Skip to main content
Genie9

Nygma Privacy Policy

Last Updated: March 18, 2025

Effective Date: March 18, 2025

Built for Those Who Refuse to Be Watched

The internet wasn't built for privacy, so we built Nygma.

1. Introduction

This Privacy Policy describes how Genie9 LTD ("Genie9," "we," "us," or "our") collects, uses, and protects information in connection with Nygma.ai ("Nygma" or the "Service"). We are committed to protecting your privacy through our zero-knowledge encryption architecture.

Data Controller:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

2. Information We Collect

2.1 Information You Provide

Account Information:

  • • Email address (encrypted)
  • • Username (if chosen)
  • • Payment information (processed by third parties)

Note: We do NOT collect or have access to:

  • • Your password (only a hash is stored)
  • • Your encryption keys
  • • The contents of your encrypted files
  • • Your file names or folder structures

2.2 Automatically Collected Information

Technical Information:

  • • IP address (anonymized after 24 hours)
  • • Browser type and version
  • • Operating system
  • • Device identifiers
  • • Log data and usage statistics

2.3 Payment Information

Payment processing is handled by third-party processors (Stripe, PayPal). We do not store credit card numbers or banking information.

3. Zero-Knowledge Encryption Explained

3.1 What It Means

Zero-knowledge means we cannot access your encrypted data. Your encryption key is derived from your password and never transmitted to our servers.

3.2 Technical Implementation

  • Client-side encryption: All encryption happens on your device
  • Key derivation: PBKDF2 with 100,000+ iterations
  • Encryption standard: AES-256-GCM
  • No key escrow: We never possess your encryption keys

3.3 What We Cannot Do

Due to our zero-knowledge architecture, we CANNOT:

  • • Recover your password
  • • Access your encrypted files
  • • Share your data with third parties
  • • Comply with data access requests for encrypted content

4. How We Use Your Information

4.1 Service Provision

  • • Creating and managing your account
  • • Processing payments
  • • Providing customer support
  • • Sending service-related communications

4.2 Service Improvement

  • • Analyzing aggregated usage patterns
  • • Identifying technical issues
  • • Developing new features
  • • Improving user experience

4.3 Legal Compliance

  • • Complying with legal obligations
  • • Enforcing our Terms of Service
  • • Protecting rights and safety

5. Information Sharing

5.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information.

5.2 Service Providers

We may share information with trusted service providers:

  • • Cloud infrastructure (AWS, Google Cloud)
  • • Payment processors (Stripe, PayPal)
  • • Email services (for notifications)
  • • Analytics (anonymized data only)

5.3 Legal Requirements

We may disclose information if required by law, but due to zero-knowledge encryption, we cannot provide access to your encrypted data.

6. Law Enforcement and Data Requests

6.1 Our Approach

We will only respond to lawful requests that:

  • • Are properly served according to applicable law
  • • Include appropriate legal documentation
  • • Are narrow in scope

6.2 What We Can Provide

  • • Account creation date
  • • Last login date (if available)
  • • Payment history
  • • IP logs (if within retention period)

6.3 What We Cannot Provide

  • • Your password
  • • Encryption keys
  • • Decrypted file contents
  • • File names or structures

6.4 Transparency

We maintain a transparency report detailing government requests.

7. Data Security

7.1 Security Measures

We implement industry-standard security measures:

  • • TLS 1.3 for data in transit
  • • Encryption at rest for databases
  • • Regular security audits
  • • Intrusion detection systems
  • • Access controls and logging

7.2 Incident Response

In case of a security incident:

  • • We will notify affected users within 72 hours
  • • We will provide details of what occurred
  • • We will explain steps taken to address the issue

8. International Data Transfers

8.1 Data Location

Your encrypted data may be stored in data centers globally. Metadata is primarily processed in the United Kingdom and European Union.

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

  • • Standard Contractual Clauses
  • • Adequacy decisions
  • • Your explicit consent where required

9. Data Retention

9.1 Active Accounts

We retain your information while your account is active and as needed to provide services.

9.2 Deleted Accounts

When you delete your account:

  • • Encrypted data is immediately removed
  • • Metadata is retained for 30 days (for recovery)
  • • Legal hold data may be retained longer

9.3 Specific Retention Periods

  • • IP logs: 24 hours
  • • Payment records: 7 years (legal requirement)
  • • Support tickets: 2 years
  • • Analytics data: 13 months

10. Your Privacy Rights

10.1 Universal Rights

Regardless of location, you have the right to:

  • • Access your personal information
  • • Correct inaccurate information
  • • Delete your account and data
  • • Export your data
  • • Object to certain processing

10.2 Regional Rights

European Union (GDPR):

  • • Right to data portability
  • • Right to restrict processing
  • • Right to withdraw consent
  • • Right to lodge a complaint with supervisory authority

California (CCPA):

  • • Right to know what information is collected
  • • Right to delete personal information
  • • Right to opt-out of data sale (we don't sell data)
  • • Right to non-discrimination

10.3 Exercising Your Rights

To exercise your rights:

  • • Email: privacy@genie9.com
  • • Account settings: Self-service options
  • • Response time: Within 30 days

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect information from children. If we learn we have collected information from a child under 16, we will delete it.

12. Cookies and Tracking

We use minimal cookies necessary for:

  • • Authentication
  • • Security
  • • Preferences

See our Cookie Policy for details.

13. Changes to This Policy

We may update this Policy periodically. We will notify you of material changes via:

  • • Email notification
  • • Service announcement
  • • Requiring acknowledgment for continued use

14. Contact Information

Privacy Questions:

Email: privacy@genie9.com

Data Protection Officer:

Email: dpo@genie9.com

Mailing Address:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

EU Representative:

[To be appointed]

15. Technical Impossibility Disclosure

15.1 What Zero-Knowledge Means

Our zero-knowledge architecture creates technical impossibilities:

  • Password Recovery: If you forget your password, your data is permanently inaccessible
  • Encrypted Content Access: We cannot view, modify, or recover your encrypted files
  • Key Recovery: Lost encryption keys cannot be recovered
  • Compliance Limitations: We cannot comply with requests to decrypt user data

15.2 Your Responsibility

You are solely responsible for:

  • • Remembering your password
  • • Backing up your recovery key
  • • Understanding the permanence of encryption

16. Privacy by Design

16.1 Core Principles

Our service is built on:

  • Data minimization: We collect only what's necessary
  • Purpose limitation: Data is used only for stated purposes
  • Privacy by default: Maximum privacy settings by default
  • Transparency: Clear communication about data practices

16.2 Privacy Features

  • • Anonymous account creation option
  • • Cryptocurrency payment support
  • • Tor network compatibility
  • • No tracking pixels in emails

17. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices.

18. California Privacy Rights

18.1 Shine the Light

California residents may request information about disclosure of personal information to third parties for marketing purposes. We do not share information for marketing.

18.2 Do Not Track

We respond to browser Do Not Track signals by disabling non-essential tracking.

19. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contract: To provide our services
  • Legitimate Interests: For security and fraud prevention
  • Consent: For marketing communications
  • Legal Obligation: To comply with laws

20. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects.

21. Data Breach Notification

In the event of a breach affecting your personal data:

  • • We will notify you within 72 hours
  • • We will provide: nature of breach, likely consequences, mitigation measures
  • • We will document all breaches

22. Privacy Shield

While Privacy Shield has been invalidated, we maintain equivalent protections through Standard Contractual Clauses.

23. Special Categories of Data

We do not intentionally collect sensitive personal data (health, religion, political views, etc.). Our zero-knowledge encryption ensures we cannot access such data if you store it.

24. Marketing Communications

24.1 Opt-in

We only send marketing emails with your consent.

24.2 Opt-out

You can unsubscribe at any time via:

  • • Unsubscribe link in emails
  • • Account settings
  • • Emailing privacy@genie9.com

25. Supplemental Privacy Notices

We may provide additional privacy notices for specific features or services.

Appendix A: Definitions

  • Personal Data: Information that identifies or relates to you
  • Processing: Any operation performed on personal data
  • Zero-Knowledge: Cryptographic architecture where service provider cannot access user data
  • Encryption Key: Cryptographic key used to encrypt/decrypt your data

Appendix B: Privacy Resources

Version History:

  • • Version 2.0 - March 18, 2025: Major update for enhanced privacy features
  • • Version 1.0 - January 1, 2024: Initial policy

Legal Notice:

This Privacy Policy constitutes a legally binding agreement. By using Nygma, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

← Back to Nygma Legal Center
AI Built