Last Updated: March 30, 2026
Genesis Platform LLC (“Genesis”, “we”, “us”, or “our”) is committed to protecting personal data and handling it in a transparent, secure, and responsible manner. This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect personal data when individuals interact with our website, platform, products, services, communications, and related business operations.
This Privacy Policy applies to visitors of genesisplatform.co, users of the Genesis Platform application, customer representatives, prospective customers, vendors, partners, event participants, and other individuals whose personal data may be processed in connection with our business.
By accessing or using our website, platform, or services, or by otherwise providing personal data to us, individuals acknowledge that their personal data may be processed as described in this Privacy Policy.
1. About Genesis and Scope of This Policy
Genesis Platform LLC provides software and related services designed to help organisations manage third-party risk, vendor assessments, compliance workflows, risk intelligence, and associated security and governance functions.
Data Controller
Genesis acts as a data controller for personal data collected from website visitors, business contacts, marketing subscribers, event attendees, prospective clients, and platform account administrators for its own business operations.
Data Processor
Genesis acts as a data processor or equivalent service provider on behalf of its customers when customers use the Genesis Platform to manage vendor records, questionnaire responses, compliance materials, contact information, risk data, or uploaded documents. In these cases, the customer remains the primary controller of that data, and Genesis processes it under the customer’s instructions and the applicable Data Processing Agreement (DPA).
Important: Where Genesis processes data solely on behalf of a customer, the customer’s privacy notice, internal policies, or contractual terms also apply. This Privacy Policy describes Genesis’s own privacy practices.
2. Categories of Personal Data We Collect
We collect and process personal data that is reasonably necessary for legitimate business operations, service delivery, security, compliance, support, product improvement, and to meet contractual and legal obligations.
| Category | Examples of Data Collected |
|---|---|
| Identity & Professional | Full name, job title, employer, department, business role, account identifiers |
| Contact Information | Email address, phone number, business address, communication preferences |
| Account & Authentication | Username, login metadata, SSO identifiers, MFA status, role assignments |
| Technical & Device | IP address, browser type, device ID, OS, session ID, timestamps, log files |
| Usage & Activity | Pages viewed, features accessed, click behaviour, navigation patterns, workflow actions |
| Questionnaire & Assessment | Vendor responses, compliance answers, uploaded files, audit materials, remediation notes |
| Communication | Support tickets, demo requests, email correspondence, helpdesk chats, webinar registrations |
| Marketing & Commercial | Lead source, interest areas, campaign engagement, subscription preferences |
| Payment & Billing | Billing name, billing email, company address, payment status, invoice references |
| Public Risk Intelligence | Public breach mentions, exposed domain data, publicly reported incidents, vendor intelligence |
| AI-Derived & Analytical | Risk scores, flags, summaries, contradictions, remediation suggestions, workflow recommendations |
Note on AI-Derived Data: Derived outputs from Genesis’s AI features may in some cases relate to identifiable individuals, especially where users or vendor personnel are referenced in source materials. These outputs are generated to assist decision-making and are not intended to serve as the sole basis for decisions with significant individual consequences.
3. How We Collect Personal Data
- Direct interactions — forms, demo requests, account creation, email, phone, event registrations
- Platform usage — automatically collected technical and usage data as users interact with the platform
- From customers — customers may provide data about their employees, vendors, suppliers, or third parties
- From integrations — CRM systems, analytics providers, identity providers, support platforms, payment providers
- From public sources — open-source intelligence, regulatory publications, public breach or incident reporting
- Through cookies and similar technologies — as further described in Section 7
4. Purposes for Which We Use Personal Data
| Purpose | Lawful Basis | Description |
|---|---|---|
| Deliver the Platform | Contract | Account management, authentication, questionnaires, reports, dashboards, vendor risk workflows |
| Customer Support | Contract | Responding to inquiries, troubleshooting, implementation, customer success, service notifications |
| Security & Fraud Prevention | Legitimate Interest | Detecting suspicious behaviour, preventing unauthorised access, incident response, audit logs |
| Product Improvement | Legitimate Interest | Usage analysis, interface improvements, defect resolution, feature development, performance |
| AI-Assisted Features | Contract / Legitimate Interest | Summarising data, detecting contradictions, classifying risks, improving AI model outputs |
| Communications | Contract / Consent | Product updates, security notices, billing, sales follow-ups, marketing where permitted |
| Legal & Regulatory Compliance | Legal Obligation | Meeting applicable laws, responding to lawful requests, accounting, tax, legal claims |
| Business Operations | Legitimate Interest | Reporting, governance, corporate transactions, business continuity, disaster recovery |
| Marketing | Consent / Legitimate Interest | Promotional content, thought leadership, events — opt-in only or where lawful for B2B contacts |
| Demo & Sales | Legitimate Interest | Responding to demo requests, qualifying prospects, managing commercial pipeline |
5. AI, Analytics, and Automated Processing
Genesis includes AI-powered capabilities that may analyse data, identify patterns, generate outputs, flag potential risks, prioritise actions, or assist users in reviewing vendor or assessment information. These functions may process personal data where it appears in source materials or usage patterns.
Genesis does not intend for AI-generated outputs alone to serve as the sole basis for decisions that produce legal effects or similarly significant individual consequences without appropriate human review. AI-generated outputs are intended to support decision-making, not replace accountable human judgment.
Safeguards Applied
- Access controls around data used in AI-enabled workflows
- Logging and monitoring of sensitive operations
- Data minimisation principles applied to AI processing
- Restrictions on internal staff access to customer data
- Contractual and security controls with relevant service providers
6. Disclosure of Personal Data
Genesis does not sell personal data. We disclose personal data only where necessary and appropriate:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud Infrastructure Provider | Hosting and data storage | DPA, encryption, access controls |
| CRM Platform | Customer relationship management | DPA, contractual confidentiality |
| Email Service Provider | Transactional and marketing emails | DPA, opt-in controls |
| Analytics Provider | Product usage analytics | DPA, anonymisation where possible |
| Customer Support Tool | Helpdesk and live support | DPA, access restrictions |
| Payment Processor | Subscription billing | DPA, PCI-DSS compliance |
| Security Monitoring Provider | Threat detection, logging | DPA, access controls |
| Professional Advisers | Legal, audit, accounting, insurance | Confidentiality obligations |
| Customers & Authorised Users | Platform access — processor context only | Contract, platform permissions |
| Regulators / Authorities | Legal obligation or lawful request | Only as required by law |
Corporate Transactions: If Genesis undergoes a merger, acquisition, restructuring, or sale of assets, personal data may be disclosed as part of that transaction, subject to confidentiality protections and legal requirements.
7. Cookies and Similar Technologies
We use cookies and similar technologies on our website and, where applicable, in our platform to support operations, security, user experience, performance measurement, and communications.
| Cookie Type | Purpose | Required? |
|---|---|---|
| Essential | Security, authentication, session handling, load balancing | Yes — cannot be disabled |
| Functional | User preferences, settings, experience personalisation | Optional |
| Analytics | Usage patterns, content and design improvement (e.g. Google Analytics) | Optional |
| Marketing | Campaign measurement, retargeting (e.g. LinkedIn Insight Tag) | Optional — requires consent |
Users can manage cookies through browser settings and, where implemented, through our cookie consent banner. Disabling some cookies may affect website or platform functionality.
8. International Data Transfers
Genesis Platform is incorporated in the UAE and our infrastructure may process data in the EU and US. When transferring personal data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Data Processing Agreements (DPAs) with all sub-processors
- Transfer risk assessments where appropriate
- Compliance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL)
- Security and confidentiality controls enforced across all data transfer arrangements
9. Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy, to satisfy legal, accounting, tax, security, dispute resolution, or contractual requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Account duration + 90 days post-termination | Service continuity, offboarding |
| Vendor assessment records | Customer contract duration + 1 year | Audit trail, contractual |
| Usage & analytics logs | 12 months rolling | Security, product improvement |
| Marketing contact data | Until consent withdrawn or 2 years inactivity | GDPR / consent compliance |
| Financial & billing records | 7 years | Legal / tax obligation |
| Support communications | 3 years from last interaction | Service quality, disputes |
| Security & audit logs | Up to 12 months or as required by law | Incident investigation |
When data is no longer required, Genesis will delete, anonymise, or securely dispose of it, unless continued retention is required or permitted by law.
10. Security of Personal Data
Genesis uses administrative, technical, and organisational measures designed to protect personal data against accidental, unlawful, or unauthorised destruction, loss, alteration, disclosure, access, or misuse.
| Control | Description |
|---|---|
| Encryption | Data encrypted at rest (AES-256) and in transit (TLS 1.2+) |
| Access Control | Role-based access control (RBAC) across all systems and environments |
| Multi-Factor Authentication | MFA required for all internal systems and privileged access |
| Vulnerability Management | Continuous scanning and periodic penetration testing |
| Logging & Monitoring | Centralised logging, security event monitoring, anomaly detection |
| Incident Response | Documented IR plan with defined escalation, containment, and notification procedures |
| Backup & Recovery | Regular encrypted backups and tested recovery processes |
| Staff Governance | Confidentiality agreements, need-to-know access, security awareness training |
| ISO 27001 | Information security management system — certification in progress |
| SOC 2 Type II | Security, availability, and confidentiality trust criteria — audit in progress |
11. Personal Data Breaches
If Genesis becomes aware of a personal data breach involving personal data under its control, it will assess the incident promptly and take appropriate action to contain, investigate, remediate, and document the event.
Breach Notification: Where required by applicable law, Genesis will notify affected parties and/or competent supervisory authorities within 72 hours of becoming aware of a reportable breach, in line with GDPR Article 33 and applicable UAE regulations.
12. Your Rights
Depending on your location and applicable law, you may have the following rights over your personal data. To exercise any right, contact us at privacy@genesisplatform.co. We will respond within 30 days, or within any shorter period required by applicable law.
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Request deletion of your personal data (“right to be forgotten”) |
| Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interest or for direct marketing |
| Restrict | Request that we limit how we process your data in certain circumstances |
| Withdraw Consent | Withdraw consent for marketing or non-essential processing at any time |
| Complaint | Lodge a complaint with your local data protection supervisory authority |
Processor Context: Where Genesis acts as a processor on behalf of a customer, requests relating to customer-controlled data may need to be directed to the relevant customer. Genesis will assist the customer as required by applicable contracts or law.
13. Marketing Communications
Where permitted by law, Genesis may send business-related marketing or promotional communications about products, updates, events, thought leadership, or related services. Where consent is required, we will seek it before sending.
Individuals may opt out of non-essential marketing communications at any time by using unsubscribe links or by contacting us directly. Transactional, service, billing, support, and security communications may still be sent where necessary.
14. Third-Party Links and External Services
Our website or platform may contain links to third-party websites, services, or resources. Genesis is not responsible for the privacy, security, or content practices of external sites not controlled by us. We recommend reviewing the privacy notices of any third parties before providing personal data.
15. Children’s Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact privacy@genesisplatform.co immediately and we will delete it without undue delay.
16. Regional Privacy Notes
Genesis aims to align its practices with applicable privacy requirements across the jurisdictions in which it operates and serves customers, including GDPR-aligned principles and UAE PDPL compliance commitments.
Where specific regional laws apply, Genesis may provide additional disclosures, contractual commitments, or request handling processes appropriate to those laws. Nothing in this Privacy Policy is intended to limit any rights individuals may have under applicable law.
17. Changes to This Privacy Policy
Genesis may update this Privacy Policy to reflect changes in law, regulation, technology, business operations, or privacy practices. When we make material changes, we will:
- Update the Effective Date and Last Updated date at the top of this document
- Notify active users via email at least 14 days before changes take effect
- Maintain a version history of this document available upon request
Continued use of our website, platform, or services after an updated Privacy Policy becomes effective constitutes acceptance of the revised policy to the extent permitted by law.
18. Contact Us
| Privacy Email | info@genesisplatform.co |
| General Contact | info@genesisplatform.co |
| Company | Genesis Platform LLC |
| Registered Address | Dubai Founders HQ, Dubai, UAE |
| Response Time | Within 30 days of receipt |
| Contact Form | genesisplatform.co/contact-us |
19. Important Notice
Disclaimer: This Privacy Policy is intended to provide general information about Genesis’s data handling practices. It does not constitute legal advice. Because privacy obligations may vary based on jurisdiction, customer implementation, integrations, and platform use cases, Genesis recommends that organisations seek qualified legal counsel when assessing specific compliance obligations or preparing supporting legal documentation.
