Genoma Privacy Policy
Genoma AI — genomai.ai | Last Updated: March 24, 2026 | Effective Date: March 24, 2026
1. Introduction
Genoma AI ("we," "us," "our," or the "Company") operates the website genomai.ai and its associated subdomains, including genomai.ai/Ads (collectively, the "Platform"). Genoma AI is a content intelligence platform that provides AI-powered content strategy, image generation, and social media management tools.
This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you access or use our Platform, and explains your rights and choices regarding that information.
By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
2. Information We Collect
2.1 Information You Provide Directly
Account Information: When you create an account, we collect your name, email address, password (stored in encrypted form), and optional profile details such as company name and industry.
Payment Information: When you subscribe to a paid plan or purchase credit packs, we collect billing details through our payment processor, Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. Stripe processes and secures all payment data in compliance with PCI DSS standards.
Content and Inputs: We collect the content you create, upload, or input into the Platform, including brand descriptions, target audience information, content preferences, and text prompts for AI image generation.
Communications: If you contact us for support or provide feedback, we collect the content of those communications along with your contact information.
2.2 Information Collected Through Social Media Integrations
When you connect your social media accounts through our Platform, we collect information from the following services via authorized integrations:
Meta (Facebook and Instagram): Through OAuth 2.0 authorization, we access your public profile information, page data, post performance metrics, audience demographics, and content insights as permitted by the scopes you authorize. We comply with Meta's Platform Terms and Data Policy.
LinkedIn: Through OAuth 2.0 authorization, we access your professional profile information, company page data, post analytics, and engagement metrics as permitted by the scopes you authorize. In compliance with LinkedIn's API Terms, we retain social activity data for no more than 48 hours and profile data is deleted within 24 hours of account closure or user request.
X (formerly Twitter): Through OAuth 2.0 authorization, we access your public profile information, tweet data, engagement metrics, and audience insights as permitted by the scopes you authorize. We obtain express, informed consent before accessing X on your behalf, in compliance with X's Developer Policy.
TikTok: We collect publicly available information from TikTok based on a username or URL you provide. We do not access TikTok through OAuth or any private API. Only publicly available data is collected and processed.
You may disconnect any social media integration at any time through your account settings, and we will cease collecting new data from that service.
2.3 Information Collected Automatically
Usage Data: We automatically collect information about how you interact with the Platform, including pages visited, features used, actions taken, timestamps, and session duration.
Device and Browser Information: We collect device type, operating system, browser type and version, screen resolution, and language preferences.
Log Data: Our servers automatically record information including your IP address, access times, referring URLs, and error logs.
Cookies and Similar Technologies: We use cookies, local storage, and similar tracking technologies to maintain your session, remember preferences, and analyze usage patterns. See Section 10 for details on our cookie practices.
2.4 Information from Third-Party Services
Stripe: We receive transaction confirmations, subscription status, and payment success or failure notifications from Stripe. We do not receive or store your full payment card details.
Google Gemini API: When you use our AI image generation feature, your text prompts are transmitted to Google's Gemini API for processing. Google logs prompts and responses for a limited time solely for detecting violations of their Prohibited Use Policy and for legal compliance. Google does not use your prompts or generated images to train Gemini models. Processed data is disconnected from your Google Account and API identifiers before any human review.
3. How We Use Your Information
Platform Operation and Service Delivery: To provide, maintain, and improve the Platform's features, including content strategy generation, social media analytics, AI image generation, and network recommendations.
Personalization: To tailor content recommendations, strategy suggestions, and user experience based on your connected networks, industry, and usage patterns.
Payment Processing: To process subscriptions, credit pack purchases, and manage billing through Stripe.
AI Image Generation: To transmit your prompts to the Google Gemini API and deliver generated images.
Communication: To send you account-related notifications, service updates, and respond to your inquiries. We may also send promotional communications, from which you can opt out at any time.
Analytics and Improvement: To understand usage patterns, diagnose technical issues, and improve Platform functionality and performance.
Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and abuse.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 Service Providers and Processors
We share information with third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing name, email, transaction amounts, subscription data |
| Google (Gemini API) | AI image generation | Text prompts, image generation parameters |
| Meta | Social media integration | OAuth tokens, API requests for authorized data |
| Social media integration | OAuth tokens, API requests for authorized data | |
| X (Twitter) | Social media integration | OAuth tokens, API requests for authorized data |
| Hosting Provider | Infrastructure | Encrypted platform data |
Each service provider is contractually obligated to process your data only as instructed by us and in accordance with applicable data protection laws.
4.2 Legal Requirements
We may disclose your information if required by law, court order, judicial or governmental subpoena, or warrant.
4.3 Business Transfers
In the event of a merger, acquisition, reorganization, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any such change.
4.4 With Your Consent
We may share your information with third parties when you have given us explicit consent.
5. Data Retention
Account Data: Retained for as long as your account is active and for up to two (2) years following account deletion for legal compliance.
Payment and Transaction Records: Retained for seven (7) years as required by financial and tax regulations.
Usage and Analytics Data: Retained for twenty-four (24) months from the date of collection.
Social Media Data from OAuth Integrations: Retained only while the integration is active. Upon disconnection, imported data is deleted within thirty (30) days, except where LinkedIn's API Terms require earlier deletion.
AI-Generated Content: Images and prompts are retained for as long as your account is active. Upon account deletion, this data is deleted within sixty (60) days.
Support Communications: Retained for three (3) years for quality assurance and legal purposes.
You may request deletion of your data at any time as described in Section 6.
6. Your Privacy Rights
6.1 Rights Under California Law (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know and Access: Request the categories and specific pieces of personal information we have collected about you.
- Delete: Request deletion of your personal information, subject to certain exceptions.
- Correct: Request correction of inaccurate personal information.
- Opt-Out of Sale or Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
- Limit Use of Sensitive Personal Information: Request that we limit our use to what is necessary for providing the Platform.
- Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment.
To exercise your rights, contact us at [email protected]. We will respond within forty-five (45) days.
6.2 Rights Under Other US State Privacy Laws
Residents of Virginia, Colorado, Connecticut, Utah, Indiana, Kentucky, Rhode Island, and other states with applicable privacy laws may have similar rights. Contact us at [email protected] to exercise your rights.
6.3 Rights Under GDPR (European Economic Area Users)
If you are located in the EEA, UK, or Switzerland, you have additional rights under the GDPR, including access, rectification, erasure, restriction of processing, data portability, and objection. For international data transfers, we rely on Standard Contractual Clauses (SCCs). Contact us at [email protected].
7. Data Security
We implement commercially reasonable technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- OAuth token encryption using AES-256 with secure key management
- Regular security assessments and vulnerability testing
- Role-based access controls for internal personnel
- Secure API communication with all third-party service providers
- Automated monitoring for suspicious activity
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure.
8. Children's Privacy
The Platform is not intended for use by children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.
If you are a parent or guardian and believe your child has provided us with personal information, contact us at [email protected].
9. Automated Decision-Making
Content Recommendations: Our two-layer recommendation system analyzes your connected social media networks and publicly available data to suggest content strategies. Layer 1 provides recommendations for connected networks; Layer 2 identifies growth opportunities on unconnected networks.
AI Image Generation: Text prompts you provide are processed by the Google Gemini API to generate images. The output is determined by the AI model and is not subject to human review before delivery.
These automated processes are designed to enhance your experience and do not produce legal or similarly significant effects. Contact us at [email protected] for questions about our automated processing.
10. Cookies and Tracking Technologies
Strictly Necessary Cookies: Required for Platform operation, including authentication, session management, and security. These cannot be disabled.
Functional Cookies: Enable enhanced functionality and personalization.
Analytics Cookies: Help us understand how users interact with the Platform.
We do not use advertising or tracking cookies for cross-site behavioral advertising. You can manage cookie preferences through your browser settings.
11. Third-Party Links
The Platform may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of third parties.
12. International Data Transfers
Genoma AI is based in the United States. If you access the Platform from outside the US, your information will be transferred to and processed in the United States. For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs).
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you at least thirty (30) days before the changes take effect. Your continued use after the effective date constitutes acceptance.
14. Data Breach Notification
In the event of a data breach, we will notify you and applicable regulatory authorities within seventy-two (72) hours of becoming aware, where feasible, in accordance with applicable laws.
15. Do Not Track Signals
We honor Global Privacy Control (GPC) signals and "Do Not Track" browser signals by not engaging in cross-site tracking.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy:
17. Supplemental Notices
17.1 Notice to California Residents
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, account ID | Yes |
| Customer Records | Billing name, billing address | Yes |
| Commercial Information | Subscription history, credit pack purchases | Yes |
| Internet/Network Activity | Browsing history on Platform, interaction data | Yes |
| Geolocation Data | Approximate location from IP address | Yes |
| Professional Information | LinkedIn profile data, company information | Yes |
| Inferences | Content preferences, recommended strategies | Yes |
| Sensitive Personal Information | Account login credentials | Yes |
We Do Not Sell or Share Personal Information as defined under the CCPA/CPRA.
17.2 Notice to Users of AI-Generated Content
Images generated through the Platform using the Google Gemini API are provided for your use in accordance with our Terms of Service. You are responsible for ensuring your use of AI-generated images complies with applicable laws and the terms of social media platforms where you publish such content.
This Privacy Policy is effective as of March 24, 2026. — Genoma AI, genomai.ai