Privacy Policy

1. Introduction

Welcome to Genieture's Privacy Policy. This policy describes how Genieture ("we," "us," or "our") collects, uses, and shares your personal information when you use our email signature management platform and related services (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to all information collected through our Service and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: Genieture acts as the data controller for the personal information we collect directly from you. For customer data processed through the Service, we act as a data processor on behalf of our customers (the data controllers).

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (account creation, service delivery)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, integrations)
• Legitimate Interests: Processing is necessary for our legitimate interests (service improvement, fraud prevention, analytics) unless overridden by your rights
• Legal Obligations: Processing is required to comply with legal requirements

3. Information We Collect

We collect several types of information to provide and improve our Service:

3.1 Information You Provide

• Account Information: Name, email address, password, and organization details
• Profile Information: Job title, phone number, social media links, and profile photos
• Employee Data: Information about team members you add to your organization
• Signature Content: Text, images, and links you include in email signatures
• Payment Information: Billing details and payment method (processed securely by our payment processors)
• Communications: Messages you send to our support team

3.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the Service, click data
• Device Information: IP address, browser type and version, operating system, device identifiers
• Cookies and Similar Technologies: See Section 9 below
• Analytics Data: Signature deployment metrics, click-through rates, performance data

3.3 Information from Third-Party Integrations

When you connect third-party services, we may receive:

• Google Workspace: Email address, profile information, and directory data (with your explicit consent)
• Microsoft 365: Similar information when you connect your Microsoft account

4. Google API Services Disclosure

Genieture's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

When you authorize Genieture to access your Google Workspace account, we request access to:

• View and manage your Gmail settings (to deploy email signatures)
• View basic profile information (name, email, photo)
• Access directory information (for organization-wide deployments)

How We Use Google Data:

• We only use Google data to provide the signature deployment service you requested
• We do not share Google user data with third parties
• We do not use Google data for advertising or marketing purposes
• You can revoke access at any time through your Google Account settings

For more information about Google's privacy practices, please review Google's Privacy Policy.

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Deploy and update email signatures across your organization
• Process payments and send billing information
• Respond to your requests, questions, and provide customer support
• Send you technical notices, updates, and security alerts
• Send marketing communications (with your consent, where required)
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our Terms of Service
• Conduct research and development to improve our products

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers (Subprocessors): Third-party vendors who perform services on our behalf (see Section 6.1 below)
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
• Legal Requirements: When required by law, subpoena, or to protect our rights, property, or safety
• With Your Consent: When you explicitly authorize us to share your information
• Within Your Organization: Employee data may be visible to organization administrators and designated users
• Aggregated/Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you

6.1 Subprocessors List

We use the following third-party service providers to process your data:

• Google Cloud Platform: Cloud hosting and infrastructure (United States)
• Stripe: Payment processing (United States)
• SendGrid: Transactional email delivery (United States)
• Google Analytics: Website analytics (United States)

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls, role-based permissions, and multi-factor authentication
• Secure data centers with physical access controls
• Regular security training for employees
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information using industry-standard practices, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active
• After Account Deletion: We delete or anonymize your information within 90 days, except where retention is required for legal, regulatory, or legitimate business purposes
• Backup Data: May be retained in backup systems for up to 90 days after deletion
• Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., tax records for 7 years)

9. Your Rights

9.1 GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

• Right of Access: Request a copy of your personal information
• Right to Rectification: Update or correct inaccurate information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information
• Right to Restriction: Request limited processing of your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell My Personal Information: We do not sell personal information to third parties. We do not sell the personal information of minors under 16 years of age without affirmative authorization.

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@genieture.com. We will respond to your request within 30 days (or as required by applicable law).

You may also manage your account settings directly through the Service, including updating your profile information and deleting your account.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service. Types of cookies we use:

• Essential Cookies: Required for the Service to function properly (authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service (Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Receive warnings before cookies are stored

Note that disabling cookies may affect the functionality of the Service.

11. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our servers and service providers are located. These countries may have data protection laws that differ from your country of residence.

For transfers from the EEA, UK, or Switzerland to countries without adequate data protection, we use appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Data Processing Agreements: Contractual commitments with service providers
• Additional Technical Measures: Encryption and access controls

For more information about our data transfer mechanisms, please contact our Data Protection Officer at dpo@genieture.com.

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@genieture.com, and we will delete it promptly.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. If you have questions about this Privacy Policy or how we handle your personal data, please contact our DPO:

• Email: dpo@genieture.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes that affect your rights)
• Requesting your consent where required by applicable law

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@genieture.com
• Data Protection Officer: dpo@genieture.com
• Mailing Address: Genieture, [Your Company Address]