Privacy Policy

GeneGraph is operated by GeneGraph / AW-FI, based in Finland. GeneGraph is the data controller for all personal data processed through this service.

For any privacy-related questions or requests, contact us at hello@genegraph.eu.

Account data

• Email address — used as your account identifier and to send sign-in codes.
• Display name — the name shown to your family members in the app.
• Profile photo (selfie) — an optional photo you take during onboarding, stored in Cloudinary.

Family tree data

• Person records — first name, last name, birth date, birth place, death date, gender, and generation level for people you add to your tree.
• Relationships — parent-child and spouse links, including optional marriage and divorce dates.
• Person photos — optional photos attached to person records, stored in Cloudinary.

Family Vault

• Vault files — documents and photos you upload (up to 200 MB per account). File metadata (name, type, size) is stored in our database; files are stored in Cloudinary.

Cloud imports (optional)

• OneDrive / Dropbox OAuth tokens — if you connect a cloud account to import photos, we store encrypted access and refresh tokens (AES-256-GCM) to sync files on your behalf.
• Photo metadata — image dimensions, EXIF data (camera, date taken), and geolocation extracted from imported photos.

AI features (opt-in only)

• AI relationship inference — if you opt in, names, dates, and generation levels from your tree are sent to our AI provider to suggest possible family connections. No data is retained by the AI provider.
• Consent records — we store a record of which AI features you have opted in or out of, including timestamps, for GDPR audit purposes.

Technical data

• One-time passwords (OTP) — short-lived 6-digit codes stored as hashes during sign-in; expire after 10 minutes.
• Session cookie — an encrypted JWT stored in your browser to keep you signed in.
• Telemetry events — if you consent, anonymous usage events (e.g. import started, tree node created) are collected to improve the service. No personal identifiers are included in telemetry.

• To authenticate you and maintain your session.
• To display and manage your family tree.
• To store files you upload to the Family Vault.
• To import photos from connected cloud accounts on your behalf.
• To suggest family relationships using AI (only when you opt in).
• To send invite emails on your behalf when you invite a family member.
• To show your profile photo to family members you share your tree with.
• To improve the service based on anonymous telemetry (only when you consent).

We do not use your data for advertising, profiling, or sell it to third parties.

• Contract performance (GDPR Art. 6(1)(b)) — processing your account data and family tree to provide the service you signed up for.
• Legitimate interests (GDPR Art. 6(1)(f)) — security logging, session management, and service reliability.
• Consent (GDPR Art. 6(1)(a)) — for optional features: profile photo, AI relationship inference, cloud imports, and telemetry.
• Explicit consent (GDPR Art. 9(2)(a)) — for face detection features, which involve biometric data (special category under GDPR Art. 9).

GeneGraph uses essential cookies only:

• next-auth.session-token — an encrypted JWT that keeps you signed in. It is set when you sign in and removed when you sign out.
• gg_sv — a small flag (value: 0 or 1) that tracks whether you have added a profile photo. Used only to show or hide the “Add photo” prompt.
• gg_analytics_consent — records whether you have opted in to anonymous telemetry. Expires after 1 year.

We do not use any advertising, tracking, or third-party cookies. Under ePrivacy Directive rules, no consent is required for strictly necessary cookies, but we disclose them here for full transparency.

• Account and tree data is retained for as long as you have an active account.
• OTP tokens expire and are voided after 10 minutes.
• Cloud OAuth tokens are revoked and deleted when you disconnect a cloud account.
• Telemetry events are anonymous and cannot be linked back to your account.
• If you delete your account, all data is permanently and immediately deleted (see Section 8).

As a data subject in the EU/EEA, you have the following rights:

• Right of access (Art. 15) — request a copy of all data we hold about you.
• Right to erasure (Art. 17) — request permanent deletion of all your data.
• Right to portability (Art. 20) — download your data in machine-readable JSON format.
• Right to rectification (Art. 16) — correct inaccurate data via your Profile page.
• Right to restriction (Art. 18) — request that we restrict processing of your data.
• Right to object (Art. 21) — object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — withdraw consent for optional features (AI, telemetry, cloud imports) at any time from your Profile page.

You can exercise your right to erasure and right to portability directly from your Profile page without needing to contact us. For all other requests, email hello@genegraph.eu.

You also have the right to lodge a complaint with your national data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

All data is transmitted over HTTPS. Session tokens are encrypted JWTs signed with a server-side secret. Access to your family tree data is strictly scoped to your authenticated account — other users cannot access your data. Profile photos are stored in Cloudinary with unique unguessable URLs. Cloud OAuth tokens are encrypted at rest using AES-256-GCM. OTP codes are stored as SHA-256 hashes, never in plaintext.

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance of the updated policy.