Privacy Policy
GPEX-Cloud Last updated: June 14, 2026
1. Overview
GPEX-Cloud is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.
In short: We collect the minimum data required to operate the cloud storage service. We do not track you, sell your data, or access your files.
2. Data We Collect
2.1 Account Information
When you sign in via OAuth (Google), we receive and store:
- Email address — Used as your account identifier
- Display name — Shown in the UI
- Avatar URL — Displayed in your profile
- OAuth provider ID — Used to link your external identity
We do NOT receive or store your OAuth provider password.
2.2 Uploaded Files
.gpexproject files you choose to upload to cloud storage- Associated metadata: file name, file size, upload timestamp, content hash
We store files solely to provide the cloud storage service. We do NOT open, inspect, analyze, or process the contents of your files.
2.3 Technical Data
We may collect minimal technical data necessary for service operation:
- Request timestamps and IP addresses (for rate limiting and abuse prevention)
- Error logs (for debugging service issues)
We do NOT use analytics tools, tracking pixels, fingerprinting, or any third-party tracking services.
3. How We Use Your Data
| Data | Purpose |
|---|---|
| Email & name | Account identification, display in UI |
| Uploaded files | Providing cloud storage service back to you |
| IP / timestamps | Rate limiting, abuse prevention |
We do NOT use your data for:
- Advertising or marketing
- User profiling or behavioral analysis
- Training AI/ML models
- Selling to third parties
4. Data Storage & Security
- Authentication: Managed by Supabase (industry-standard auth infrastructure)
- File storage: Stored on Cloudflare R2 (S3-compatible object storage)
- Database: Hosted on Supabase (PostgreSQL)
- Access control: All file operations require authenticated requests; users can only access their own files
All data transmission occurs over HTTPS/TLS.
5. Third-Party Services
We use the following third-party services to operate GPEX-Cloud:
| Service | Purpose | Their privacy policy |
|---|---|---|
| Supabase | Authentication & database | https://supabase.com/privacy |
| Cloudflare R2 | File storage | https://www.cloudflare.com/privacypolicy/ |
| Google OAuth | Sign-in provider | https://policies.google.com/privacy |
We do not share your data with any other third parties.
6. Data Retention
- Account data: Retained while your account is active
- Uploaded files: Retained until you delete them, or your account is terminated
- Logs: Retained for no more than 30 days
7. Your Rights
You have the right to:
- Access — View all data associated with your account (via the dashboard)
- Delete — Remove any or all uploaded files at any time
- Account deletion — Request complete account deletion by contacting us
- Export — Download your files at any time via the dashboard
8. Cookies
GPEX-Cloud uses only essential cookies required for authentication (session tokens). We do NOT use:
- Analytics cookies
- Advertising cookies
- Third-party tracking cookies
9. Children's Privacy
GPEX-Cloud is not directed at children under 13. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy as the service evolves. Changes will be noted by updating the "Last updated" date. Continued use of the Service constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions or data deletion requests, please open an issue on our GitHub repository: https://github.com/opengpex/opengpex
This privacy policy applies to GPEX-Cloud only. The OpenGPEX editor runs entirely in your browser and does not transmit any data to our servers unless you explicitly use the cloud storage feature.