Privacy Policy

This Privacy Policy explains how Genirize ("we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use the Genirize platform, website, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (used as your login identifier)
• Name (derived from your email during initial provisioning, editable in your profile)
• Authentication credentials (passwords are managed by AWS Cognito and are never stored in our application database)

1.2 Company Profile Data

You may voluntarily provide business information to personalise your proposals:

• Company name, industry, region, website URL, and tagline
• Company description, services, value proposition, and brand voice
• Key differentiators, notable clients, and case studies
• Pricing model, service tiers, rate ranges, and packages
• Certifications, compliance credentials, and SLA details
• Team size and years in business
• Default currency preference

1.3 Job and Proposal Data

When you create a proposal job, we collect:

• Prospect/client details you enter (company name, industry, region, budget, timeline, scope, requirements)
• Files you upload as part of a job (RFPs, briefs, supporting documents)
• Generated proposal documents (DOCX and PDF outputs)
• Job metadata (status, timestamps, credit usage)

1.4 Website Analysis Data

When you use the "Analyse Website" feature, we temporarily fetch and process the publicly available HTML content of the URL you provide. This content is sent to a large language model (LLM) for structured extraction and is not stored after processing is complete.

1.5 Usage and Technical Data

We automatically collect:

• Authentication tokens and session identifiers (stored in your browser's local storage)
• API request logs (timestamps, endpoints accessed, HTTP status codes)
• Error logs for debugging and reliability purposes

We do not use third-party analytics, tracking pixels, or advertising cookies. We do not use cookies for tracking purposes. Authentication tokens are stored exclusively in your browser's local storage.

2. How We Use Your Information

Data	Purpose	Legal Basis (GDPR)
Email and name	Account creation, authentication, and communication	Contract performance
Company profile	Personalising generated proposals with your brand, services, and pricing	Contract performance
Job and proposal data	Generating, storing, and delivering proposals you request	Contract performance
Uploaded files	Providing context to the AI for proposal generation	Contract performance
Website HTML (analyse feature)	Extracting prospect company information to pre-fill job briefs	Consent (you initiate the action)
Technical/API logs	Service reliability, debugging, and security monitoring	Legitimate interest
Credit balance and usage	Tracking your account balance and billing for proposal generation	Contract performance

3. How We Store and Protect Your Data

3.1 Infrastructure

All data is hosted on Amazon Web Services (AWS) in the us-east-1 (N. Virginia) region. We use the following AWS services:

• Amazon RDS (PostgreSQL) for structured data (accounts, jobs, metadata)
• Amazon S3 for file storage (profile assets, uploaded documents, generated proposals)
• AWS Cognito for identity management and authentication
• AWS Bedrock for AI model inference (proposal generation and website analysis)
• Amazon CloudFront for content delivery

3.2 Encryption

• In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• At rest: All files stored in Amazon S3 are encrypted using AES-256 server-side encryption. Database storage is encrypted using AWS-managed encryption keys.

3.3 Access Controls

• All API endpoints require a valid JWT authentication token issued by AWS Cognito.
• Customer data is isolated by customer identifier. You can only access data associated with your account.
• File downloads use time-limited pre-signed URLs (1-hour expiry) that are generated on-demand for authenticated users.
• Administrative access to infrastructure is restricted to authorised personnel and protected by multi-factor authentication.

4. AI Processing and Your Content

4.1 How AI Is Used

Genirize uses large language models (specifically, Anthropic's Claude models via AWS Bedrock) to:

• Generate proposal content based on your company profile and job brief
• Extract structured information from publicly available websites when you use the analyse feature
• Perform quality checks on generated content

4.2 AI Training

Your data is never used to train AI models. We access AI models through AWS Bedrock, which does not use customer inputs or outputs to train or improve foundation models. Your proposals, company data, and uploaded files remain yours and are never fed into any model training pipeline.

4.3 AI-Generated Content

Proposals generated by the Service are AI-assisted outputs. While we apply quality checks and writing rules to maintain accuracy, you are responsible for reviewing all generated content before sending it to your clients. We do not guarantee the factual accuracy of AI-generated text.

5. Data Sharing and Third Parties

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or business data to any third party. We do not share your data with advertisers.

5.2 Service Providers

We use the following third-party service providers to operate the Service. These providers process data on our behalf and are bound by their own privacy and security commitments:

• Amazon Web Services (AWS) for cloud infrastructure, authentication, storage, and AI model inference
• Anthropic (via AWS Bedrock) for AI model inference only. Anthropic does not receive your data directly. All AI inference is routed through AWS Bedrock.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request. We will notify you of such requests where legally permitted.

6. Data Retention

• Account data: Retained for as long as your account is active. If you request account deletion, we will delete your data within 30 days.
• Company profile: Retained for the lifetime of your account. Previous versions are kept for your reference and can be deleted on request.
• Jobs and proposals: Retained for the lifetime of your account. You may delete individual jobs through the Service.
• Uploaded files: Retained for the lifetime of your account or until you delete them.
• Technical logs: Retained for up to 90 days for debugging and security purposes, then automatically deleted.
• Website analysis data: Processed in real-time and not stored after the response is delivered.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate data via your profile settings or by contacting us.
• Deletion: Request deletion of your account and associated data.
• Data portability: Request your data in a structured, machine-readable format (JSON).

7.2 European Economic Area (EEA) and UK Residents

Under the GDPR and UK GDPR, you additionally have the right to:

• Restrict or object to processing of your personal data
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with your local data protection authority

7.3 Australian and New Zealand Residents

Under the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020, you have the right to access and correct your personal information. If you believe we have breached an Australian Privacy Principle (APP) or New Zealand Information Privacy Principle (IPP), you may lodge a complaint with us or with the relevant privacy commissioner.

7.4 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

7.5 Canadian Residents (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act, you have the right to access and challenge the accuracy of your personal information held by us.

8. International Data Transfers

Our infrastructure is located in the United States (AWS us-east-1). If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. We rely on AWS's compliance frameworks (including SOC 2, ISO 27001, and participation in data transfer mechanisms) to safeguard international transfers.

For EEA and UK users, transfers are made in compliance with applicable data protection laws, including through Standard Contractual Clauses (SCCs) where required.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: privacy@genirize.com
• Website: www.genirize.com

We will respond to all data rights requests within 30 days.