← Back to home

Privacy Policy

Last updated: June 18, 2026

1. Introduction

Genio AI ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what we collect, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

For the purposes of GDPR, the data controller is Genio AI. You can reach our Data Protection Officer at privacy@genio.ai.

2. Data We Collect

  • Account data: name, email address, password hash, and (optionally) profile picture.
  • Billing data: subscription tier, billing history, and the last 4 digits of your payment method. Full card numbers are handled by our PCI-DSS compliant payment processors and never stored on our servers.
  • User Content: the text, prompts, documents, and inputs you submit to our AI tools (Study Genius, Resume Forge, BizLaunch, MindEase).
  • Usage data: log files, IP address, browser type, device identifiers, pages visited, and timestamps.
  • Cookies & similar tech: see section 7.

3. How We Use Your Data

  • To provide, maintain, and improve the Service (legal basis: performance of contract).
  • To process payments and prevent fraud (legal basis: performance of contract; legitimate interest).
  • To send service announcements, security alerts, and (with your consent) marketing emails (legal basis: consent / legitimate interest).
  • To comply with legal obligations such as tax reporting and lawful requests from authorities (legal basis: legal obligation).
  • To analyze aggregated, de-identified usage patterns to improve the Service (legal basis: legitimate interest).

We do not sell your personal data. We do not use your private User Content to train our AI models unless you explicitly opt in.

4. Sharing & Sub-processors

We share data only with vetted sub-processors who help us operate the Service, under written data processing agreements:

  • Cloud hosting and database (Supabase, Cloudflare)
  • AI model providers (used to generate outputs from your prompts)
  • Payment processors (Stripe, Razorpay, Paddle)
  • Email delivery and transactional notifications
  • Product analytics (aggregated only)

International transfers outside the EEA / UK are protected by Standard Contractual Clauses or an adequacy decision.

5. Data Retention

We retain account and User Content data for the lifetime of your account plus 30 days after deletion, after which it is permanently erased from active systems. Backups are purged within 90 days. Billing records are retained for up to 7 years to comply with tax law.

6. Your Rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

To exercise any of these rights, email privacy@genio.ai. We respond within 30 days.

7. Cookies Policy

We use cookies and similar technologies for the following purposes:

  • Strictly necessary: authentication, session security, CSRF protection. These cannot be disabled.
  • Preferences: remember your theme, language, and UI choices.
  • Analytics: aggregated, privacy-respecting metrics about feature usage. Only set with your consent.

You can manage your cookie preferences at any time through your browser settings or our in-app cookie banner. Disabling strictly necessary cookies may break the Service.

8. Security

We protect your data using industry-standard measures, including TLS 1.3 in transit, AES-256 encryption at rest, row-level security on our database, and least-privilege access controls. No system is perfectly secure; if a breach affecting your personal data occurs, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect.

11. Contact Us

For privacy questions, data requests, or to contact our Data Protection Officer: