Skip to main content
Genie9

Third-Party Services Disclosure - Nygma.ai

Last Updated: March 18, 2025

This Third-Party Services Disclosure provides information about the third-party services, integrations, and subprocessors used by Genie9 LTD ("Genie9", "we", "us", or "our"), a company registered in England and Wales with company registration number 08669198, in connection with the Nygma.ai service ("Service").

1. Infrastructure Providers

1.1 Cloud Hosting Services

Amazon Web Services (AWS)

  • Purpose: Primary cloud infrastructure provider
  • Services Used: S3 (storage), EC2 (compute), RDS (database), CloudFront (content delivery)
  • Data Processed: Encrypted user content, encrypted metadata, operational logs
  • Data Location: United States (primary region)
  • Privacy Policy: https://aws.amazon.com/privacy/

1.2 Content Delivery Network (CDN)

Amazon CloudFront

  • Purpose: Deliver web application assets
  • Services Used: Content distribution
  • Data Processed: Website assets, non-personal usage data
  • Data Location: Global edge locations
  • Privacy Policy: https://aws.amazon.com/cloudfront/faqs/

1.3 Database Services

Amazon RDS for MySQL

  • Purpose: Primary database service
  • Services Used: Relational database
  • Data Processed: Account information, encrypted metadata, service configuration
  • Data Location: United States (primary region)
  • Privacy Policy: https://aws.amazon.com/rds/

2. Payment Processing

2.1 Payment Gateway

Stripe, Inc.

  • Purpose: Payment processing for subscriptions
  • Services Used: Credit card processing, subscription billing, fraud detection
  • Data Processed: Payment information, billing addresses, transaction records
  • Data Location: United States and European Union
  • Privacy Policy: https://stripe.com/privacy

2.2 Additional Payment Methods

PayPal Holdings, Inc.

  • Purpose: Alternative payment method
  • Services Used: PayPal payment processing
  • Data Processed: PayPal account information, transaction records
  • Data Location: Multiple jurisdictions per PayPal's operations
  • Privacy Policy: https://www.paypal.com/privacy

3. Communication Services

3.1 Email Delivery

Amazon Simple Email Service (SES)

  • Purpose: Transactional email delivery
  • Services Used: Email sending, delivery tracking
  • Data Processed: Email addresses, email content (account notifications only)
  • Data Location: United States
  • Privacy Policy: https://aws.amazon.com/privacy/

3.2 Customer Support

Zendesk, Inc.

  • Purpose: Customer support ticketing system
  • Services Used: Support ticket management, knowledge base
  • Data Processed: Support communications, account identifiers
  • Data Location: United States
  • Privacy Policy: https://www.zendesk.com/privacy/

4. Analytics and Monitoring

4.1 Service Monitoring

DataDog, Inc.

  • Purpose: Application performance monitoring
  • Services Used: Server monitoring, error tracking, performance analytics
  • Data Processed: System logs, performance metrics, error reports
  • Data Location: United States
  • Privacy Policy: https://www.datadoghq.com/privacy/

4.2 Web Analytics

Google Analytics (Privacy-Enhanced)

  • Purpose: Website usage analytics
  • Services Used: Traffic analysis, user behavior tracking
  • Data Processed: Anonymized usage statistics, page views
  • Data Location: Multiple jurisdictions per Google's operations
  • Privacy Policy: https://policies.google.com/privacy

5. Security Services

5.1 DDoS Protection

Cloudflare, Inc.

  • Purpose: DDoS protection and security
  • Services Used: Web application firewall, DDoS mitigation
  • Data Processed: IP addresses, request logs
  • Data Location: Global edge locations
  • Privacy Policy: https://www.cloudflare.com/privacy/

5.2 Security Scanning

Qualys, Inc.

  • Purpose: Vulnerability scanning and security assessment
  • Services Used: Security scanning, compliance monitoring
  • Data Processed: System configurations, security scan results
  • Data Location: United States
  • Privacy Policy: https://www.qualys.com/privacy/

6. Development and Operations

6.1 Code Repository

GitHub, Inc.

  • Purpose: Source code management
  • Services Used: Git repository hosting, version control
  • Data Processed: Source code, development logs
  • Data Location: United States
  • Privacy Policy: https://docs.github.com/privacy

6.2 Error Tracking

Sentry.io

  • Purpose: Application error monitoring
  • Services Used: Error tracking, performance monitoring
  • Data Processed: Error logs, stack traces, performance data
  • Data Location: United States
  • Privacy Policy: https://sentry.io/privacy/

7. Compliance and Legal

7.1 Legal Services

Various Legal Firms

  • Purpose: Legal advice and compliance
  • Services Used: Legal consultation, compliance review
  • Data Processed: Legal matters, compliance documentation
  • Data Location: United Kingdom and European Union
  • Confidentiality: Attorney-client privilege applies

7.2 Audit Services

Independent Security Auditors

  • Purpose: Security audits and compliance verification
  • Services Used: SOC 2 audits, penetration testing
  • Data Processed: System configurations, audit findings
  • Data Location: Various jurisdictions
  • Confidentiality: Audit confidentiality agreements apply

8. Data Processing Principles

8.1 Zero-Knowledge Preservation

  • • All third-party integrations designed to preserve zero-knowledge architecture
  • • No third parties have access to user encryption keys
  • • Encrypted user content remains unintelligible to all third parties

8.2 Data Minimization

  • • We share only the minimum data necessary for each service
  • • Personal data sharing limited to operational requirements
  • • Regular review of third-party data access and usage

8.3 Contractual Safeguards

  • • All third parties bound by data protection agreements
  • • Regular assessment of third-party security practices
  • • Right to audit and terminate for non-compliance

9. Geographic Considerations

9.1 Data Locations

  • • Primary data processing in United States and European Union
  • • CDN and edge services may process data globally
  • • Users informed of data location implications

9.2 International Transfers

  • • Standard Contractual Clauses used where required
  • • Adequacy decisions relied upon where available
  • • Additional safeguards for transfers to non-adequate countries

10. User Rights and Control

10.1 Third-Party Opt-Outs

Users can opt out of certain third-party services:

  • • Google Analytics (via browser settings or opt-out)
  • • Marketing communications
  • • Non-essential cookies

10.2 Data Subject Rights

  • • Users can exercise rights regarding third-party processing
  • • We facilitate communication with third parties where necessary
  • • Assistance provided for data portability and deletion requests

11. Changes to Third-Party Services

11.1 New Third Parties

  • • Material new third-party integrations will be disclosed
  • • Users notified of significant changes to data processing
  • • Option to object to new third parties where feasible

11.2 Service Changes

  • • Regular review of third-party services and alternatives
  • • Replacement of services that no longer meet our standards
  • • User notification of service discontinuations

12. Contact Information

For questions about third-party services or to exercise your rights:

Data Protection Inquiries:

Email: dpo@genie9.com

General Legal Questions:

Email: legal@genie9.com

Mailing Address:

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

This Third-Party Services Disclosure was last updated on March 18, 2025. Please check our website for the most current version.

← Back to Nygma Legal Center
AI Built