Data Processing Agreement

Latest editing: Feb, 2025

Data Processing Agreement

• includes:

1. User & Company Liability Disclaimer
2. Business Continuity & Disaster Recovery Policy
3. Financial & Data Security Policy
4. Third-Party Integrations & API Usage Policy

Record Retention & Deletion Policy

This Data Processing Agreement ("DPA") is part of the legal agreement for the processing of business and personal data by GeniusX. This DPA is applicable to all users, customers, and partners who use GeniusX software, applications, and services ("Software" or "Services").
You, by using GeniusX, recognize and agree to the data practices outlined in this agreement that is created to comply with GDPR, CCPA, and other relevant data protection laws.

User & Company Liability Disclaimer

GeniusX provides data storage, management, and processing software but is not responsible for how users handle or interpret data in the system.
The user assumes full responsibility for making their data use compliant with legal and ethical requirements.
GeniusX is not liable for data breaches that occur due to negligence by the user, weak passwords, or unauthorised access by third parties.
While we follow industry-standard security measures, we cannot guarantee absolute data security against cyberattacks, malware, or force major situations.

Business Continuity & Disaster Recovery Policy

GeniusX maintains a robust disaster recovery plan to ensure system uptime and data loss prevention. Our policy includes:
Automatic daily backups of critical data in secure cloud facilities.
Duplicate server infrastructure to minimise downtime in case of hardware failure.
Disaster recovery processes, including rapid failover and data restore procedures.
Notification procedures for informing users of major service outages, along with estimated times to resolution.
Uptime Guarantee: GeniusX strives for 99.9% service uptime, excluding scheduled maintenance and uncontrollable catastrophes.
Users are encouraged to export and back up their critical data themselves, as GeniusX will not be liable for external events affecting service availability.

Financial & Data Security Policy

In order to safeguard financial and personal data, GeniusX employs state-of-the-art security measures, including:
Data Protection Measures
End-to-end encryption (AES-256) for transmission and storage of sensitive information.
Two-factor authentication (2FA) for account security.
Role-based access control (RBAC) for limiting data access within organisations.
Automated anomaly detection for identifying and preventing potential security threats.
Financial Transactions & Compliance
All payments are processed via PCI-DSS-compliant payment gateways.
GeniusX does not store raw credit card data.
Transactions are monitored for fraud prevention.
Unauthorised transactions need to be reported right away by users to avoid risks.

Third-Party Integrations & API Usage Policy

GeniusX allows integration with third-party applications, APIs, and cloud services for extended functionality. The policy ensures:
Third-party integrations will comply with data protection requirements.
GeniusX won't share user data with third parties without explicit consent.
The users are responsible for reading third-party API terms before activation.
GeniusX can suspend access to APIs if abuse or security issues are detected.
Any malfunction of APIs or service downtimes by third-party providers are not the responsibility of GeniusX.

Record Retention & Deletion Policy

GeniusX maintains strict data retention and deletion policies to find a balance among security, compliance, and end-user control.
Data Retention
User accounts and associated information are retained for the duration that the account remains active.
Financial and transactional information are retained for at least 7 years for financial and tax compliance.
Activity logs and security logs are retained for up to 12 months for auditing.
Data Deletion
Data permanent deletion may be requested by users via the account settings or by contacting support.
In the event that an account is deleted:
All personal information is deleted within 30 days unless bound by law to preserve it.
Transaction data can be anonymised for compliance and statistical reasons.
Backups are automatically removed from our system within 90 days following data deletion.

Contact Details