Privacy Policy
Genuics — Analytics, Case Management & AI Platform
Effective Date: April 3, 2026 Last Updated: April 3, 2026
1001560798 Ontario Inc., operating as Genuics ("Genuics," "we," "us," or "our"), is committed to protecting the privacy of individuals who visit our website (genuics.com), create an account, or use our platform and services (collectively, the "Service").
This Privacy Policy describes what personal information we collect, how we use and share it, how we protect it, and your rights regarding your personal information. This policy applies to all users of the Service worldwide.
If you have questions or concerns about this Privacy Policy, please contact us at privacy@genuics.com.
1. Definitions
"Customer Data" means any data, datasets, files, or content that you upload, import, or submit to the Service for processing, analysis, or storage.
"Personal Information" means any information about an identifiable individual, as defined under the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws.
"Authorized Users" means individuals who are granted access to your organization's account by you.
"Sub-processor" means a third-party service provider engaged by Genuics to process Personal Information on behalf of our customers.
2. Information We Collect
2.1. Information You Provide to Us
(a) Account Information. When you create an account, we collect your name, email address, and password. If you sign up using a single sign-on (SSO) provider such as Google, we receive your name, email address, and profile identifier from the SSO provider.
(b) Billing Information. When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details, billing address, and related financial information. Genuics does not directly store your full credit card number. See Section 5 for more information about Stripe.
(c) Organization and Profile Information. You may provide additional information such as your organization name, role, and team members' names and email addresses when inviting Authorized Users.
(d) Customer Data. You may upload datasets, files, and other content to the Service for processing and analysis. Customer Data may contain Personal Information about third parties (such as your customers, employees, or other individuals), depending on the nature of the data you upload. You are solely responsible for ensuring that you have all necessary rights and consents to upload and process such data.
(e) Communications. When you contact us for support, provide feedback, or communicate with us by email, we collect the content of those communications along with your name and email address.
2.2. Information Collected Automatically
(a) Usage Data. We collect information about how you interact with the Service, including features used, dashboards created, reports generated, cases managed, actions taken, timestamps, frequency of use, and session duration.
(b) Device and Browser Information. We collect information about the device and browser you use to access the Service, including IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
(c) Log Data. Our servers automatically record information when you access the Service, including your IP address, request timestamps, URLs accessed, HTTP method, response codes, and referring URLs.
(d) Cookies and Similar Technologies. We use cookies, local storage, and similar technologies to operate and improve the Service. See Section 8 for our Cookie Policy.
2.3. Information from Third Parties
(a) SSO Providers. If you authenticate using Google or another SSO provider, we receive limited profile information (name, email, profile picture) as authorized by you during the SSO authentication flow.
(b) Payment Processor. Stripe may provide us with limited information about your payment status, such as whether a payment succeeded or failed, the last four digits of your payment card, and your billing country.
3. How We Use Your Information
We use the information we collect for the following purposes:
(a) Providing and Operating the Service. To create and manage your account, process your datasets, generate dashboards and reports, manage cases, provide AI-powered insights (on eligible paid plans), and deliver the core functionality of the Service.
(b) Processing Payments. To process subscription payments, manage billing, send invoices, and handle payment-related communications.
(c) Communicating with You. To send you:
- Transactional communications, including account verification, billing notifications, password resets, and security alerts;
- In-app notification emails, including when a case is assigned to you, you are tagged in a comment, or a dashboard or report is shared with you;
- Service announcements and product updates relevant to your use of the Service.
We do not send marketing or promotional emails without your explicit consent.
(d) Improving the Service. To analyze usage patterns, diagnose technical issues, optimize performance, develop new features, and enhance the user experience.
(e) Security and Fraud Prevention. To detect, prevent, and respond to security incidents, fraud, abuse, or violations of our Terms of Service.
(f) Legal Compliance. To comply with applicable laws, regulations, legal processes, or enforceable government requests.
(g) Aggregated Analytics. To generate anonymized, aggregated statistics about Service usage that cannot be used to identify any individual.
We do not sell your Personal Information. We do not use Customer Data for advertising or marketing purposes.
4. AI Data Processing
4.1. AI features are available on eligible paid subscription plans only. If you are on the free plan, AI features are not available and this section does not apply to your use of the Service.
4.2. When you use the AI features of the Service, portions of your Customer Data are sent to our AI infrastructure provider (Google Cloud Vertex AI) for processing. This processing occurs solely to generate the requested AI outputs (insights, recommendations, analyses) and to return them to you.
4.3. Under Google Cloud's Data Processing Addendum, Customer Data sent to Vertex AI is not used by Google to train, improve, or develop its AI models. Your data is processed and returned, not retained by Google for its own purposes.
4.4. AI processing occurs in Google Cloud data centres located in the United States.
4.5. We do not use your Customer Data to train Genuics's own models or any third-party models.
5. How We Share Your Information
We share Personal Information only in the following circumstances:
5.1. Sub-processors and Service Providers
We engage third-party service providers ("Sub-processors") to help us deliver and improve the Service. These providers process Personal Information on our behalf and are contractually obligated to protect it.
| Sub-processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Cloud Platform (Google LLC) | Cloud infrastructure, hosting, and storage | Customer Data, Account Information, Usage Data | United States (us-central1) |
| Neon (Neon Tech Inc.) | Database hosting (PostgreSQL) | Customer Data, Account Information | United States |
| Google Cloud Vertex AI (Google LLC) | AI/ML processing for insights and recommendations (paid plans only) | Customer Data (portions sent for analysis) | United States |
| Stripe, Inc. | Payment processing | Billing Information, name, email, billing address | United States |
| Email Service Provider* | Transactional and notification emails | Name, email address, notification content | United States |
| Ahrefs Web Analytics (Ahrefs Pte. Ltd.) | Privacy-friendly, cookieless website analytics for genuics.com | Aggregated pageviews, referrer, approximate country, device type. No cookies, no localStorage, no personal identifiers. | United States / European Union |
*We use an industry-standard transactional email service (such as SendGrid, Resend, Postmark, or Amazon SES) to deliver account and notification emails. The specific provider may change; this table will be updated accordingly.
We will update this list as Sub-processors change. Material changes to Sub-processors will be communicated to customers via email or through the Service with at least thirty (30) days' notice.
5.2. Organizational Administrators
If you are an Authorized User within an organization's account, please be aware that:
- (a) Your organization's administrator(s) may have the ability to view audit logs of user activity within the organization, including actions taken, features accessed, and changes made to datasets and cases. Audit log functionality is available on Pro and Enterprise plans.
- (b) Your organization's administrator(s) may manage your access, permissions, and role within the organization.
- (c) If your organization's administrator terminates your access, you may lose access to data and content within that organization's account.
Your organization's use of the Service is governed by that organization's own policies. If you have questions about how your organization handles your data within Genuics, please contact your organization's administrator.
5.3. Legal Requirements
We may disclose Personal Information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable government request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Genuics, our users, or the public.
5.4. Business Transfers
If Genuics is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your Personal Information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.
5.5. With Your Consent
We may share your information with third parties when you have provided explicit consent to do so.
We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes.
6. International Data Transfers
6.1. Genuics is operated by 1001560798 Ontario Inc., a corporation based in Toronto, Ontario, Canada.
6.2. Customer Data and Personal Information are stored and processed in the United States through our cloud infrastructure providers (Google Cloud Platform in us-central1, Neon). Data residency selection is not available; all customer data is stored in the United States regardless of your location or subscription plan.
6.3. By using the Service, you acknowledge and consent to the transfer, processing, and storage of your information in the United States and Canada, and any other country in which our Sub-processors operate.
6.4. Where Personal Information is transferred outside of Canada, we ensure that appropriate safeguards are in place through contractual obligations with our Sub-processors, including data processing agreements that require them to protect your information to standards consistent with this Privacy Policy and applicable law.
6.5. For European Economic Area (EEA) and United Kingdom Users: Transfers of personal data outside the EEA/UK are conducted in reliance on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. You may request a copy of these safeguards by contacting us at privacy@genuics.com.
7. Data Retention
7.1. Account Information. We retain your account information for as long as your account is active. If you delete your organization, the organization and all associated Customer Data will be deleted. Your individual account information (name and email address) will be retained to maintain your login credentials unless you request full account deletion by contacting privacy@genuics.com.
7.2. Customer Data. Customer Data is retained for the duration of your active subscription. Upon cancellation or termination, Customer Data is retained for thirty (30) days to allow for data export or account reactivation, after which it is permanently and irrecoverably deleted from our production systems and backup infrastructure.
7.3. Billing Records. We retain billing and transaction records for a period of seven (7) years from the date of the transaction, as required by applicable tax and accounting regulations.
7.4. Usage Data and Logs. We retain usage data and server logs for up to twelve (12) months for security, debugging, and analytics purposes. After this period, data is either deleted or anonymized.
7.5. Audit Logs. Audit logs within the Service (available on Pro and Enterprise plans) are retained for the duration of the organization's active subscription and are deleted as part of the standard data deletion process upon termination.
7.6. Legal Obligations. We may retain information for longer periods where required by law, regulation, or legal proceedings, or where necessary to establish, exercise, or defend legal claims.
8. Cookies and Tracking Technologies
8.1. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (such as local storage and web beacons) to operate, secure, and improve the Service.
8.2. Types of Cookies We Use
(a) Essential Cookies. Required for the Service to function. These include authentication cookies (to keep you logged in), security cookies (to protect against unauthorized access), and session management cookies. These cannot be disabled.
(b) Analytics. We use Ahrefs Web Analytics on our marketing website (genuics.com) to understand aggregate visitor patterns such as pageviews, referrer sources, approximate country, and device type. Ahrefs Web Analytics is a privacy-friendly analytics service that does not use cookies, does not write to local storage, and does not collect personal identifiers or track individuals across sites. For this reason, no consent banner is required for website analytics.
(c) Preference Cookies. Used to remember your settings, preferences, and customizations within the Service (such as dashboard layouts, language preferences, and notification settings).
8.3. Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you disable essential cookies, parts of the Service may not function correctly.
8.4. Do Not Track
The Service does not currently respond to "Do Not Track" browser signals. However, you may control tracking through cookie settings as described above.
9. Data Security
9.1. We implement administrative, technical, and physical security measures designed to protect Personal Information and Customer Data from unauthorized access, disclosure, alteration, and destruction.
9.2. Our security measures include but are not limited to:
- (a) Encryption of data in transit using TLS 1.2 or higher;
- (b) Encryption of data at rest using AES-256 encryption;
- (c) Logical data isolation between customer accounts using multi-tenant row-level security;
- (d) Access controls and role-based permissions;
- (e) Regular security audits and vulnerability assessments;
- (f) Use of cloud infrastructure providers that maintain SOC 2 certifications (Google Cloud Platform, Neon). HIPAA-compliant configurations are available for eligible Enterprise plan customers under a separate Business Associate Agreement;
- (g) Secure authentication mechanisms including password hashing and SSO integration.
9.3. While we use commercially reasonable security measures, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
9.4. In the event of a data breach involving Personal Information, we will notify affected individuals and applicable regulatory authorities in accordance with PIPEDA and other applicable data breach notification laws, without unreasonable delay.
10. Your Privacy Rights
10.1. Rights Under PIPEDA (Canada)
If you are a Canadian resident, you have the right to:
- (a) Access your Personal Information held by us upon request;
- (b) Correct inaccurate or incomplete Personal Information;
- (c) Withdraw consent for the collection, use, or disclosure of your Personal Information, subject to legal or contractual restrictions and reasonable notice;
- (d) File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.
10.2. Rights Under GDPR (European Economic Area and United Kingdom)
If you are located in the EEA or UK, you may have additional rights under the General Data Protection Regulation (GDPR), including:
- (a) Right of access to your personal data;
- (b) Right to rectification of inaccurate personal data;
- (c) Right to erasure ("right to be forgotten");
- (d) Right to restriction of processing;
- (e) Right to data portability;
- (f) Right to object to processing based on legitimate interests;
- (g) Right to lodge a complaint with your local data protection authority.
Our legal bases for processing personal data under the GDPR include: (i) performance of a contract (providing the Service); (ii) legitimate interests (improving the Service, security); and (iii) consent (where applicable, such as for analytics cookies).
10.3. Rights Under CCPA/CPRA (California, United States)
If you are a California resident, you have the right to:
- (a) Know what Personal Information we collect, use, and disclose;
- (b) Delete your Personal Information, subject to certain exceptions;
- (c) Opt out of the sale of your Personal Information. We do not sell Personal Information;
- (d) Non-discrimination for exercising your privacy rights.
10.4. Exercising Your Rights
To exercise any of the rights described above, please contact us at privacy@genuics.com. We will respond to verified requests within the timeframes required by applicable law (generally thirty (30) days under PIPEDA, one month under GDPR, and forty-five (45) days under CCPA).
We may require verification of your identity before fulfilling your request.
10.5. Account and Data Deletion
You may delete your organization and all associated Customer Data directly through the Service at any time. To request complete deletion of your individual account, including your name and email address, please contact us at privacy@genuics.com. We will process complete account deletion requests within thirty (30) days.
11. Children's Privacy
11.1. The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect Personal Information from children under 18.
11.2. If we become aware that we have collected Personal Information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us immediately at privacy@genuics.com.
12. Third-Party Links
12.1. The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party service you access.
12.2. We are not responsible for the privacy practices or content of third-party services.
13. Data Controller and Data Processor Roles
13.1. For Account and Usage Data: Genuics acts as the data controller. We determine the purposes and means of processing your Account Information, Usage Data, and other information collected through the operation of the Service.
13.2. For Customer Data: Genuics acts as a data processor. When you upload Customer Data to the Service, you (or your organization) are the data controller, and Genuics processes the data on your behalf in accordance with your instructions, the Terms of Service, and the Data Processing Addendum.
13.3. If you are a data controller using Genuics to process personal data of third parties, you are responsible for complying with all applicable privacy laws, including obtaining necessary consents and providing appropriate privacy notices to data subjects.
14. Changes to This Privacy Policy
14.1. We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws.
14.2. We will notify you of material changes by email or by posting a notice on the Service at least thirty (30) days before the changes take effect.
14.3. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Service and cancel your account.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
1001560798 Ontario Inc. (operating as Genuics) Privacy Inquiries Email: privacy@genuics.com Website: genuics.com
For complaints regarding the handling of your Personal Information, you may also contact:
Office of the Privacy Commissioner of Canada Website: www.priv.gc.ca Toll-free: 1-800-282-1376
© 2026 1001560798 Ontario Inc. operating as Genuics. All rights reserved.