core policy · covers the platform + every hosted brand

Privacy Policy.

This policy explains what data templaitemanager collects when you use the platform, the apps we build with it, and the sites we host — how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to templaitemanager.com, apps.templaitemanager.com, every brand site built on the platform, and every mobile app packaged from those sites unless a specific brand overrides it with its own policy.
Effective2026-07-10 Last updated2026-07-10 Version1.0

Contents

  1. 01Who we are
  2. 02Scope of this policy
  3. 03Information we collect
  4. 04Where we collect it from
  5. 05How we use it
  6. 06Legal bases (GDPR)
  7. 07Who we share it with
  8. 08Third-party service providers
  9. 09Cookies + similar tech
  10. 10How long we keep it
  11. 11Security
  12. 12International transfers
  13. 13US state rights (CA / CO / VA / CT / UT + more)
  14. 14EEA + UK rights (GDPR / UK-GDPR)
  15. 15Other jurisdictions (LGPD, PIPEDA, POPIA)
  16. 16Children (COPPA + Age of consent)
  17. 17Do Not Track + GPC
  18. 18Do we sell data? No.
  19. 19Advertising + interest-based ads
  20. 20Analytics
  21. 21Push notifications + messaging
  22. 22User-generated content
  23. 23Links to third-party sites
  24. 24Automated decisions + profiling
  25. 25How to complain
  26. 26Changes to this policy
  27. 27Contact us

01 · Who we are

Templaitemanager is a website + mobile app platform operated by Gen On Demand LLC ("we", "us", "our"). We build brand-specific community, cinema and commerce sites and package them into installable web + native apps.

Data controller for platform-level data: Gen On Demand LLC, contactable at apps@genondemand.com. For any brand hosted on our platform that publishes its own privacy policy, that brand is the controller for its own user data and we act as a data processor on its behalf.

02 · Scope of this policy

This policy applies to:

It does not apply to third-party sites we link to (see section 23), payment processors that show you their own checkout, or third-party stores you download our apps from.

03 · Information we collect

3.1 · Information you give us directly

3.2 · Information we collect automatically

3.3 · Sensitive data

We do not intentionally collect sensitive personal information (race, religion, health, biometrics, precise geolocation, sexual orientation, government IDs). If you voluntarily include this in content you post, it becomes part of that content and is governed by our normal use + retention rules.

04 · Where we collect it from

05 · How we use it

PurposeWhat it means
Deliver the serviceShow you the pages, chat rooms, videos, bookings, and features you request. Sync your favorites, votes, and progress across devices.
Authenticate youLog you in, keep you logged in, protect your account, prevent takeover.
PersonalizeShow your name, your color, your favorites; surface content relevant to lobbies you joined.
Communicate with youSend transactional emails (welcome, receipts, password reset), respond to your support messages, deliver in-app notifications you opted into.
Improve the platformUnderstand which features are used, where errors occur, how long pages take to render, and use that to fix bugs and prioritize work.
Security + integrityDetect spam, abuse, fraud, bot activity, account takeover, and enforce Terms of Service.
Legal + complianceRespond to lawful requests, defend or bring legal claims, and comply with tax, export, and consumer-protection laws.
Business operationsAggregate usage data (never identifying you individually) to inform product decisions, investor reports, and platform capacity planning.

We do not use your personal information to train third-party AI models. We do not sell your personal information (see section 18). We do not use your content for advertising outside the platform.

07 · Who we share it with

We share personal information only in the following situations:

08 · Third-party service providers

CategoryProvidersWhat they process
Hosting + CDNHetzner / Contabo / OVH / CloudflareAll page and API traffic
DatabaseAirtableAccount records, chat messages, membership tiers, bookings, favorites, shares
Workflow automationn8n (self-hosted)Business logic between endpoints and Airtable
Auth (optional)Google / Apple / Facebook (OAuth)Login identity verification when you use social sign-in
PaymentsStripe / Apple / Google Play BillingPayment tokens, transaction records
Email deliveryZoho / SendGrid / PostmarkTransactional + password reset emails
Push notificationsFirebase Cloud Messaging (FCM) / Apple Push (APNS)Device tokens + notification payloads (never sensitive data)
Video playbackYouTube (embed)Video ID + playback events — YouTube's own privacy policy applies to what they collect from the embed
App analyticsPlay Console + App Store Connect built-in analytics only — no third-party SDKInstall / crash / retention aggregates

The specific list per brand may vary. Where we act as a processor for a brand, that brand chooses its own sub-processors and lists them in its brand-specific policy.

09 · Cookies + similar tech

We use a small number of first-party cookies and browser storage items:

NamePurposeDuration
auth_userKeeps you logged in across pagesSession or up to 30 days if "remember me"
tm_sessionServer-side session identifierSession
last_lobbyReopens your last-used chat lobby90 days
themeLight / dark preference1 year
cookie_consentRecords your cookie choices where applicable1 year

We do not use third-party advertising cookies. We do not use fingerprinting. You can clear cookies in your browser settings at any time; some features will not work if you do.

10 · How long we keep it

CategoryRetention
Account recordsFor as long as your account is active. Deleted within 30 days of account deletion, except records we are legally required to keep.
Chat + community postsKept as long as the brand's community is live, unless you delete them earlier. Anonymized on account deletion (username stripped, content retained if it is part of a public thread).
Bookings + payments7 years (tax + consumer-protection compliance).
Server access logs90 days.
Crash + diagnostic logs30 days.
Marketing consent records3 years after last activity.
Support tickets2 years after resolution.

Aggregated / de-identified data (that can no longer identify you) may be retained indefinitely.

11 · Security

We use the following technical + organizational safeguards:

No perfect security No online service can guarantee absolute security. If we ever suffer a security incident affecting your data, we will notify you and the relevant authorities as required by law (typically within 72 hours for EU/UK residents under GDPR).

12 · International data transfers

Our servers are located in the European Union and the United States. If you access the service from another region, your data will be transferred to and processed in those locations. Where the transfer is from the EEA / UK / Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum.

You can request a copy of the relevant transfer safeguards by contacting apps@genondemand.com.

13 · US state rights (California, Colorado, Virginia, Connecticut, Utah + more)

If you are a resident of a US state with a comprehensive privacy law, you have the right to:

How to exercise: email apps@genondemand.com from the email on your account, or use the in-app "Delete my account" flow (Settings → Privacy). We respond within 45 days (extendable once by 45 days).

Authorized agents may submit requests on your behalf with your verifiable written authorization.

California "Shine the Light" (Civ. Code § 1798.83): we do not disclose personal information to third parties for their direct marketing purposes.

14 · EEA + UK rights (GDPR / UK-GDPR)

If you are located in the EEA, UK, or Switzerland you have the following rights:

Exercise these rights by emailing apps@genondemand.com. We respond within 30 days (extendable by 60 days for complex requests).

15 · Other jurisdictions

16 · Children (COPPA + age of consent)

Our platform is not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect personal information from children under those ages. If we learn we have collected data from a child under the applicable age, we will delete it promptly.

If you are a parent or guardian and believe we have collected data from your child, contact apps@genondemand.com and we will remove it.

Some brands hosted on the platform may be intended for a younger audience. Those brands provide additional protections in their own brand-specific privacy policy.

17 · Do Not Track + Global Privacy Control

We respect the Global Privacy Control (GPC) signal for users in jurisdictions where it is legally recognized (California, Colorado, Connecticut). When we receive a GPC signal, we treat it as an opt-out of "sale" and "sharing" — although we do not sell or share personal information in that sense anyway.

Because there is no industry consensus on Do Not Track (DNT), we do not currently respond to DNT signals differently.

18 · Do we sell data? No.

No sale We do not sell your personal information for money. We do not "share" it for cross-context behavioral advertising as defined under California law. We do not rent, trade, or barter personal information.

If we ever change this position, we will update this policy, notify existing users, and provide an opt-out before any sale or sharing begins.

19 · Advertising + interest-based ads

The core platform does not show third-party advertisements. Some hosted brands may show sponsored content or run their own ad programs — those are governed by that brand's policy.

We do not use tracking pixels or advertising SDKs from Meta, Google Ads, TikTok, or similar networks in our apps.

20 · Analytics

We use only first-party analytics (usage counts + performance metrics stored in our own database) and the built-in aggregate analytics that Google Play Console and Apple App Store Connect provide to any developer. We do not use Google Analytics, Meta Pixel, Mixpanel, or similar third-party analytics services.

Aggregate analytics do not personally identify you.

21 · Push notifications + messaging

If you enable notifications, we may send you:

You can turn off notifications from your device Settings or in the app's Settings → Notifications. Transactional notifications required to deliver a service you requested (e.g. a payment receipt) will still be sent.

22 · User-generated content

Content you post in public lobbies, threads, or profile pages is visible to other users of that brand. Do not post anything you wouldn't want public. You are responsible for the content you upload; see our Terms of Service for detail.

You can delete your own content at any time. Deleted content is removed from public view immediately and purged from backups within 30 days, except where retention is legally required.

24 · Automated decisions + profiling

We do not use automated decision-making that produces legal or similarly significant effects on you. We do use automated systems to:

You can request human review of any account action taken against you (see section 25).

25 · How to complain

First: email us at apps@genondemand.com. We take complaints seriously and try to resolve them promptly.

If you are not satisfied with our response, you can contact your local privacy regulator:

26 · Changes to this policy

We may update this policy from time to time to reflect changes in our practices, new features, or legal requirements. When we do:

27 · Contact us

Questions, requests, or complaints:

For EU / UK data-protection requests, mark your message "GDPR Request" and we will route it to the responsible team.

We aim to respond within 30 days (or 45 days for US state privacy requests, extendable once by the same period for complex cases).