Home
Legal

Privacy
Policy

Effective date: January 1, 2025  ·  Last updated: April 1, 2025

At Genera, your privacy is not a feature — it's a foundation. This policy explains what data we collect, why we collect it, and how you can control it. We believe in complete transparency about how your information is used.
Contents
  1. 01Information We Collect
  2. 02How We Use Your Information
  3. 03Information Sharing
  4. 04Data Security
  5. 05Data Retention
  6. 06Your Rights
  7. 07Cookies & Tracking
  8. 08International Transfers
  9. 09Contact Us
01

Information We Collect

We collect information you provide directly when you create an account, use the Service, or contact us. This includes:

  • Account data — name, email address, company name, and password
  • Billing data — payment method details processed securely via our payment provider
  • Content data — files, workflows, plans, and other content you create or upload
  • Communications — messages you send to us through support or feedback channels

We also collect information automatically when you use the Service, including usage data, device information, IP address, browser type, and interaction logs used to improve performance and security.

02

How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service
  • Process transactions and send related communications
  • Respond to comments, questions, and requests
  • Send product updates, security alerts, and support messages
  • Monitor and analyse usage patterns to improve user experience
  • Detect, investigate, and prevent fraudulent or unauthorised activity
  • Comply with legal obligations

We do not sell your personal data. We do not use your content to train AI models without your explicit consent.

AI features: When AI features process your content (e.g. Plan's task suggestions), that processing happens within your isolated workspace and is not used to improve models for other customers.
03

Information Sharing

We do not share your personal information with third parties except in the following circumstances:

  • Service providers — We work with trusted vendors (hosting, payments, analytics) who process data on our behalf under strict agreements
  • Legal requirements — We may disclose information if required by law or to protect the rights, safety, or property of Genera or others
  • Business transfers — In the event of a merger or acquisition, your data may be transferred as part of that transaction with prior notice
  • With your consent — We will share information for any other purpose only with your explicit permission

All third-party service providers are contractually bound to handle your data securely and only for the purposes we specify.

04

Data Security

We take the security of your data seriously and implement industry-standard measures including:

  • 256-bit TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls and audit logging
  • Regular security assessments and penetration testing
  • SOC 2 Type II compliance framework

Despite these measures, no security system is impenetrable. If you become aware of a security vulnerability, please report it to security@genera.sh.

05

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. You can request deletion of your account and associated data at any time from your account settings.

Upon account deletion, your personal data is removed within 30 days, except where we are required to retain certain records to comply with legal obligations or resolve disputes. Anonymised, aggregated data may be retained indefinitely for analytics purposes.

06

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access
Request a copy of the personal data we hold about you.
Rectification
Correct inaccurate or incomplete personal data.
Erasure
Request deletion of your personal data from our systems.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing of your data for certain purposes.
Restriction
Request that we limit how we use your personal data.

To exercise any of these rights, contact us at privacy@genera.sh. We will respond within 30 days.

07

Cookies & Tracking

We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyse usage. We use the following types:

  • Essential cookies — Required for the Service to function. Cannot be disabled.
  • Analytics cookies — Help us understand how users interact with the Service (anonymised).
  • Preference cookies — Remember your settings and personalisation choices.

You can control non-essential cookies through your browser settings or our cookie preference centre in the Service. Disabling analytics cookies does not affect your access to the Service.

08

International Transfers

Your data may be processed in countries other than where you reside. When we transfer personal data internationally, we use appropriate safeguards including Standard Contractual Clauses approved by relevant data protection authorities.

For users in the European Economic Area, the United Kingdom, or Switzerland, we comply with applicable data protection regulations including GDPR. Our Data Processing Agreement is available upon request.

EU/UK users: You have the right to lodge a complaint with your local supervisory authority if you believe we have handled your data unlawfully.
09

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our privacy team:

We may update this policy from time to time. We will notify you of significant changes via email or a prominent notice within the Service at least 14 days before they take effect.