Data Processing Agreement

Latest editing: Feb, 2025

Data Processing Agreement

This agreement governs how GeniusX processes business and personal data on behalf of customers, partners, and end users.

It includes:

1. User & Company Liability Disclaimer
2. Business Continuity & Disaster Recovery Policy
3. Financial & Data Security Policy
4. Third-Party Integrations & API Usage Policy
5. Record Retention & Deletion Policy

By using GeniusX, you acknowledge the practices outlined here, designed to align with GDPR, CCPA, and other applicable data protection laws.

User & Company Liability Disclaimer

• GeniusX supplies storage, management, and processing tools but does not control how customers collect or interpret their data.
• Each customer is responsible for ensuring lawful and ethical use of data inside their organisation.
• GeniusX is not liable for breaches arising from weak passwords, misuse, or unauthorised third-party access.
• Industry-standard safeguards are in place, yet absolute protection against cyberattacks, malware, or force majeure cannot be guaranteed.

Business Continuity & Disaster Recovery Policy

GeniusX maintains a disaster recovery programme to minimise downtime and protect data availability.

• Automatic daily backups of critical data stored in secure cloud facilities.
• Redundant infrastructure that mitigates hardware failure.
• Failover and restoration procedures for rapid service recovery.
• User notification workflows for major incidents with resolution timelines.
• A 99.9% uptime target, excluding scheduled maintenance and events outside our control.
• Customers should export and back up mission-critical records; GeniusX is not responsible for external outages beyond our platform.

Financial & Data Security Policy

A layered security model protects financial and personal information handled through the platform.

Data protection measures:

• End-to-end AES-256 encryption for data in transit and at rest.
• Two-factor authentication (2FA) to secure account access.
• Role-based access control (RBAC) for least-privilege data access.
• Automated anomaly detection to identify and prevent potential threats.

Financial transactions & compliance:

• Payments routed through PCI-DSS compliant gateways.
• GeniusX never stores raw credit card information.
• Continuous monitoring for suspicious or fraudulent transactions.
• Users must report unauthorised activity immediately to limit exposure.

Third-Party Integrations & API Usage Policy

GeniusX integrates with third-party applications and APIs to extend functionality while safeguarding data.

• Partner integrations must meet relevant data protection obligations.
• GeniusX will not share user data without explicit consent.
• Customers must review and accept third-party terms before enabling integrations.
• GeniusX may suspend API access if misuse or security concerns arise.
• Service outages or malfunctions caused by third parties fall outside GeniusX's responsibility.

Record Retention & Deletion Policy

GeniusX balances compliance, security, and customer control with firm retention and deletion schedules.

Data retention:

• Account data remains available while the account is active.
• Financial and transactional records are stored for at least seven (7) years to satisfy legal and tax requirements.
• Activity and security logs are retained for up to twelve (12) months for auditing.

Data deletion:

• Permanent deletion can be requested via account settings or by contacting support.
• Once an account is closed, personal information is erased within 30 days unless regulations require otherwise.
• Transaction data may be anonymised for compliance and analytical purposes.
• Backups containing deleted data are purged automatically within 90 days.

Contact details

For GDPR/CCPA requests, security inquiries, or DPO communication, email [email protected].