Regional Compliance Notices - Nygma.ai

Last Updated: March 18, 2025

This Regional Compliance Notice provides jurisdiction-specific information about how Genie9 LTD ("Genie9", "we", "us", or "our") complies with regional data protection and privacy laws in connection with the Nygma.ai service ("Service").

1. European Union and United Kingdom

1.1 GDPR and UK GDPR Compliance

Legal Basis for Processing:

• Contract performance for service delivery
• Legitimate interests for security and service improvement
• Consent where specifically obtained

Your Rights Under GDPR/UK GDPR:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Data Protection Officer:

Email: dpo@genie9.com

EU Representative: Contact details provided separately for EU users

1.2 Data Transfers

• Standard Contractual Clauses implemented for transfers outside the EU/UK
• Adequacy decisions relied upon where available
• Additional safeguards including encryption and zero-knowledge architecture

1.3 Lawful Bases

• Service Delivery: Contract performance (Article 6(1)(b) GDPR)
• Security: Legitimate interests (Article 6(1)(f) GDPR)
• Marketing: Consent (Article 6(1)(a) GDPR)
• Legal Compliance: Legal obligation (Article 6(1)(c) GDPR)

2. California, USA

2.1 California Consumer Privacy Act (CCPA/CPRA)

Categories of Personal Information Collected:

• Identifiers (email addresses, account IDs)
• Commercial information (subscription details, payment history)
• Internet activity (usage logs, IP addresses)
• Geolocation data (country/region for service delivery)

Your California Rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of sale/sharing (Note: We do not sell personal information)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising rights

Contact for California Rights:

Email: california-privacy@genie9.com

Phone: [To be provided]

2.2 California Privacy Disclosures

• We do not sell personal information as defined by CCPA
• We do not share personal information for cross-context behavioral advertising
• We retain personal information only as long as necessary for stated purposes

3. Canada

3.1 Personal Information Protection and Electronic Documents Act (PIPEDA)

Privacy Officer:

Email: privacy-officer@genie9.com

Your Rights Under PIPEDA:

• Right to access your personal information
• Right to request correction of inaccuracies
• Right to withdraw consent where applicable
• Right to file complaints with the Privacy Commissioner

3.2 Provincial Privacy Laws

• We comply with substantially similar provincial privacy laws
• Additional protections may apply in Quebec (Law 25)
• Contact us for province-specific questions

4. Australia

4.1 Privacy Act 1988 and Australian Privacy Principles

Your Rights:

• Right to access your personal information
• Right to correct inaccurate information
• Right to make complaints to the Office of the Australian Information Commissioner

Contact for Australian Privacy Matters:

Email: australia-privacy@genie9.com

4.2 Notifiable Data Breaches

• We comply with Australian data breach notification requirements
• Notifications made to OAIC and affected individuals as required by law

5. Brazil

5.1 Lei Geral de Proteção de Dados (LGPD)

Legal Basis for Processing:

• Contract execution for service delivery
• Legitimate interest for security purposes
• Consent where specifically obtained

Your Rights Under LGPD:

• Right to access your personal data
• Right to rectification
• Right to erasure
• Right to data portability
• Right to object to processing

Data Protection Officer for Brazil:

Email: brazil-dpo@genie9.com

6. Other Jurisdictions

6.1 Switzerland

• We comply with the revised Federal Data Protection Act (nFADP)
• Adequate protection measures implemented for data transfers

6.2 Singapore

• Compliance with Personal Data Protection Act (PDPA)
• Data Protection Officer: singapore-privacy@genie9.com

6.3 Japan

• Compliance with Act on Protection of Personal Information (APPI)
• Contact: japan-privacy@genie9.com

7. Age Restrictions

7.1 Minimum Age Requirements

General Policy:

• Service not directed to children under 13 (US)
• Minimum age 16 in EU without parental consent
• Regional variations apply based on local law

Parental Consent:

• Required for users under applicable age limits
• Verification procedures implemented
• Parents may review and request deletion of child's data

7.2 School and Educational Use

• Special provisions for educational institutions
• FERPA compliance for US educational users
• Contact education@genie9.com for educational use

8. International Users

8.1 Cross-Border Data Transfers

• All international transfers protected by appropriate safeguards
• Zero-knowledge encryption provides additional protection
• Regular review of transfer mechanisms

8.2 Local Representative

Where required by law, we appoint local representatives:

• EU Representative: [Contact details provided]
• UK Representative: [Contact details provided]
• Other jurisdictions as required

9. Export Control Compliance

9.1 Encryption Export Controls

• Service complies with applicable export control laws
• Restrictions may apply in certain countries
• Users responsible for compliance with local laws

9.2 Restricted Countries

• Service may not be available in all countries
• Compliance with international sanctions and export controls
• Regular review of restricted jurisdictions

10. Cookie and Tracking Notice

10.1 Cookie Consent

• Cookie consent obtained as required by local law
• Granular controls provided where required
• Cookie policy available separately

10.2 Do Not Track

• We honor Do Not Track signals where technically feasible
• Limited tracking due to zero-knowledge architecture

11. Data Localization

11.1 Local Storage Requirements

• Compliance with data localization laws where applicable
• Regional data centers used where required
• User control over data location where technically feasible

11.2 Government Access

• Zero-knowledge architecture limits government access capabilities
• We comply with lawful requests to the extent technically possible
• Transparency reporting provided annually

12. Changes to This Notice

12.1 Updates

• Material changes communicated with 30 days' notice
• Region-specific changes communicated to affected users
• Continued use constitutes acceptance of changes

12.2 Translation

• This notice may be translated into local languages
• English version controls in case of conflicts
• Local language versions available upon request

13. Contact Information

General Legal Inquiries:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

Email: legal@genie9.com

Region-Specific Contacts:

• EU/UK: eu-privacy@genie9.com
• California: california-privacy@genie9.com
• Canada: canada-privacy@genie9.com
• Australia: australia-privacy@genie9.com
• Brazil: brazil-privacy@genie9.com

General Privacy Questions:

Email: privacy@genie9.com

This Regional Compliance Notice was last updated on March 18, 2025. Please check our website for the most current version.

← Back to Nygma Legal Center