Privacy Policy

Genius Power may act as a “business” under CCPA and as a “controller” under GDPR with respect to information we collect directly from you to provide and operate the Service (such as account, billing, and usage information).

Where you submit content to the Service in connection with your use of AI features (“Customer Content”), and that content contains personal information of third parties, you act as the controller of that content and Genius Power processes it on your behalf as a “service provider” under CCPA and a “processor” under GDPR. You are responsible for ensuring that you have a lawful basis to submit such content and for providing any required notices to the individuals concerned. A data processing addendum is available to business customers upon request to Support@GeniusPower.com.

We collect the following categories of personal information:

• Identifiers — name, email address, organization name, account identifiers, and IP address.
• Customer Records Information — billing contact details and payment-method metadata (we do not store full card numbers).
• Commercial Information — records of purchases (credit top-ups), credit balances, usage history, and transaction details.
• Internet or Network Activity — browser type, device type, operating system, referring URLs, pages viewed, features used, timestamps, and aggregated usage metrics.
• Audio Information — where you use voice-transcription features, the audio you submit and the resulting transcript.
• Content and Communications — prompts, queries, files, documents, chat messages, and other Customer Content that you submit to AI features, as well as communications you send to us (support requests, feedback).
• Inferences — conclusions drawn from the foregoing categories about your preferences, behavior, and use of the Service to provide and improve the Service.

Sensitive Personal Information. We do not intentionally collect “sensitive personal information” as defined under CCPA (such as government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, union membership, biometric identifiers used to identify an individual, health information, sex life or sexual orientation, contents of mail or messages not directed to us, or genetic data). Customer Content you submit may contain such information; in that case you are responsible for the lawful basis for processing and you instruct us to process it solely to provide the Service.

We collect personal information from the following sources:

• Directly from you (when you apply, create an account, top up credits, submit Customer Content, or contact us).
• Automatically from your interactions with the Service (logs, cookies, similar technologies).
• From our service providers and subprocessors (e.g., authentication identifiers from Clerk, transaction confirmations from our payment processor).
• From publicly available sources where lawful and necessary (e.g., business directory information about your organization).

We use the categories of personal information described above for the following business and commercial purposes:

• Providing, operating, securing, and maintaining the Service.
• Processing AI requests and returning outputs to you.
• Processing payments, applying credits, preventing fraud, and managing billing records.
• Sending administrative communications about the Service (account, security, billing, policy updates).
• Responding to inquiries and providing customer support.
• Detecting, investigating, and preventing security incidents, fraud, abuse, and other harmful or unlawful activity.
• Complying with legal obligations, enforcing our agreements, and protecting our rights and the rights of others.
• Improving the Service through aggregated, de-identified, or anonymized analysis.
• Conducting internal research and audits.

Lawful Bases (GDPR). Where GDPR applies, our lawful bases for processing are: performance of a contract with you; compliance with a legal obligation; our legitimate interests (operating, securing, and improving the Service) provided your interests and rights do not override those interests; and your consent where required.

The Service uses large language models and related AI services provided by third parties (“AI Subprocessors”). When you use AI features, the inputs you submit, together with relevant context and instructions, are transmitted to one or more AI Subprocessors for processing. Outputs returned by those subprocessors are then delivered to you and stored as part of your account history.

Training and Provider Behavior. Whether AI Subprocessors retain or use Customer Content for model training, evaluation, abuse monitoring, or other purposes is governed by the terms of each provider. We make commercially reasonable efforts to configure AI Subprocessor APIs to use any training opt-out or zero-data-retention features offered by the provider, where such features exist and are compatible with the Service. We make no warranty that AI Subprocessors will refrain from any particular use of Customer Content beyond their published commitments, and we are not responsible for AI Subprocessor practices.

Obfuscate Mode. Where enabled and supported, Obfuscate Mode applies automated filters intended to identify and prevent transmission of designated trade-secret, confidential, or sensitive information to AI Subprocessors. Obfuscate Mode is a tool, not a guarantee, and you remain responsible for evaluating whether the Service is appropriate for any specific content.

Outputs. AI outputs are probabilistic and may contain inaccuracies, omissions, biases, or other defects. You are responsible for evaluating the appropriateness of outputs before relying on them. See our Terms of Service for additional disclaimers.

We share personal information with the following categories of recipients, each bound by contractual obligations of confidentiality and data protection appropriate to the relationship:

• Service providers and subprocessors who operate aspects of the Service on our behalf. Our current subprocessors include:
  • Authentication and identity: Clerk
  • AI providers: Anthropic, OpenAI, Google, Perplexity
  • Application hosting: Render
  • Database hosting: Neon
  • File and object storage: Cloudflare R2
  • Payment processing (Merchant of Record): our designated payment processor
  • Transactional email delivery: Resend
  • SMS and voice communications (where applicable): Twilio
  • Privacy-friendly analytics: a self-hosted or third-party analytics provider that does not require user-identifying cookies
• Professional advisors such as accountants, auditors, and legal counsel, on a need-to-know basis and subject to confidentiality obligations.
• Government, regulatory, and law-enforcement authorities where required to comply with applicable law, court order, or other legal process, or to protect the rights, safety, or property of Genius Power, our users, or others.
• Parties to a corporate transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or due-diligence process, in which case the recipient will be bound to honor this Policy with respect to the transferred information.
• Other parties with your consent or at your direction.

No Sale or Targeted-Advertising Share. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under CCPA. We may update the list of subprocessors as the Service evolves, and material changes will be reflected in updates to this Policy.

The Service uses cookies and similar technologies in the following categories:

• Strictly necessary — cookies required for authentication, session management, and security. These cannot be disabled through our settings without impairing functionality.
• Analytics — aggregated, privacy-friendly measurement of site usage. We do not use third-party advertising cookies and we do not allow other parties to set advertising cookies through the Service.

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent you from using the Service.

Some browsers transmit a “Do Not Track” (“DNT”) signal. There is no industry standard for how websites should respond to DNT signals. At this time, the Service does not respond to DNT signals. We do not track users across third-party websites for advertising purposes regardless of DNT signal.

The Service uses AI to generate analyses, suggestions, summaries, reports, and similar outputs in response to your inputs. These outputs are generated automatically and are intended to assist your decision-making, not to replace it. The Service does not use automated processing to make decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of GDPR Article 22. If you believe that an output of the Service has been used by another party to make an automated decision affecting you, please contact us.

Depending on your jurisdiction, you may have the following rights regarding personal information about you:

• Right to know / access: request information about the categories or specific pieces of personal information we have collected about you, the sources, purposes, and categories of recipients.
• Right to deletion: request that we delete personal information about you, subject to legal exceptions (such as records we must retain to comply with tax, accounting, or other legal obligations).
• Right to correction: request correction of inaccurate personal information.
• Right to portability: receive a copy of certain personal information in a portable, machine-readable format.
• Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising; no opt-out is necessary.
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes beyond those permitted under CCPA without your consent.
• Right to non-discrimination / non-retaliation for exercising your privacy rights.
• Right to withdraw consent where processing is based on consent (GDPR).
• Right to object to processing based on legitimate interests (GDPR).
• Right to lodge a complaint with a supervisory authority (GDPR / UK GDPR).

To exercise these rights, email Support@GeniusPower.com. We will verify your identity before fulfilling any request. We will respond within the timeframe required by applicable law. You may use an authorized agent to submit a request on your behalf; the agent must provide written authorization, and we may contact you to verify.

California “Shine the Light” Law. California residents may request information about our disclosures, if any, of personal information to third parties for those parties’ direct-marketing purposes. We do not make such disclosures.

We retain personal information for as long as needed to fulfill the purposes for which it was collected, including to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices include:

• Account and billing records: retained for at least seven (7) years after account closure to comply with tax, accounting, and financial-record obligations.
• Customer Content (AI inputs and outputs): retained while your account is active. Upon verified deletion request, we delete or de-identify Customer Content within a reasonable time, subject to active legal holds, ongoing security investigations, or backup-cycle limitations.
• Server, application, and security logs: retained for up to twelve (12) months for operational, security, and abuse-prevention purposes.
• Support communications: retained for up to three (3) years.

When personal information is no longer needed for these purposes, we delete or de-identify it using commercially reasonable methods.

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls based on least privilege, authentication safeguards, monitoring, periodic review, and vendor-management practices. No system is perfectly secure, and we cannot guarantee absolute security.

In the event of a personal-data breach affecting your information, we will notify you and applicable regulators where required by law, within the timeframes required by that law. We may also report incidents to law-enforcement authorities where appropriate.

The Service is operated from the United States. If you access the Service from outside the United States, your personal information will be transferred to, processed, and stored in the United States and potentially in other jurisdictions in which our service providers operate. By using the Service, you consent to such transfer.

Where required by applicable law (including GDPR or UK GDPR for transfers from the European Economic Area or United Kingdom), we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms.

The Service is intended for use by businesses and individuals aged 18 or older. The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided personal information to us, contact Support@GeniusPower.com.

The Service may contain links to, or integrations with, third-party websites and services not operated by us. Their privacy practices are governed by their own policies, and this Policy does not apply to them. We are not responsible for the privacy practices of third parties.

We may update this Policy from time to time. The date of the most recent revision appears at the top. Material changes will be communicated through the Service or by email to the address associated with your account. Continued use of the Service after a change takes effect constitutes acceptance of the updated Policy. Where required by law, we will obtain consent before applying material changes.

If you have questions or concerns about this Policy or our privacy practices, or to exercise any of your rights, please contact us at: