Image pixels stay local. Access checks stay minimal.
GenClean separates private browser-side image work from lightweight server-side usage, payment webhook, and license verification checks.
Browser-side processing
Images are decoded, repaired, previewed, and exported inside the browser. The app does not need to send image files to the server for cleanup. This reduces upload risk and keeps private image drafts on your device.
Usage limits
Free limits use a hashed IP and date key in the recommended Supabase schema. The raw IP should not be stored. This is a practical abuse-control layer, not a perfect identity system, because IPs can be shared, rotated, or blocked by networks.
Pro verification
Pro access checks email and license metadata against Supabase entitlements. Keep the Supabase service role key, Polar access token, webhook secret, and usage hash secret only in serverless environment variables. Never expose service-role credentials in browser JavaScript.
Payment webhooks
Checkout events should be verified with the payment provider webhook secret before creating or updating entitlements. A successful payment should create a license key and an active Pro entitlement. Refund or dispute events should disable the related entitlement.
Known limits
Browser-only image processing depends on device memory and browser performance. Very large batches are better suited for the planned desktop app. Free usage limits are designed to reduce abuse, but determined users may still switch networks or devices.
Report security issues
Send security concerns to support@genclean.site with enough detail to reproduce the issue. Please do not include private image files unless requested.