Privacy Policy

01. Overview

This Privacy Policy describes how GENIE AI, Inc. ("GENIE AI," "we," "our," or "us") collects, uses, processes, and protects personal information when you use BOS Studio, a business orchestration system that enables AI agents, digital twins, and business workflows (the "Services").

By using the Services, you agree to this Privacy Policy.

02. Scope of Services

This Policy applies to:

• BOS platform
• Agent Builder and SuperAgents
• Data Drive and file storage
• APIs and integrations
• Digital twin and AI systems
• Web, mobile, and enterprise deployments

03. Categories of Data Collected

3.1 Personal Information

• Name
• Email address
• Phone number
• Billing and payment details
• Business information

3.2 Usage Data

• IP address
• Device/browser type
• Session activity
• Feature usage

3.3 AI Interaction Data

• Prompts and inputs
• Generated outputs
• Files stored in Data Drive
• Agent workflows and logs

3.4 Enterprise Data

• Customer-provided datasets
• Internal business workflows
• Connected system data (CRM, ERP, etc.)

04. Legal Basis for Processing (GDPR)

Where applicable, we process personal data based on the following legal grounds:

• Contractual necessity (to provide the Services)
• Legitimate interests (improving platform performance and security)
• Consent (for marketing and certain optional features)
• Compliance with legal obligations

05. How We Use Information

We use the information we collect to:

• Operate BOS Studio infrastructure
• Enable agent orchestration and execution
• Deliver automation workflows
• Improve system intelligence and performance
• Provide customer support
• Ensure security and fraud prevention
• Comply with legal and regulatory obligations

06. AI and Agent Governance

BOS Studio includes AI-driven systems. Important principles:

• AI outputs are probabilistic and may contain inaccuracies.
• Users are responsible for reviewing outputs before reliance.
• Agents operate based on user-defined instructions and permissions.

Data Use Commitment

• We do not sell AI training data.
• We do not use customer data for external model training without consent.
• Enterprise customers may configure data isolation and additional controls.

07. Data Sharing and Disclosure

We may share data with:

7.1 Service Providers

• Cloud infrastructure providers (e.g., AWS, Azure)
• Analytics providers
• Communication tools and customer support platforms

7.2 Legal Authorities

• When required by law or legal process
• To protect rights, property, or safety

7.3 Corporate Transactions

• In connection with a merger, acquisition, financing, or other corporate transaction

All vendors are contractually required to maintain appropriate safeguards over personal data.

08. International Data Transfers

Data may be transferred to and processed in Canada, the United States, and other jurisdictions where our infrastructure or service providers operate.

We implement appropriate safeguards for international data transfers, which may include:

• Standard contractual clauses
• Contractual data protection commitments

09. Data Security (SOC2-Aligned)

We implement administrative, technical, and physical safeguards designed to protect information, including:

• Encryption in transit and at rest
• Role-based access controls (RBAC)
• Identity and authentication controls
• Continuous monitoring and logging
• Incident response procedures

We continuously improve our security posture in alignment with industry standards.

10. Data Retention

We retain data only as long as necessary to provide the Services, fulfill contractual obligations, and comply with legal requirements.

After applicable retention periods, data may be securely deleted or anonymized in accordance with our policies.

11. Your Rights (GDPR & Global)

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Restrict or object to certain processing
• Request data portability
• Withdraw consent where processing is based on consent

To exercise these rights, contact legal@genieai.ca.

12. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA, including the right to:

• Know what personal data is collected and how it is used
• Request access to and deletion of personal data
• Opt-out of the sale or sharing of personal data (we do not sell personal data)
• Be free from discrimination for exercising privacy rights

13. Cookies and Tracking

We use cookies and similar technologies to improve performance, analyze usage, and enhance user experience.

You may disable cookies in your browser settings, but some features of the Services may not function properly as a result.

14. Third-Party Integrations

BOS Studio may integrate with external systems such as CRM platforms, payment processors, and communication tools. Your use of those services is governed by their respective privacy policies and terms.

15. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it.

16. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Services or by other appropriate means.

Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.