Skip to main content
Genie9

Data Protection Addendum - Nygma.ai

Last Updated: March 18, 2025

This Data Protection Addendum forms part of the Terms of Service and End User License Agreement between you and Genie9 LTD regarding the processing of Personal Data in connection with the Nygma.ai service. This DPA applies to the extent that we process Personal Data on your behalf or in connection with your use of the Service, and such processing is subject to Data Protection Laws.

1. Definitions

1.1 Data Protection Terms

  • "Data Protection Laws" means all applicable laws relating to the processing of Personal Data, including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other applicable privacy laws.
  • "Personal Data" means any information relating to an identified or identifiable natural person as defined by applicable Data Protection Laws.
  • "Processing" has the meaning given in applicable Data Protection Laws.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Data Controller" means the entity that determines the purposes and means of processing Personal Data.
  • "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.

1.2 Service-Specific Terms

  • "Customer Data" means all data, including Personal Data, uploaded to or processed through the Service by you or on your behalf.
  • "Zero-Knowledge Encryption" means encryption where only you hold the decryption keys, making it technically impossible for us to access the encrypted content.
  • "Metadata" means information about Customer Data that is not encrypted, such as file names, sizes, and timestamps.

2. Data Processing Roles

2.1 Dual Processing Relationship

Depending on the type of data and processing activity, we may act as either:

  • Data Controller for account management data, billing information, and service usage analytics
  • Data Processor for Customer Data that you upload and encrypt through the Service

2.2 Customer as Data Controller

When you upload Personal Data to the Service, you act as the Data Controller and are responsible for:

  • • Ensuring lawful basis for processing
  • • Obtaining necessary consents from Data Subjects
  • • Complying with Data Subject rights requests
  • • Determining retention periods for Personal Data

2.3 Genie9 as Data Processor

When processing Customer Data, we act as your Data Processor and commit to:

  • • Processing data only on your documented instructions
  • • Implementing appropriate technical and organizational measures
  • • Assisting with Data Subject rights requests where technically feasible
  • • Notifying you of any data breaches

3. Zero-Knowledge Architecture

3.1 Technical Impossibility of Access

  • • Our zero-knowledge encryption architecture makes it technically impossible for us to access, read, or process the content of your encrypted files
  • • All encryption and decryption occurs on your devices using keys that only you control
  • • We cannot comply with requests to access encrypted Customer Data, even when legally compelled

3.2 Encrypted Data Processing

For encrypted Customer Data, we only process:

  • • Encrypted data blocks (unintelligible without your decryption keys)
  • • Metadata necessary for service operation (file names, sizes, timestamps)
  • • Synchronization information required for multi-device access

3.3 Data We Can Access

We can access and process:

  • • Account information (email, subscription details)
  • • Billing and payment information
  • • Service usage logs and analytics
  • • Unencrypted metadata
  • • Communications with customer support

7. Data Transfers

7.1 International Transfers

Data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate protection through:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions where available
  • Technical safeguards including encryption

7.2 Transfer Safeguards

  • • All data transfers are encrypted and secured
  • • Zero-knowledge encryption provides additional protection
  • • Regular assessment of transfer mechanisms and safeguards

10. Sub-Processors

10.1 Current Sub-Processors

We may engage sub-processors for:

  • • Cloud infrastructure services
  • • Payment processing
  • • Customer support tools
  • • Analytics and monitoring

10.2 Sub-Processor Safeguards

  • • All sub-processors bound by data protection obligations
  • • Due diligence and regular audits
  • • Contractual requirements for security and privacy
  • • Right to terminate for non-compliance

10.3 Sub-Processor Changes

  • • Notification of new sub-processors via website updates
  • • Opportunity to object to new sub-processors
  • • Alternative arrangements for objections where feasible

15. Contact Information

For data protection inquiries and Data Subject rights requests:

Data Protection Officer:

Email: dpo@genie9.com

Legal Department:

Email: legal@genie9.com

General Contact:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

EU Representative:

Contact details provided separately for EU users

This Data Protection Addendum was last updated on March 18, 2025. Please check our website for the most current version.

← Back to Nygma Legal Center
AI Built