Back to Genga

Privacy Policy

Last updated: June 14, 2026

Template notice: Replace every [bracketed placeholder] and have this reviewed by a privacy professional or lawyer before relying on it. This template covers GDPR (EU), UK GDPR, and CCPA/CPRA (California).

[Legal Entity Name] ("Genga", "we", "us") operates the Genga Anime List service (the "Service"). This Privacy Policy explains what personal data we collect, how we use and share it, and the rights you have. For data-protection purposes, the data controller is [Legal Entity Name], [Business Address]. You can reach us at privacy@[your-domain].

1. Data we collect

You provide:

  • Account data — email address and password (passwords are handled and hashed by our authentication provider; we never see your plaintext password).
  • Profile data — username, optional display name, optional bio, and optional avatar and banner images you upload.
  • User content — reviews, ratings, comments, custom lists, and your anime library and follows.

From third-party sign-in (optional): if you sign in with Google or Discord, we receive your email address and basic profile information (such as an avatar URL) from that provider.

Collected automatically:

  • Authentication/session cookies set by our auth provider to keep you signed in.
  • Technical data such as IP address and basic request logs, used for security and to operate the Service.

We do not currently use advertising or analytics cookies. See our Cookie Policy.

We display anime metadata and cover images from AniList. We store only the AniList identifier of the anime you track — we do not store AniList's images or descriptions; they are loaded from AniList when you view a page.

2. How we use your data

  • to create and operate your account and profile;
  • to provide core features (library tracking, reviews, comments, lists, follows, feeds);
  • to display your public content and profile to other users;
  • to secure the Service, prevent abuse, and enforce our Terms;
  • to communicate with you about your account and important changes;
  • to comply with legal obligations.

3. Legal bases (EEA/UK users)

We rely on: performance of a contract (to provide the Service you sign up for); legitimate interests (to secure and improve the Service, where not overridden by your rights); consent (where required, e.g., for any future non-essential cookies — you may withdraw it at any time); and legal obligation (to comply with the law).

4. How we share data

We do not sell your personal data. We share it only with:

  • Service providers (sub-processors) that operate the Service on our behalf:
    • Supabase — authentication, database, and file storage;
    • Vercel — application hosting;
    • Google and Discord — only if you choose their sign-in;
    • AniList — anime metadata is requested from AniList to display to you.
  • Other users — your public profile and User Content are visible to others by design.
  • Legal / safety — where required by law or to protect rights, safety, and the Service.
  • Business transfers — in connection with a merger, acquisition, or asset sale, subject to this Policy.

5. International transfers

We and our providers may process data in countries outside your own, including the United States. Where required, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK addendum) for transfers out of the EEA/UK.

6. Data retention

We keep personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain it to comply with law, resolve disputes, or enforce our agreements. Limited backup copies may persist for a short time.

7. Your rights

EEA/UK (GDPR): you have the right to access, rectify, erase, restrict, and object to processing, the right to data portability, and the right to withdraw consent. You may also lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): you have the right to know what personal information we collect, to request deletion or correction, and to opt out of "sale" or "sharing" of personal information — we do not sell or share your personal information as those terms are defined. We will not discriminate against you for exercising your rights.

To exercise any right, email privacy@[your-domain]. You can update your profile and delete your account from your account settings. We will verify your request and respond within the time required by applicable law.

8. Children

The Service is intended for users 13 and older (16+ where required). We do not knowingly collect personal data from children under these ages. If you believe a child has provided us personal data, contact privacy@[your-domain] and we will delete it.

9. Security

We use reasonable technical and organizational measures, including encrypted transport and managed authentication, to protect your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice where appropriate.

11. Contact

Privacy questions or requests: privacy@[your-domain]. [Legal Entity Name], [Business Address].