Gen6 Privacy Policy

1. Definition of Service

Service refers to the Gen6 AI platform, including its web and mobile applications, APIs, and integrations that provide users with AI-powered functionality, analytics, and workflow automation.

The Service may incorporate machine learning and other automated technologies to generate outputs based on user inputs. Such outputs are probabilistic in nature and may not always be accurate, complete, or suitable for all purposes.

The Service may include integrations with third-party services or data providers, which are subject to their own terms and privacy policies. Gen6 does not control and is not responsible for third-party services.

Use of the Service may involve the processing of personal data, as further described in the Gen6 Privacy Policy.

2. Data Controller and Contact

Gen6 is operated by Gen 6 Technologies, which acts as the Data Controller for personal data processed in connection with the Service.

3. Information We Collect

We collect information directly from you and, where applicable, from third-party sources (e.g., service partners or analytics tools). This may include:

• Name, contact details, and billing information
• Device, browser, and advertising identifiers
• Cookies and usage data (e.g., pages visited, time spent, actions taken)

We may also receive personal data from third-party partners, such as analytics providers, infrastructure providers, and integrated services, in accordance with their respective privacy policies.

Where required by applicable law, we obtain your consent for the use of cookies and similar tracking technologies.

4. How We Use Information

We use personal data to:

• Provide and maintain the Service
• Enable AI-powered features requested by users
• Process billing and customer support
• Communicate updates or respond to inquiries
• Ensure compliance with legal obligations and security requirements

5. Legal Bases for Processing

We process personal data in accordance with the following legal bases under the General Data Protection Regulation (GDPR):

• Contractual necessity (Art. 6(1)(b)) – to deliver the Service and process payments
• Legitimate interests (Art. 6(1)(f)) – to enhance product functionality, detect fraud, and improve security
• Consent (Art. 6(1)(a)) – for marketing, non-essential cookies, or analytics
• Legal obligation (Art. 6(1)(c)) – to comply with statutory or regulatory requirements

Legitimate interests include: maintaining system integrity, understanding user engagement, preventing misuse, and developing new features responsibly.

We do not intentionally process special categories of personal data (as defined under Art. 9 GDPR) unless explicitly disclosed and supported by a valid legal basis.

6. Data Transfers

When transferring personal data outside the EEA or UK, Gen6 relies on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent UK transfer mechanisms to ensure adequate protection.

7. Disclosure of Information

We may share personal data with processors, AI providers, and in connection with legal or business transfers, as described below.

Business and Legal Disclosures

We may disclose personal data in connection with corporate transactions, such as mergers, acquisitions, or asset sales, or where required to comply with applicable legal obligations, enforce our terms, or protect our rights. In such cases, we ensure that appropriate safeguards are in place to maintain the confidentiality and security of personal data.

AI Model Providers and Service Partners

Gen6 may share limited personal data with trusted providers (e.g., OpenAI, Anthropic, Google, Groq, Supabase) solely to process user-authorized workflows. These partners act as Data Processors under our instructions, except where they independently process data under their own policies.

Gen6 remains the Data Controller for all personal data shared with such partners, which act strictly as Processors unless otherwise stated.

8. Security

We employ industry-standard measures – encryption, access controls, and continuous monitoring – via Supabase and other infrastructure partners to protect data integrity.

9. Cookies and Tracking

Cookies and advertising IDs may be used for analytics or personalization. In the EEA/UK, non-essential cookies are set only with consent.

10. Data Subject Rights

Depending on your jurisdiction, you may request to access, correct, delete, or restrict processing of your personal data, or withdraw consent.

Contact: legal@gen6.ai.

11. Data Protection Officer (if applicable)

Gen6 is assessing the appointment of a Data Protection Officer (DPO) to oversee compliance. If appointed, DPO details will be added to this Policy and published on our website.

12. International Frameworks and AI Compliance

Gen6 complies with the EU AI Act (Regulation (EU) 2024/1689) and associated transparency obligations. AI providers operate under written contracts ensuring lawful, fair, and transparent data use.

13. Use of Google Workspace Data and AI Integrations

Gen6 integrates with certain Google Workspace APIs (such as Gmail, Drive, or Calendar) to deliver user-requested features. Access to Google user data is limited to the minimum scope necessary to provide these specific functionalities and is processed only in real time to fulfill the user’s request.

No Google user data is ever used to train, develop, or improve generalized or nonpersonalized AI or machine learning models. Gen6 does not, and will not, use data obtained from Google Workspace APIs to build or improve any AI model that learns across users or datasets.

When AI processing is involved, Gen6 may transmit limited data to trusted third-party providers (such as OpenAI, Anthropic, or Groq) solely for the purpose of generating a user-specific response. These providers operate under written agreements confirming that API data is not used to train or improve their generalized models and is retained only temporarily for service delivery and safety monitoring.

Gen6’s use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. Data obtained from Google APIs is never transferred, sold, or combined with other user data to create profiles or datasets used for generalized AI/ML training.

14. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide and maintain the Service, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

Account-related data may be retained for up to five (5) years following account termination, unless a longer retention period is required or permitted by applicable law.

In determining appropriate retention periods, we consider the nature and sensitivity of the data, the purposes of processing, applicable legal requirements, and the need to ensure security and prevent fraud.

Where personal data is no longer required, it will be securely deleted or anonymized in accordance with applicable laws and internal policies.

15. Age Restrictions and Eligibility

The Service is intended only for individuals aged 18 and above. Persons under the age of 18 are not permitted to use the Service.

We do not knowingly collect or process personal data from individuals under the age of 18. If we become aware that such data has been collected without appropriate authorization, we will take reasonable steps to delete it promptly.

Where required by applicable law, the processing of personal data relating to minors may be subject to parental or guardian consent.

16. Updates and Contact

We may update this Policy from time to time to reflect regulatory or operational changes. Material updates will be notified via the Service or email.