Privacy Policy

1. Who we are

This Privacy Policy applies to Genetic Development Studios LLC (“GeneDevStudios”, “we”, “us”, or “our”), a company based in Oklahoma, United States. We operate the website genedevstudios.com and the software products Anvil CRAFT and Anvil FORGE.

Questions about this policy or your data may be directed to [email protected].

2. Information we collect

Account information

When an account is created, we collect a username, display name, and email address. For organizational accounts, we may also collect an organization name. Passwords are never stored in plain text — they are hashed using industry-standard one-way cryptographic functions before storage.

Payment information

Payments for Anvil CRAFT subscriptions and Anvil FORGE licenses are processed by Stripe, Inc. We do not collect, store, or transmit your credit card number or banking information. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

Automatically collected information

When you visit our website, certain information is automatically processed by Cloudflare, our infrastructure provider. This includes your IP address, browser type, and request metadata. This information is used for security, bot protection, and delivering the site reliably. We do not run independent web analytics or advertising tracking.

3. How we use your information

• To create and manage your account and subscription
• To process payments and manage billing through Stripe
• To authenticate your sessions and maintain security across our products
• To protect our services against automated abuse and bots
• To respond to support or privacy inquiries you send us

We do not sell your personal information. We do not share it with third parties for advertising or marketing purposes.

4. Third-party services

Cloudflare

Our website and applications are hosted and delivered through Cloudflare, Inc. Cloudflare provides content delivery, DDoS protection, and Web Application Firewall services. Additionally, we use Cloudflare Turnstile — a bot-detection service — on our registration form. Turnstile performs passive browser environment checks to distinguish human visitors from automated bots. Your use of this site is subject to the Cloudflare Privacy Policy and the Cloudflare Turnstile Privacy Policy.

Stripe

Payment processing is handled by Stripe, Inc. When you initiate a purchase, you will interact with Stripe's hosted payment interface. We receive a confirmation of the transaction and a customer identifier, but we do not receive or store raw payment card data. Stripe is a PCI-DSS Level 1 certified payment processor.

5. Cookies and session data

We use a single authentication cookie to keep you signed in across our products. This cookie is:

• Marked HttpOnly — not accessible to JavaScript
• Marked Secure — transmitted only over HTTPS
• Scoped to .genedevstudios.com — shared across our products on the same domain
• Valid for 7 days, after which you will be asked to sign in again

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Cloudflare may set cookies necessary for its security and performance services, which are governed by the Cloudflare Privacy Policy linked above.

6. Data retention

Account data — retained for the life of your account. If you close your account, your personal information will be deleted after 90 days, except where we are required to retain it for legal or financial compliance purposes (such as transaction records).

Payment records — retained as required by applicable law and Stripe's record-keeping requirements, typically seven (7) years.

7. Data security

We take reasonable technical measures to protect your information, including:

• All data in transit is encrypted via HTTPS/TLS
• Passwords are never stored in recoverable form
• Payment data is handled entirely by Stripe and never passes through our servers
• Access to production systems is restricted
• Network-level protection is provided by Cloudflare

No method of transmission over the internet is 100% secure. While we work to protect your data, we cannot guarantee absolute security.

8. Children's privacy

Our products are designed for business and professional use. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has created an account or submitted information through our site, please contact us at [email protected].

To protect account holders from fraudulent removal requests, we will request verification before processing any deletion. Please include in your report:

• The account email address or username associated with the minor
• The child's date of birth
• A signed statement from a parent or legal guardian confirming their relationship to the child and the child's age (a copy of a birth certificate or government-issued ID is accepted as supporting documentation)

Once we have verified the report, we will promptly delete the account and any associated personal information.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify active account holders by email. Your continued use of our products after a change is posted constitutes your acceptance of the updated policy.

10. Contact

For questions, requests to access or delete your data, or any privacy-related concern, please contact: