Privacy Policy
Last updated: April 2026
GenIsec.AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our platform.
1. Information We Collect
Information You Provide
- Account Information - name, email address, organization name, and job title when you register or request a demo
- Contact Information - information you provide when contacting us via email or forms
- Platform Data - compliance tasks, policies, risk assessments, and other GRC data you enter into the platform
Information Collected Automatically
- Usage Data - pages visited, features used, session duration, and interaction patterns
- Device Information - browser type, operating system, and device identifiers
- Log Data - IP address, access times, and referring URLs
2. How We Use Your Information
- Provide, maintain, and improve our GRC platform
- Process your requests and respond to inquiries
- Send service-related communications and security alerts
- Analyze usage patterns to improve user experience
- Comply with legal obligations and enforce our terms
- Detect and prevent fraud or security incidents
3. Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
- Service Providers - third-party vendors who assist in operating our platform (hosting, analytics, email delivery)
- Legal Requirements - when required by law, court order, or governmental authority
- Business Transfers - in connection with a merger, acquisition, or sale of assets
- With Your Consent - when you explicitly authorize sharing
4. Cookies and Tracking
We use cookies and similar technologies to:
- Remember your preferences and settings
- Analyze site traffic and usage patterns
- Improve site performance and user experience
You can manage cookie preferences through our cookie consent banner or your browser settings. Disabling cookies may affect site functionality.
5. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and monitoring
- Data isolation between organizations (multi-tenant architecture)
6. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Platform data is retained for the duration of your subscription plus 30 days, after which it is permanently deleted.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access - request a copy of your personal data
- Rectification - correct inaccurate or incomplete data
- Erasure - request deletion of your personal data
- Portability - receive your data in a structured, machine-readable format
- Restriction - limit how we process your data
- Objection - object to processing based on legitimate interests
- Withdraw Consent - withdraw consent at any time where processing is consent-based
To exercise any of these rights, contact us at privacy@genisec.ai.
8. International Data Transfers
Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by applicable law.
9. GDPR Compliance (EEA Users)
For users in the European Economic Area:
- Lawful Basis - we process data based on contract performance, legitimate interests, consent, or legal obligation
- Data Protection Officer - contact our DPO at dpo@genisec.ai
- Supervisory Authority - you have the right to lodge a complaint with your local data protection authority
10. CCPA Compliance (California Users)
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.
11. Children's Privacy
Our platform is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance.