Privacy Policy.
What we collect, why, where it lives, and your rights over it.
1. Who is responsible
GENESIS ("we", "us"), operating at genesishq.net, is the data controller for the personal data described here. Contact: genesis@pleuromarkets-thehedgefund.com.
2. What we collect
- Account data — name, email address, and a cryptographically hashed password (scrypt; we never store or see the plain password).
- Business data — the company profiles, goals and content you give your agents, plus the plans, actions and work product they generate.
- Usage and audit data — actions taken on the Platform, approval decisions, timestamps and technical logs kept for security and the audit trail the product promises.
- Billing data — handled entirely by Stripe. We receive plan, status and revenue-event metadata; we never receive or store card numbers.
3. Why we process it (lawful bases)
- To provide the service you signed up for — running your agents, gate, briefings (contract).
- To bill you and prevent abuse (contract, legitimate interests).
- To send service email — welcome, briefings, alerts (contract); marketing email only with consent and always with an unsubscribe.
- To meet legal obligations, including tax and accounting records (legal obligation).
4. Where your data goes
We use a small set of processors, each bound by contract:
- Render — application and database hosting (EU, Frankfurt).
- Anthropic — AI model provider; receives the business context needed to operate your agents. We do not use your data to train models.
- Stripe — payments and billing.
- Resend — transactional email delivery.
We do not sell personal data. Ever.
5. Cookies
One essential cookie: your session token, needed to keep you signed in. No advertising or cross-site tracking cookies.
6. Retention
Account and business data are kept while your account is active and deleted or anonymised within 30 days of a deletion request, except records we must keep by law (e.g. billing records) and minimal audit entries needed for security and dispute defence.
7. Your rights
Under UK/EU GDPR you can request access, correction, deletion, restriction, portability, and object to processing based on legitimate interests. Email us and we'll act within one month. You can also complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.
8. Security
TLS in transit, managed encrypted infrastructure at rest, hashed passwords, scoped API keys, spend and access governors, and a full audit trail. No system is perfect; if a breach ever affects your data we will notify you and the regulator as the law requires.
9. Changes
We'll post updates here and email you about material changes before they take effect.