Privacy Policy

1. Introduction

GenticFlow ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IT support platform and services.

2. Data Controller and Processor

When you use our Service, you (the customer) are the Data Controller for your Customer Data and Device Diagnostic Data. GenticFlow acts as Data Processor on your behalf, processing data only according to your instructions to provide the Service.

For detailed information about our data processing obligations, subprocessors, and international transfers, please refer to our Data Processing Agreement (DPA).

3. Information We Collect

3.1 Information You Provide

• Account information (name, email, company details)
• Contact information for support requests
• Payment and billing information
• User-generated content (support tickets, chat messages)

3.2 Information Collected Automatically

• Endpoint diagnostic data (system logs, hardware info, software inventory)
• Usage data (feature usage, session duration, interaction patterns), including data on user interaction with AI features and automation workflows
• Technical data (IP addresses, browser type, device information)
• Performance and error logs

4. How We Use Your Information

We use collected information to:

• Provide and maintain our IT support services
• Gather real-time endpoint diagnostics for troubleshooting
• Process payments and send billing notifications
• Respond to support requests and improve customer service
• Analyze usage patterns to enhance platform functionality, including using data to tune and improve the non-training aspects of our AI models and service algorithms
• Comply with legal obligations and enforce our terms

5. Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you have subscribed to
• Legitimate Interest: Security monitoring, fraud prevention, service improvements, and analytics
• Legal Obligation: Tax records, regulatory compliance, and responding to lawful requests
• Consent: Marketing communications and optional AI features (where applicable)

6. AI and Machine Learning

GenticFlow uses AI and machine learning to provide automated support features. When you enable AI features:

• Your data may be processed by AI models to generate responses and recommendations
• We use third-party AI providers (listed in our DPA) under strict data processing agreements
• AI features are optional and can be disabled in your account settings
• We do not use your Customer Data to train AI models without explicit consent

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls and multi-factor authentication
• Annual third-party penetration testing
• SOC 2 framework in place
• Endpoint agents run with least-privilege access

8. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Cloud hosting, payment processing, analytics (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with merger, acquisition, or asset sale

9. Aggregated and Anonymized Data

We may create aggregated, anonymized, or de-identified data from your information. This data cannot reasonably be used to identify you. We may use and share aggregated data for analytics, benchmarking, product improvement, and industry reports without restriction.

10. Third-Party Integrations

When you enable integrations with third-party services (such as Microsoft, Google, or other vendors):

• Data shared with third parties is governed by their respective privacy policies
• You control which integrations are enabled and what data is shared
• We are not responsible for the privacy practices of third-party services
• Disabling an integration may affect related Service functionality

11. Cookies and Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for Service functionality and security
• Analytics Cookies: Help us understand usage patterns and improve the Service
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

12. Data Retention

We retain your data only as long as necessary to provide services and comply with legal obligations:

• Account data: Retained during active subscription + 90 days
• Endpoint diagnostics: Retained for 90 days
• Support tickets: Retained for 2 years
• Billing records: Retained for 7 years (tax compliance)

13. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw consent at any time for consent-based processing
• Automated Decisions: Not be subject to decisions based solely on automated processing that significantly affect you
• Complaint: Lodge a complaint with your local data protection supervisory authority

Contact us at privacy@genticflow.com to exercise these rights. We will respond without undue delay, and in any event within one month (30 days) of receipt.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights. We do not offer financial incentives in exchange for retaining or selling personal information.

To exercise CCPA rights, contact privacy@genticflow.com.

15. Marketing Communications

We may send you promotional communications about our services. You can opt out at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your communication preferences in account settings
• Contacting us at privacy@genticflow.com

Opting out of marketing does not affect transactional communications (billing, security alerts, service updates).

16. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

• Standard Contractual Clauses (EU approved)
• Data Processing Agreements with all subprocessors
• Regional data residency options for enterprise customers (use of regional data residency options may be subject to additional fees and contractual terms)

17. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect information from children. If we become aware that we have collected data from a child, we will delete it promptly.

18. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification at least 30 days before changes take effect. Continued use of the Service after changes constitutes acceptance. It remains your responsibility to keep your account contact information current and to review this policy periodically.

19. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@genticflow.com.

For formal Data Protection Officer inquiries: dpo@genticflow.com

GenticFlow
Dublin, Ireland