Privacy Policy

1. Introduction and Scope

2. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set forth below:

• "Personal Information" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, IP address, and account credentials.
• "Business Data" means information about a business entity provided by or on behalf of a user, including company name, website URL, industry classification, brand keywords, competitor information, and business descriptions.
• "Platform Data" means data generated by or collected through the Services, including visibility scores, citation metrics, brand presence rates, AI platform monitoring results, content analysis outputs, and analytics reports.
• "Crawl Data" means content, metadata, and structural information collected from business websites that users have authorized us to crawl for the purpose of content analysis and optimization.
• "Usage Data" means information about how users interact with our Services, including feature usage patterns, click events, session duration, navigation paths, and user interface interactions.
• "AI Platforms" means third-party artificial intelligence systems and large language models, including but not limited to ChatGPT (OpenAI), Gemini (Google), Claude (Anthropic), Perplexity AI, Microsoft Copilot, Meta AI, and other AI-powered search and conversational platforms.
• "Agency" means a user account configured as an agency that manages one or more client business accounts through our platform.
• "Managed Business" means a business account that is managed by an Agency on our platform.
• "Data Controller" means the entity that determines the purposes and means of processing personal data, as defined under the General Data Protection Regulation (GDPR).
• "Data Processor" means the entity that processes personal data on behalf of the Data Controller, as defined under the GDPR.
• "Services" means the Genmark AI platform, website, APIs, reports, dashboards, and all related tools and features we provide.

3. Information We Collect

We collect various types of information in connection with the Services. The categories of information we collect depend on how you interact with our platform and which features you use.

3.1 Personal Information

When you create an account, subscribe to our Services, or communicate with us, we collect personal information that you voluntarily provide, including:

• Identity Information: Full name, job title, and professional role.
• Contact Information: Email address, phone number, and mailing address.
• Account Credentials: Username, password (stored in hashed form), and authentication tokens.
• Billing Information: Billing name, billing address, and subscription plan details. Credit card and payment card numbers are processed directly by our payment processor, Stripe, and are never stored on our servers.
• Profile Information: Profile photo, timezone preferences, notification settings, and communication preferences.
• Team Member Information: Names and email addresses of team members you invite to your account.

3.2 Business Information

To provide our brand visibility monitoring services, we collect information about your business, including:

• Company Details: Business name, website URL, industry, business description, and geographic location.
• Brand Information: Brand names, brand keywords, product and service descriptions, unique selling propositions, and brand messaging.
• Competitor Information: Names and websites of competitors you designate for comparative visibility analysis.
• Target Audience Data: Ideal customer profiles, target demographics, and market segments you configure for analysis.
• Agency Relationships: For agency accounts, information about the parent agency, managed client businesses, and the relationships between them.

3.3 Usage Data

We automatically collect information about how you interact with our Services, including:

• Features accessed, pages viewed, and navigation paths within the platform.
• Frequency and duration of sessions and feature usage.
• Click patterns, scroll behavior, and user interface interactions.
• Reports generated, dashboards viewed, and exports downloaded.
• Search queries performed within the platform.
• Errors encountered and performance metrics related to your usage.

3.4 Technical Data

When you access our Services, we automatically collect certain technical information, including:

• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
• Network Information: IP address, Internet service provider, and approximate geographic location derived from IP address.
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixels, and similar tracking technologies. See Section 13 for details.
• Log Data: Server logs recording access times, pages viewed, referring URLs, and system activity.

3.5 Website Crawl Data

With your explicit authorization, we crawl your business website to analyze its content for AI visibility optimization. This crawl data includes:

• Page content, headings, meta descriptions, and structured data from your website.
• Internal link structure, page hierarchy, and sitemap information.
• Published content such as blog posts, service descriptions, and landing page copy.
• Technical SEO elements including schema markup, canonical tags, and robots directives.
• Content freshness indicators including publication and modification dates.

3.6 AI Platform Monitoring Data

Our core service involves monitoring your brand's presence across AI platforms. The monitoring data we collect includes:

• Visibility Scores: Quantitative measures of how often and how prominently your brand appears in AI-generated responses.
• Citation Data: Records of when AI platforms cite or reference your brand, website, products, or content.
• Mention Analysis: Context, sentiment, and positioning of brand mentions in AI outputs.
• Brand Presence Rate (BPR): The rate at which your brand is present in AI responses to relevant queries in your industry.
• Competitor Visibility: Comparative visibility metrics for the competitors you have designated.
• Query Data: The prompts and queries used to assess visibility, generated based on your industry, services, and target audience.
• Historical Trends: Time-series data tracking changes in your visibility metrics over time.

3.7 Social Media Data

If you choose to connect social media accounts to our platform, we collect data from those connected accounts in accordance with the permissions you grant and the respective platform's API terms. This may include:

• Account Information: Connected social media account names, profile information, and page/business identifiers.
• Post Analytics: Engagement metrics (likes, shares, comments, impressions, reach) for your published content.
• Audience Insights: Aggregated demographic and geographic data about your social media audience, as provided by the social media platform.
• Content Performance: Performance data for social media posts created or scheduled through our platform.
• Authentication Tokens: OAuth tokens required to maintain the connection to your social media accounts. These tokens are encrypted at rest.

We currently support integrations with LinkedIn, Facebook, Instagram, and Google Analytics. We access only the data scopes that you explicitly authorize during the connection process. You can revoke these connections at any time from your account settings.

3.8 Payment Information

Payment processing for our Services is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. When you subscribe to a paid plan or make a purchase:

• Your payment card details (card number, CVV, expiration date) are collected and processed directly by Stripe. We never receive, store, or have access to your full payment card numbers.
• We receive from Stripe a tokenized reference, the last four digits of your card, card brand, expiration date, and billing address for record-keeping and customer support purposes.
• Transaction records including amounts, dates, subscription plan details, and invoice history are maintained in our systems.

Stripe's privacy policy governs their collection and use of your payment information. You can review it at stripe.com/privacy.

3.9 Communications Data

We collect information from your communications with us, including:

• Support requests, feedback, and correspondence sent via email, chat, or our support portal.
• Survey responses and feedback you provide about our Services.
• Content of communications you initiate through the platform (e.g., team messages, notes).

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Operations

• Providing, operating, and maintaining the Genmark AI platform and all associated features.
• Monitoring your brand visibility across AI platforms and generating visibility scores, citations, and analytics.
• Crawling your authorized business website to analyze content for AI optimization opportunities.
• Processing competitor visibility analysis and generating comparative reports.
• Facilitating social media management, content creation, and campaign management features.
• Managing agency and multi-business account structures.
• Processing payments and managing subscriptions.

4.2 Service Improvement and Development

• Analyzing usage patterns to understand how our Services are used and identify areas for improvement.
• Developing new features, tools, and capabilities based on user needs and feedback.
• Improving the accuracy and reliability of our visibility monitoring algorithms and scoring models.
• Conducting internal research and analytics using aggregated and anonymized data.
• Testing and debugging the platform to ensure quality and reliability.

4.3 Communications

• Sending transactional communications such as account confirmations, subscription receipts, password resets, and security alerts.
• Delivering service notifications including visibility report completions, alert triggers, and system updates.
• Sending marketing communications about new features, product updates, and promotional offers (with your consent where required by law; you may opt out at any time).
• Responding to your support requests, inquiries, and feedback.

4.4 Security and Compliance

• Detecting, preventing, and investigating fraud, unauthorized access, and other malicious activities.
• Enforcing our Terms of Service and other legal agreements.
• Complying with applicable laws, regulations, legal processes, and government requests.
• Maintaining audit logs for security monitoring and compliance purposes.

4.5 Aggregate and Anonymized Analytics

We may create aggregated, de-identified, or anonymized data from the information we collect. Anonymized data does not identify you personally and is not considered Personal Information under applicable law. We use anonymized data for industry benchmarking, platform performance analysis, market research, and to improve our Services. We may share anonymized data with third parties for analytical purposes.

5. Legal Basis for Processing

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

5.1 Performance of a Contract

We process your Personal Information as necessary to perform our contractual obligations to you, including providing the Services, managing your account, processing payments, delivering visibility reports, and fulfilling our obligations under our Terms of Service.

5.2 Consent

Where required by law, we obtain your consent before processing your Personal Information. This includes consent for marketing communications, cookie placement (non-essential cookies), and connecting third-party social media accounts. You may withdraw your consent at any time by contacting us or adjusting your account settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5.3 Legitimate Interests

We process certain Personal Information based on our legitimate interests, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include:

• Improving and optimizing our Services and user experience.
• Understanding how our platform is used through analytics and research.
• Ensuring the security and integrity of our platform.
• Detecting and preventing fraud and abuse.
• Conducting internal business operations, administration, and reporting.
• Marketing our Services to existing customers (where permitted by law).

5.4 Legal Obligation

We process Personal Information as necessary to comply with our legal obligations, including tax and accounting requirements, responding to valid legal process, and meeting regulatory reporting obligations.

6. AI and Automated Decision-Making

Our Services rely extensively on artificial intelligence and automated processing to deliver value to our users. This section explains how we use AI in connection with your data.

6.1 How We Use AI

Genmark AI uses artificial intelligence and large language model (LLM) technologies in the following ways:

• Visibility Monitoring: We query AI platforms (such as ChatGPT, Gemini, Claude, and Perplexity) with industry-relevant prompts to measure how frequently and prominently your brand is mentioned in AI-generated responses.
• Content Analysis: We use AI to analyze the content of your authorized business website, identifying strengths, gaps, and optimization opportunities for AI visibility.
• Sentiment and Context Analysis: AI models analyze the sentiment and context in which your brand is mentioned across AI platforms.
• Report Generation: AI assists in generating human-readable reports, recommendations, and insights from the raw data we collect.
• Content Creation: When you use our content creation tools, AI generates draft content based on your inputs and business context.
• Scoring and Ranking: Automated algorithms calculate visibility scores, brand presence rates, and other quantitative metrics.

6.2 Data Sent to AI Providers

To perform visibility monitoring and content analysis, we send certain data to third-party AI providers (OpenAI, Google Vertex AI, Anthropic). The data sent may include:

• Your business name, industry, and general description (used to formulate monitoring queries).
• Competitor names and industries (for comparative analysis).
• Publicly available content from your authorized business website (for content optimization analysis).
• Industry-relevant search prompts and queries (generated by our system, not containing your personal information).

6.3 No Solely Automated Decisions Affecting Your Rights

We do not make any fully automated decisions that produce legal effects or similarly significantly affect you without human involvement. While our platform uses AI to generate scores, analytics, and recommendations, these outputs are informational tools designed to assist your business decision-making. They do not automatically determine your access to services, pricing, or any rights. Subscription plan features and pricing are determined by the plan you select, not by automated profiling.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes. We share your information only in the circumstances described below.

7.1 Service Providers

We share your information with trusted third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data. These include:

• Cloud Infrastructure: Google Cloud Platform (GCP), including Firestore, Cloud Run, Cloud Storage, and related services, for hosting and operating our platform.
• Payment Processing: Stripe for processing subscription payments and managing billing.
• Email Communications: SendGrid (Twilio) for delivering transactional and marketing emails.
• Analytics: Google Analytics and similar tools for understanding website traffic and usage patterns.
• Authentication: Firebase Authentication for secure user authentication and identity management.
• Error Monitoring: Application monitoring services for detecting and resolving technical issues.

7.2 AI Platform API Providers

As described in Section 6.2, we share limited Business Data with AI platform API providers (OpenAI, Google, Anthropic) to perform visibility monitoring and content analysis. These providers process data in accordance with their respective API data processing terms, which prohibit use of API data for model training.

7.3 Social Media Platforms

When you connect social media accounts (LinkedIn, Facebook, Instagram, Google Analytics), data flows between our platform and those services via their official APIs. We access only the data scopes you explicitly authorize. Content you publish through our platform is transmitted to the connected social media platform per your instructions. Each social media platform's privacy policy governs their handling of your data.

7.4 Agency and Multi-Business Data Sharing

If you use our Agency features, the following data sharing occurs within the platform:

• Agency administrators can access Platform Data, Business Data, and analytics for all Managed Businesses under their agency.
• Team members within an agency can access data for Managed Businesses according to their assigned roles and permissions.
• Managed Business owners retain visibility into what data their agency can access.

In the Agency context, the agency entity typically acts as the Data Controller for their managed clients' data, and Genmark AI acts as the Data Processor. We provide Data Processing Agreements (DPAs) to agencies upon request.

7.5 Business Transfers

If Genmark AI is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

7.6 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, regulation, or valid legal process (such as a court order or subpoena).
• Protect and defend the rights, property, or safety of Genmark AI, our users, or the public.
• Detect, prevent, or address fraud, security issues, or technical problems.
• Enforce our Terms of Service and other agreements.

7.7 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, or when you direct us to share information with a specific third party.

7.8 We Never Sell Your Personal Data

7.9 Google User Data and API Services

Genmark AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access: When you connect a Google integration to Genmark AI, we request access to specific Google APIs through Google's OAuth consent flow. The table below lists each Google service, the OAuth scope we request, the data we read, and how we use it.

All Google scopes are accessed only on your behalf, after you authorize the connection through Google's OAuth consent screen.

Limited Use commitments: Genmark AI's handling of data received from Google APIs complies with the Limited Use requirements:

• We use Google user data only to provide or improve user-facing features inside Genmark AI that are visible and prominent in the user interface.
• We do not transfer Google user data to third parties except: (a) as necessary to provide or improve user-facing features, (b) for security purposes, or (c) when required by law.
• We do not use Google user data for advertising, including retargeting, personalized advertising, or interest-based advertising.
• We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and used for internal operations in compliance with applicable privacy and other laws.

Data retention and deletion: Connected Google data is retained while your Genmark AI account is active and the integration remains connected. You can disconnect any Google integration from Genmark AI's account settings at any time, which immediately revokes our refresh token and stops further data access. Cached Google data is purged from our systems within 30 days of disconnection or account deletion.

Revoking access: In addition to disconnecting from within Genmark AI, you can revoke Genmark AI's access to your Google account at any time by visiting your Google Account permissions page.

8. International Data Transfers

Genmark AI is based in the United States. Your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate, which may have data protection laws that differ from those in your jurisdiction.

8.1 Transfers from the EEA, UK, and Switzerland

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any transfer of your Personal Information to countries outside of the EEA/UK/Switzerland is protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We enter into European Commission-approved Standard Contractual Clauses with our service providers and data partners to ensure an adequate level of data protection.
• Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions recognizing that certain countries provide an adequate level of data protection.
• EU-U.S. Data Privacy Framework: Where applicable, we rely on the EU-U.S. Data Privacy Framework for transfers to certified U.S. organizations.

You may request a copy of the applicable data transfer safeguards by contacting us at privacy@genmark.ai.

8.2 Cloud Infrastructure Location

Our primary infrastructure is hosted on Google Cloud Platform in the United States. Backups and disaster recovery resources may be located in other GCP regions. We select data center locations that maintain appropriate security certifications and comply with applicable data protection requirements.

9. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: Data stored in our databases and cloud storage is encrypted at rest using industry-standard encryption algorithms (AES-256).
• Authentication Security: User passwords are hashed using strong one-way hashing algorithms. We support multi-factor authentication (MFA) for enhanced account security.
• API Security: All API communications are authenticated and encrypted. OAuth tokens for third-party integrations are encrypted at rest.
• Infrastructure Security: Our cloud infrastructure on Google Cloud Platform benefits from Google's SOC 1/2/3, ISO 27001, and other security certifications.

9.2 Organizational Measures

• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls.
• Employee Training: Our team members receive training on data protection and security best practices.
• Vendor Assessment: We evaluate the security practices of our third-party service providers before engaging them and require them to maintain appropriate security measures.
• Security Reviews: We conduct regular security reviews and vulnerability assessments of our systems.

9.3 Incident Response

We maintain an incident response plan to address potential data breaches. In the event of a security breach affecting your Personal Information, we will notify you and the relevant supervisory authorities in accordance with applicable law, including within the 72-hour notification window required by the GDPR where applicable.

9.4 Your Responsibilities

While we implement robust security measures, the security of your account also depends on your actions. You are responsible for maintaining the confidentiality of your account credentials, using strong and unique passwords, enabling multi-factor authentication where available, and promptly notifying us of any unauthorized access to your account.

10. Data Retention

We retain your information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

10.1 Retention Periods

• Account Information: Retained for as long as your account is active and for a reasonable period thereafter to allow for account reactivation and to comply with legal obligations.
• Platform Data (Visibility Scores, Reports): Retained for the duration of your active subscription. Historical data may be retained in aggregate, anonymized form after account closure.
• Website Crawl Data: Retained for the duration of your active subscription. Crawl data is deleted within 90 days of account termination or upon your request.
• Payment Records: Retained for a minimum of 7 years to comply with tax and accounting regulations.
• Usage Logs: Server logs and usage analytics are retained for up to 24 months for security and performance analysis purposes.
• Support Communications: Retained for up to 3 years after resolution for quality assurance and legal purposes.
• Marketing Consent Records: Retained for as long as the consent remains valid, plus a reasonable period to demonstrate compliance.

10.2 Deletion and Account Closure

When you close your account or request deletion of your data, we will delete or anonymize your Personal Information within 30 days, subject to the following exceptions:

• Information that we are required to retain by law (e.g., financial records for tax compliance).
• Information necessary to resolve pending disputes, enforce agreements, or exercise legal rights.
• Backup copies may persist in our disaster recovery systems for up to an additional 90 days before being overwritten through normal backup rotation cycles.
• Anonymized or aggregated data that can no longer identify you may be retained indefinitely.

11. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights with respect to your Personal Information. We are committed to honoring these rights in accordance with applicable law.

11.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Right of Access: You have the right to request a copy of the Personal Information we hold about you and information about how we process it.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Information we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your Personal Information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
• Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: You have the right to object to the processing of your Personal Information based on our legitimate interests. You also have the right to object to direct marketing at any time.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of the data.
• Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your Personal Information violates the GDPR.

11.2 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business purpose for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your Personal Information, subject to certain legal exceptions.
• Right to Correct: You have the right to request correction of inaccurate Personal Information we hold about you.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Information. As stated in Section 7.8, we do not sell your Personal Information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, quality, or levels of service for exercising your rights.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of any sensitive personal information we collect to the purposes for which it was collected.

11.3 Rights Under Other Jurisdictions

If you are located in another jurisdiction with applicable privacy laws (such as Brazil's LGPD, Canada's PIPEDA, or Australia's Privacy Act), you may have similar rights under those laws. We will honor your rights in accordance with the applicable law in your jurisdiction.

11.4 How to Exercise Your Rights

To exercise any of your privacy rights, you may:

• Email us at privacy@genmark.ai with a description of the right you wish to exercise.
• Use the account settings and data management tools available within the platform (for certain actions like data export, consent management, and account deletion).
• For CCPA requests, you may also submit a request through our website or by calling us (contact information in Section 18).

We will verify your identity before processing your request by confirming information associated with your account. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA), with the possibility of an extension where permitted by law. If we need additional time, we will inform you of the reason and extension period.

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of their authorization, and we may still require you to verify your identity directly.

12. Agency Data Controller and Processor Relationships

Our platform supports agency-client relationships where an agency manages multiple business accounts on behalf of their clients. This section clarifies the data protection roles and responsibilities in these relationships.

12.1 Direct Users

When you create an account and use our Services for your own business, Genmark AI acts as the Data Controller for the Personal Information you provide and the Data Processor for the Business Data and Platform Data associated with your business.

12.2 Agency Users

When an agency uses our Services to manage client businesses:

• The agency acts as the Data Controller for the business data of their managed clients, and is responsible for ensuring they have the appropriate legal basis to provide their clients' data to Genmark AI.
• Genmark AI acts as the Data Processor, processing managed business data on behalf of the agency according to the agency's instructions and our Data Processing Agreement.
• The agency is responsible for informing their clients about the use of Genmark AI and for obtaining any necessary consents.

12.3 Data Processing Agreements

We offer Data Processing Agreements (DPAs) compliant with GDPR Article 28 requirements to agencies and enterprise customers upon request. Contact privacy@genmark.ai to request a DPA.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity on our Website and platform. This section provides an overview; please refer to our Cookie Policy for comprehensive details.

13.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of the Website and platform, including session management, authentication, security, and load balancing. These cookies cannot be disabled.
• Functional/Preference Cookies: Remember your preferences and settings, such as language, timezone, and display preferences, to provide a personalized experience.
• Analytics and Performance Cookies: Help us understand how visitors interact with our Website and platform by collecting aggregated usage information. We use Google Analytics and similar tools for this purpose.
• Marketing Cookies: Used to track visitors across websites to enable us to display relevant and engaging advertisements. These cookies are only placed with your consent.

13.2 Cookie Consent

When you first visit our Website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can modify your cookie preferences at any time through the cookie settings accessible in the footer of our Website. Strictly necessary cookies do not require consent as they are essential for the functioning of the platform.

13.3 Do Not Track

Some browsers offer a "Do Not Track" ("DNT") signal. There is currently no industry standard for how companies should respond to DNT signals. At this time, our Website does not respond to DNT signals. However, you can manage your tracking preferences through our cookie consent mechanism.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect, use, or disclose Personal Information from children under 16 years of age. If you are under 16, please do not use our Services or provide any Personal Information to us.

If we become aware that we have collected Personal Information from a child under 16 without verification of parental consent, we will take steps to delete that information as promptly as possible. If you believe we may have collected information from a child under 16, please contact us immediately at privacy@genmark.ai.

15. Third-Party Links and Services

16. Data Protection Officer

Genmark AI has designated a Data Protection Officer (DPO) to oversee our compliance with data protection obligations. You may contact our DPO for any questions or concerns related to this Privacy Policy or our data processing practices:

• Email: dpo@genmark.ai
• Subject Line: "Data Protection Inquiry"

The DPO will respond to inquiries within a reasonable time frame and will work to resolve any data protection concerns you may have.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make changes:

• Material Changes: For material changes that significantly affect how we collect, use, or share your Personal Information, we will notify you by email (using the email address associated with your account) and/or by posting a prominent notice on our Website at least 30 days before the changes take effect.
• Non-Material Changes: For minor updates (such as clarifications or formatting changes that do not materially alter the scope of the policy), we will update the "Last updated" date at the top of this page.
• Continued Use: Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should stop using our Services and close your account.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. We will maintain an archive of previous versions of this Privacy Policy, which you may request by contacting us.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject access requests, we will respond within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA/CPRA).

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.