technologies: necessary cookies for authentication and security; optional analytics and preference cookies.

We process personal data for:

• Service Delivery: to operate and improve Convertrilo, encode your media, and provide features you request. Legal bases: performance of a contract (GDPR Art. 6(1)(b)); for KVKK: processing is necessary for the establishment or performance of a contract.
• Security & Abuse Prevention: detecting misuse (e.g., malware, illegal content), rate-limiting, fraud prevention, and ensuring the integrity of our systems. Legal bases: legitimate interests (GDPR Art. 6(1)(f)); for KVKK: legitimate interests not harming fundamental rights.
• Analytics & Improvements: understanding usage to improve performance, UX, and reliability. Legal bases: consent (where required) or legitimate interests. For KVKK, explicit consent where required.
• Payments & Billing: managing subscriptions, invoices, and taxes via our payment partners. Legal bases: performance of a contract; compliance with legal obligations.
• Communications: responding to your requests (e.g., contact form), service announcements, and product updates. Legal bases: legitimate interests; consent where required for marketing.

• Account and subscription records: retained while your account is active and for a reasonable period thereafter to comply with legal requirements.
• Uploaded input files and generated outputs: for public, time-limited workflows we retain only as needed to deliver the service and for a short window thereafter; private/paid plans may allow longer retention per your settings.
• Security logs and rate-limit keys: retained for short, defined periods sufficient to protect the Service.
• Financial/transaction records: retained as required by tax and accounting laws.

We may share personal data with service providers who help us deliver the Services (e.g., cloud hosting, storage, analytics, email, payments). These providers are bound by contractual obligations and process data only on our instructions.

Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) for GDPR and cross-border transfer mechanisms permitted under KVKK.

To exercise your rights, contact us at hello@gennarolabs.com. We may need to verify your identity. You also have the right to lodge a complaint with your data protection authority.

We implement administrative, technical, and organizational measures designed to protect your data, including access controls, encryption in transit and at rest (where applicable), and least-privilege principles.

No method of transmission or storage is 100% secure. If you suspect unauthorized access or a breach, contact us immediately.

We use necessary cookies to enable core functionality (e.g., authentication, security). With your consent, we may use analytics cookies to understand usage and improve the Service. You can manage preferences via your browser settings and, where available, our cookie controls.

For certain public workflows, we may set an anonymous browser identifier cookie to enforce fair-use limits and prevent abuse. When the application and API are on different subdomains, this cookie may use cross-site attributes (e.g., SameSite=None; Secure) so your browser can send it securely with requests to our API domain.

• We use human verification services (e.g., Cloudflare Turnstile) to distinguish legitimate users from automated abuse. This may involve sending data such as your IP address and browser characteristics to the verification provider. See their privacy documentation for details.
• We may use IP-based and network (ASN) screening to reduce automated abuse from data center networks. Access from such networks may be subject to stricter limits or blocked for public tools.
• We apply rate limiting and short-lived keys (e.g., per-IP/day counters and burst windows). These controls are stored in systems like Redis and expire automatically after defined periods.
• Public-job tokens are short-lived and may be bound to the originating client and/or IP to prevent sharing and fraud.

Our Services are not directed to children. If you believe a child has provided us personal data, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date. Material changes will be notified where required.