Privacy Policy

Last Updated: February 11, 2026

1. Introduction

This Privacy Policy explains how Formobi Solutions Private Limited ("Formobi Solutions", "we", "us") collects, uses, shares, and protects information when you use GetGenius — our AI-powered Genius Intelligence Platform — including our web application, APIs, embeddable widgets, and related services (collectively, the "Services").

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDPA) 2023, the California Consumer Privacy Act (CCPA/CPRA), Brazil's LGPD, and other applicable regulations.

2. Scope

This Policy applies to information we collect about customers, their end users (including visitors who interact with embedded Genius Associates on your websites), and visitors to our own websites and applications. It applies regardless of how you access or use the Services (including via browser, API, mobile device, or third-party integrations).

3. Data Controller & Processor Roles

  • When we act as Controller: We are the data controller for personal data we collect directly — such as your account registration details, billing information, and usage analytics.
  • When we act as Processor: When you use GetGenius to collect and process end-user data through your Genius Associates (e.g., chat conversations, lead capture), we act as a data processor on your behalf. You remain the data controller for that data.

4. Information We Collect

a) Account & Contact Information

Name, business email address, phone number, company name, role, and billing details provided during registration or contact.

b) Genius & Knowledge Data

Content you upload to train your Genius Associates — including PDFs, URLs, text, images — and the conversations/queries processed by them. This may include personal data of your end users if captured through lead forms or chat interactions.

c) Usage & Technical Data

Log data, device and browser information, IP addresses, referring URLs, pages visited, feature usage patterns, and performance data.

d) Payment Data

We use Razorpay as our payment processor. Card details and financial information are collected and processed directly by Razorpay in accordance with PCI-DSS standards. We only receive transaction confirmations, subscription status, and invoice details.

e) Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to authenticate sessions, remember preferences, and understand usage patterns. See our Cookie Policy for full details.

5. Legal Basis for Processing

Under GDPR and similar frameworks, we process personal data on the following legal bases:

  • Contractual necessity: Processing necessary to perform our contract with you (e.g., providing the Services, processing payments).
  • Legitimate interests: Processing for our legitimate business interests (e.g., improving Services, security monitoring, fraud prevention), balanced against your rights.
  • Consent: Where you have given explicit consent (e.g., marketing communications, non-essential cookies).
  • Legal obligation: Processing necessary to comply with applicable laws, regulations, or legal requests.

6. How We Use Your Information

  • Provide, operate, maintain, and improve the Services
  • Set up and manage your account, organization, and subscriptions
  • Process transactions and send billing-related communications
  • Train and optimize your Genius Associates (per-tenant, isolated — we do NOT use your private data to train shared or public AI models)
  • Provide customer support and respond to enquiries
  • Monitor performance, security, uptime, and detect anomalies
  • Send product updates, security alerts, and service notifications
  • Comply with legal obligations and enforce our Terms of Service
  • Conduct analytics to understand usage patterns and improve UX (aggregated, anonymized where possible)

7. Sharing & Disclosure

We do not sell your personal information. We may share information with:

  • AI Infrastructure Providers: We use Amazon Web Services (AWS Bedrock), Google Cloud (Vertex AI / Gemini), Anthropic, and OpenAI to process AI inference requests. These providers process data as sub-processors under data processing agreements and do not use your data to train their models.
  • Cloud Infrastructure: AWS for hosting, database, and email (SES). Data is stored in secure, access-controlled environments.
  • Payment Processor: Razorpay processes payments under PCI-DSS compliance. We do not store your card details.
  • Analytics: We may use anonymized, aggregated analytics to understand service usage. No personally identifiable information is shared with advertising networks.
  • Legal and compliance: When required by law, to respond to valid legal requests (subpoenas, court orders), or to protect the rights, safety, and security of Formobi Solutions, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.

8. International Data Transfers

GetGenius is offered globally. Your information may be processed in and transferred to countries outside your country of residence, including:

  • India — Primary hosting, application servers, and business operations
  • United States — AI processing (AWS Bedrock us-east-1, OpenAI, Anthropic APIs)
  • European Union — Where available, EU-region processing for EEA customers

Where data is transferred outside the EEA, UK, or other jurisdictions with data protection laws, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Contractual data processing agreements with all sub-processors
  • Technical and organizational measures (encryption, access controls, audit logging)

9. Data Security

We implement enterprise-grade technical and organizational security measures designed to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls (RBAC) and principle of least privilege
  • Multi-tenant data isolation — each organization's data is logically separated
  • Comprehensive audit logging of administrative actions and data access
  • Automated monitoring and alerting for unusual activity or security events
  • Regular security reviews and vulnerability assessments
  • Incident response procedures with defined escalation paths
  • Employee security training and access provisioning

We are committed to aligning with ISO 27001 information security management standards and SOC 2 Type II controls. Our security posture is continuously improving as we pursue formal certifications.

10. Data Retention

We retain your information for as long as your account is active or as needed to provide the Services. Specific retention periods:

  • Account data: Duration of account plus 90 days after closure
  • Knowledge/training data: Deleted upon account closure or Genius deletion (within 30 days)
  • Conversation logs: Retained per your organization's settings; default 12 months
  • Billing records: Retained as required by applicable tax and financial regulations (typically 7 years)
  • Audit logs: Retained for 24 months for security and compliance purposes

After the retention period, data is securely deleted or anonymized. Backups may be retained for a limited period for disaster recovery.

11. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Data export: Request a machine-readable copy of your data (data portability)

EU/EEA/UK Residents (GDPR)

  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time (without affecting lawfulness of prior processing)
  • Right to lodge a complaint with your local data protection supervisory authority

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

Indian Residents (DPDPA 2023)

  • Right to information about processing
  • Right to correction and erasure of personal data
  • Right to nominate another individual to exercise rights in case of death or incapacity
  • Right to grievance redressal

To exercise any of these rights, contact us at care@getgeni.us. We will respond within 30 days (or as required by applicable law). We may verify your identity before processing your request.

12. Children's Data

GetGenius is a business-to-business (B2B) product designed for use by organizations and their authorized personnel. We do not knowingly collect or process personal data from children under the age of 16 (or the applicable age of consent in your jurisdiction). If you believe children's data has been submitted through the Services, please contact us immediately at care@getgeni.us.

13. Data Processing Agreement

For enterprise customers or where required by applicable law (e.g., GDPR Article 28), we offer a Data Processing Agreement (DPA) that governs our processing of personal data on your behalf. Our DPA covers sub-processor lists, security measures, breach notification procedures, and data transfer mechanisms. To request a DPA, contact us at care@getgeni.us.

14. Third-Party Services & Sub-Processors

We use the following categories of third-party services to operate the platform:

ServiceProviderPurpose
Cloud HostingAmazon Web Services (AWS)Infrastructure, storage, compute
AI InferenceAWS Bedrock (Anthropic Claude)AI conversation processing
AI InferenceGoogle Cloud (Vertex AI / Gemini)AI conversation processing
AI InferenceOpenAIEmbeddings, vision, chat
AI InferenceAnthropicChat, conversation processing
EmailAWS Simple Email Service (SES)Transactional emails
PaymentsRazorpayPayment processing (PCI-DSS compliant)
DatabasePostgreSQL (self-hosted / managed)Data storage with encryption at rest
Vector Searchpgvector (PostgreSQL extension)Semantic search for knowledge retrieval

All sub-processors are bound by data processing agreements. We may update this list as we onboard new service providers. Enterprise customers with DPAs will be notified of sub-processor changes.

15. Grievance Officer

In accordance with India's Digital Personal Data Protection Act (DPDPA) 2023 and the Information Technology Act, 2000, the Grievance Officer for Formobi Solutions Private Limited can be contacted at:

Grievance Officer

Formobi Solutions Private Limited

Email: care@getgeni.us

Address: Bengaluru, Karnataka, India

We will acknowledge your complaint within 48 hours and endeavor to resolve it within 30 days.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will take reasonable steps to notify you (e.g., via email, in-app notice, or prominent website notice) at least 30 days before the changes take effect. Your continued use of the Services after updates means you accept the revised Policy.

17. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or how we handle your data:

Formobi Solutions Private Limited

Email: care@getgeni.us

Address: Bengaluru, Karnataka, India

For terms governing the use of our Services, please refer to our Terms of Service.