Privacy Policy

We collect information you provide directly to us, including:

• Contact form data: name, email address, company name, phone number, and message content submitted via our website contact forms.
• Account information: username, email, hashed password, and profile details when you register for a platform account.
• API credentials: API keys, access tokens, and associated metadata generated during service onboarding.
• Billing information: invoicing details and payment records processed through our payment provider (we do not store raw card data).

We also collect information automatically when you use our services:

• Usage analytics: pages visited, session duration, click patterns, and feature usage collected via privacy-respecting analytics tools.
• API logs: request timestamps, endpoints called, response codes, payload sizes, and IP addresses for operational and security purposes.
• Technical data: browser type, operating system, device type, and referring URL.

We use the information we collect to:

• Provide, operate, and maintain our managed cloud infrastructure, data pipelines, ETL services, and AI/ML solutions.
• Respond to inquiries and deliver requested services, including onboarding and technical support.
• Send service-related communications such as account notifications, security alerts, maintenance windows, and invoices. We do not send marketing emails without explicit consent.
• Monitor and improve platform performance, reliability, and security.
• Comply with legal obligations, resolve disputes, and enforce our agreements.
• Analyze aggregated, anonymized usage trends to improve our product offerings.

We do not sell your personal information. We share data only in the following circumstances:

• Cloud infrastructure providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure process data on our behalf under Data Processing Agreements (DPAs) compliant with GDPR and applicable privacy laws.
• Email delivery: Resend is used to deliver transactional and service emails. Only your email address and relevant notification content are shared.
• Analytics providers: Anonymized, aggregated usage data may be shared with analytics partners. No personally identifiable information is disclosed.
• Legal requirements: We may disclose information when required by applicable law, court order, or government authority, or to protect the rights and safety of our users and the public.
• Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before such a transfer and ensure successor parties maintain equivalent protections.

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS 1.2+ and at rest using AES-256.
• Role-based access controls (RBAC) limiting employee access to personal data on a need-to-know basis.
• Regular vulnerability assessments and penetration testing of our infrastructure.
• Automated monitoring and alerting for anomalous access patterns.
• Secure API key management with scoped permissions and rotation policies.

No method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law.

We use cookies and similar technologies to:

• Essential cookies: Required for authentication sessions, security tokens, and core platform functionality. These cannot be disabled.
• Analytics cookies: Collect anonymized data about how visitors interact with our website to help us improve the user experience.
• Preference cookies: Remember your settings and preferences across sessions.

You can control non-essential cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our services. We do not use third-party advertising or cross-site tracking cookies.

We retain personal information only as long as necessary for the purposes described in this policy:

• API request logs: Retained for 90 days for debugging, security, and operational purposes, then automatically purged.
• Contact form submissions: Retained for 3 years to support ongoing business relationships and respond to follow-up inquiries.
• Account data: Retained for the duration of your account and 30 days after closure to support reactivation requests.
• Billing and invoicing data: Retained for 7 years to comply with Canadian tax and financial regulations.
• Analytics data: Retained in aggregated, anonymized form indefinitely; raw session data is purged after 12 months.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format (GDPR Article 20).
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Opt-out (CCPA): California residents may opt out of the sale of personal information. We do not sell personal data.
• Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.

To exercise these rights, contact us at privacy@geniuscloudsolution.ca. We will respond within 30 days.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@geniuscloudsolution.ca and we will promptly delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send an email notification to registered account holders at least 14 days before changes take effect.
• Display a prominent notice on our website for at least 30 days following any material change.

Your continued use of our services after the effective date constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team: