End-User Privacy Policy
Effective Date: May 26, 2026 · Last Updated: May 26, 2026
This Privacy Policy describes how your information is collected, used, and protected when you use an application ("App") built on the GenieForge platform. The individual or organization who built the App (the "App Owner") is the controller of your information. GenieForge processes your information on behalf of the App Owner.
Information We Collect
Information You Provide
- Account information: Name, email address, and credentials (passwords are stored in irreversible hashed form and cannot be read by anyone)
- Conversation content: Messages you send to and receive from the AI assistant
- Activity responses: Inputs you provide during guided activities, forms, assessments, or other interactive features
Information Collected Automatically
- Usage data: Timestamps of sessions and features used
- Device information: Browser and device type (used for display purposes only)
- IP address: Logged for security purposes only
Information We Do NOT Collect
- Payment or financial information
- Precise geolocation
- Third-party tracking cookies or advertising identifiers
- Biometric data
How We Use Your Information
Your information is used solely to:
- Provide the App's services: Deliver conversations, tools, and features as configured by the App Owner
- Maintain your account: Authenticate you and manage your sessions
- Support the App Owner: The App Owner may view your records to provide their services to you
- Ensure security: Detect unauthorized access and maintain required audit trails
- Send notifications: Deliver messages or reminders configured by the App Owner
We do NOT use your information to:
- Train AI models (your conversations are never used as training data)
- Serve advertisements
- Sell or share data with third parties for their own purposes
- Profile you for marketing
AI Processing
Your conversations are processed by AI services to generate responses in real-time. Key facts:
- Your conversations are not used to train or improve any AI models
- AI processing occurs within infrastructure covered by appropriate data protection agreements
- No data is shared with third-party AI services beyond what is required to deliver the App's functionality
Data Storage and Security
Your information is protected by industry-standard technical safeguards, including:
- Encryption at rest and in transit for all stored and transmitted data
- Access controls limiting access to authorized personnel only
- Audit logging of all access to your information
- Automatic session expiration after periods of inactivity
- Network isolation keeping data separated from public internet access
Data Sharing
| Recipient | Purpose | Basis |
|---|---|---|
| The App Owner | Delivering their services to you | Your relationship with the App Owner |
| Infrastructure provider | Hosting and processing | Data processing agreement |
We do NOT sell your data. We do NOT share data with advertisers or data brokers.
We may disclose information if required by law (e.g., court order, mandatory reporting obligations).
Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion or App Owner termination |
| Conversations and entries | Until account deletion or App Owner termination |
| Security and audit logs | As required by applicable law |
After retention periods expire, data is permanently deleted.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
- Breach notification: Be notified if a breach of your information occurs
- Restrict use: Request restrictions on how your information is disclosed
To exercise any of these rights, contact the App Owner, who will coordinate with us as needed. Requests are fulfilled within 30 days.
Healthcare Applications (HIPAA)
If the App Owner is a healthcare provider and has designated the App as HIPAA-compliant, your information is treated as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act. In this case:
- GenieForge operates as a Business Associate under a signed agreement with the App Owner
- Additional technical safeguards apply in accordance with the HIPAA Security Rule
- All HIPAA-mandated rights (access, amendment, accounting of disclosures) apply
- You may file a complaint with the U.S. Department of Health and Human Services if you believe your rights have been violated: hhs.gov/hipaa/filing-a-complaint
International Users
GenieForge is operated by a company based in Canada. Our infrastructure is hosted in the United States. By using the App, you consent to the transfer and processing of your information in the United States and Canada.
Children's Privacy
This App is not directed at children under 13. If the App Owner serves minors, they are responsible for obtaining appropriate parental or guardian consent.
Changes to This Policy
We may update this Privacy Policy to reflect changes in practices or legal requirements. Material changes will be communicated through the App Owner or within the App.
Contact
- App Owner: Contact the individual or organization who provides the App to you
- GenieForge (Platform): privacy@genieforge.ai