Privacy Policy

Last updated: November 24, 2025

1. Introduction

At Genseo, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Genseo website and services (collectively, the "Service"). We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

By using Genseo, you consent to the data practices described in this Policy. If you do not agree with this Privacy Policy, you should not use our Service.

Data Controller: For the purposes of data protection law, the data controller of your personal information is [Genseo Company Name], based in Austria. If you have any questions about how we protect or use your data, you can contact us at the email or address provided at the end of this Policy.

2. Information We Collect

We may collect several types of information from and about users of our Service, including:

Information You Provide Directly:

• Account Information: When you register for Genseo, we collect information such as your name, email address, password, and other account details. If you sign up on behalf of a company or organization, we may also collect the name of the company and your role/title.
• Payment Information: If you subscribe to a paid plan, our payment processor will collect your payment details (such as credit card number, expiration date, and billing address). We ourselves do not store full financial information like credit card numbers on our servers, but we may keep records of your transactions (e.g., subscription plan, payment dates, and amounts).
• Content and Inputs: We collect the content or information you input into Genseo when using our Service. For example, the keywords, prompts, or guidelines you provide for content generation, as well as the resulting blog posts or articles generated by the Service, are stored on our systems so that we can deliver and display this content to you.
• CMS Credentials (if applicable): If you choose to connect Genseo to your own website’s content management system (for automatic publishing of content), we may collect and store the API keys or access credentials you provide for that integration. We will use this information solely to publish content to your site as directed by you.
• Communication Data: If you contact us directly (for example, through customer support inquiries or feedback forms), we will receive the content of your messages and any contact information you provide (like email or phone number), as well as any other information you choose to provide.

Information We Collect Automatically:

• Usage Data: When you use Genseo, our systems and third-party analytics services automatically collect information about how you access and use the Service. This includes your IP address, browser type, device information (such as device type, operating system, and unique device IDs), pages or features you access, the time and date of each request, and the amount of time spent on each page.
• Cookies & Similar Technologies: We use cookies and similar tracking technologies to provide and improve our Service. For example, cookies help us keep you logged in, remember your preferences, and understand how you interact with our site. Some cookies are essential for the Service to function (for instance, to maintain your session), while others are used for analytics and advertising (with your consent). For more details, see Section 6 (Cookies and Tracking Technologies).
• Analytics Data: We use third-party analytics tools (such as Google Analytics and PostHog) to collect information about user behavior and usage patterns. These tools may collect information such as your IP address, location (approximate), what pages you visit, what actions you take within the app, and device information. This helps us understand user engagement and improve our Service.
• Session Recordings: We may use services like PostHog to record certain sessions or interactions on our website/application. This can include mouse movements, clicks, scrolling, and typing data on non-sensitive fields, which helps us diagnose user experience issues and improve interface design. We take care to exclude or protect any sensitive data in these recordings where possible.

Information from Third Parties:

• We may receive information about you from third parties if you use a third-party service to log in (for example, signing in via Google) or if you integrate Genseo with other services. For instance, if future versions of Genseo allow a "Sign in with Google" or similar feature, we would receive basic profile information from those accounts with your permission. (As of the latest update, we primarily use our own authentication system via Supabase, but this is a note for potential features.)

3. How We Use Your Information

We use the collected information for various purposes in accordance with applicable laws, including:

• To Provide and Maintain the Service: We process your personal data to create your account, allow you to generate and manage content, and to facilitate the posting of content to your connected CMS if you use that feature. This includes using your inputs to generate blog posts and storing that content for your later access.
• To Process Payments: We use your payment information and contact details to handle subscription billing, payments, and any related communication (such as invoicing or payment confirmations). Payment processing itself is done through our third-party payment processor.
• To Communicate with You: We may send you service-related communications, such as account verification, subscription status, technical notices, updates, security alerts, and support messages. We may also send you newsletters or marketing emails about new features, offers, or content tips, but only if you have opted in to receive them. You can opt out of marketing emails at any time by clicking the unsubscribe link in those emails or adjusting your preferences.
• To Improve and Optimize the Service: We use analytics and session data to understand how our Service is used. This helps us troubleshoot problems, develop new features, and make improvements. For example, we might analyze which features are most used or where users encounter errors, so we can enhance those aspects.
• To Personalize Your Experience: We might use cookies or data about your usage to personalize the content you see or to remember your preferences. For example, remembering your preferred settings or showing content suggestions relevant to your usage.
• To Ensure Security and Prevent Fraud: We may use information (like IP address or behavior patterns) to monitor for suspicious or fraudulent activity and to prevent misuse of our Service.
• To Comply with Legal Obligations: In certain cases, we may need to process personal data to comply with laws and regulations, such as keeping proper financial records or responding to lawful requests by public authorities.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or another region with similar data protection laws, we process your personal data based on the following legal grounds:

• Contractual Necessity: We process personal data to provide the Service as described in our Terms of Service. For example, we need your account and payment information to create your account and provide you access to the platform, and to charge the subscription fee.
• Consent: We will obtain your consent for certain processing activities where required by law. For instance, we will ask for your consent before using optional analytics cookies (like Google Analytics) or before sending you marketing emails. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
• Legitimate Interests: We may process your data for our legitimate business interests, such as improving our Service, understanding how users interact with our platform, ensuring security, and preventing fraud or illegal activities. When we rely on legitimate interests, we consider and balance any potential impact on your rights. For example, using session replays to improve usability is within our interests, and we ensure these recordings exclude sensitive information to respect your privacy.
• Legal Obligation: We will process personal data when necessary to comply with a legal obligation, for example, retaining transaction records for tax and accounting purposes or providing information if legally required by a governmental authority or court order.

5. Disclosure of Your Information (Third-Party Service Providers)

We do not sell your personal information. However, we may share your information with certain third parties in the following circumstances:

• Service Providers: We use trusted third-party companies and services to operate and support Genseo:
  • Webflow: Our marketing website (e.g., the homepage and informational pages) is built on Webflow. If you interact with forms or provide information through our website (such as a contact form or newsletter sign-up on our landing page), that data may be transmitted through Webflow's systems.
  • Vercel: Our application is hosted on Vercel’s cloud platform, which means any data you provide through the app (account data, content, etc.) is transmitted to and stored on servers managed by Vercel (potentially hosted on underlying cloud infrastructure). Vercel may process basic technical information for hosting and delivery of our app.
  • Supabase: We utilize Supabase for our database and authentication. Supabase stores your account details, content (blog posts, inputs, etc.), and other related data. Supabase is hosted on cloud infrastructure (we aim to host our data in a European region when possible for GDPR compliance).
  • Loops.so: We use Loops.so as an email communication platform. Loops helps us send out onboarding emails, product updates, and marketing newsletters (if you subscribed). We provide your email address and name to Loops to send these communications. Loops may also track email open rates and clicks to help us understand engagement with our emails.
  • Google Analytics: We use Google Analytics on our website to gather statistics on web traffic and usage patterns. Google Analytics uses cookies and similar technologies to collect data (such as IP address and device information). We have enabled features like IP anonymization in Google Analytics to protect your privacy. Google may process this data on servers outside the EU (e.g., in the USA), so we rely on appropriate safeguards (like EU Standard Contractual Clauses) for such transfers. You can opt-out of Google Analytics by not consenting to analytics cookies or by using a browser opt-out plugin.
  • PostHog: We use PostHog for product analytics and session replay functionality. PostHog helps us analyze how users navigate the app by recording interactions. This can include what buttons are clicked and the flow of usage. These session replays help us improve UI/UX. Sensitive fields (like passwords or payment info) are excluded from recordings. PostHog may store analytics data on servers that could be outside your country; we ensure any such transfers comply with applicable data protection laws.
  • Payment Processor: For processing payments and subscriptions, we rely on a third-party payment processor (for example, Stripe). When you make a purchase, you provide your payment details directly to the processor, who handles the transaction. They may share back with us limited information such as a payment confirmation, last four digits of your card, card expiration, or billing address, which we store for record-keeping and to manage your subscription. These payment processors are PCI-DSS compliant and are required to handle your payment info securely.
  • Other Tools: We may use other tools and cloud services as part of our infrastructure (such as email providers, customer support ticketing systems, backup storage, etc.). We only share the data necessary for those providers to perform their functions, and they are contractually obligated to protect your information.
• Business Transfers: If Genseo (or its parent company) is involved in a merger, acquisition, sale of assets, or any form of transfer of some or all of its business, personal data held by Genseo may be among the assets transferred to the buyer/assignee. In such cases, we will ensure the transfer is subject to confidentiality obligations and will notify you (for example, via email or a notice on our site) of any change in ownership or use of your personal information.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or regulatory agency). This could include responding to lawful subpoenas, compliance with EU or Austrian legal obligations, or enforcing our Terms of Service (for example, investigating potential violations).
• Protection of Rights and Safety: We may share information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service or this Privacy Policy.

When we share data with service providers (processors), they are given only the information necessary to perform the required tasks and are contractually bound to handle the data securely and only for the purposes we specify.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and application to enhance your experience:

• Essential Cookies: These are necessary for the Service to function, for example to keep you logged in during your session or to load core site features. Without these cookies, certain functionalities may not work.
• Analytics Cookies: With your consent, we use cookies from tools like Google Analytics and PostHog to collect information about your use of Genseo. This helps us understand user behavior (e.g., which pages are visited, which features are used) and how we can improve the Service. The information collected is generally aggregated and does not directly identify you. You can choose not to allow these cookies. If you opt out, the analytics features will be disabled.
• Functional Cookies: These cookies remember choices you make (such as your language or other preferences) to provide a more personalized experience.
• Marketing Cookies: At present, Genseo does not use third-party advertising networks or serve ads, so we don't use marketing/advertising cookies. If that changes in the future, we will update this policy and request the appropriate consents.

You have the option to accept or reject non-essential cookies through our cookie consent banner or settings when you first visit our site (and you can adjust those settings anytime). Additionally, most web browsers provide options to control or block cookies. However, please note that blocking cookies might affect the functionality of the Service.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (e.g., using HTTPS for our website and app to secure data transfer).
• Secure storage of passwords (e.g., hashed and salted) and sensitive tokens.
• Access controls to limit access to personal data to only those employees, contractors, and service providers who need it to perform their duties, and who are subject to confidentiality obligations.
• Regular review of our practices and systems to improve security.

Despite our efforts, no security measure or protocol is 100% secure. We cannot guarantee absolute security of your data. You are also responsible for keeping your account credentials secure and for notifying us immediately if you suspect any unauthorized access to your account.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements:

• Account Data: We keep your account information and content for as long as you maintain an account with us. If you delete your account or request deletion, we will take steps to remove or anonymize personal data within a reasonable timeframe, unless we are required to keep it longer for legal reasons.
• Generated Content: Content you have generated using Genseo may be retained in our system while your account is active so that you can access it. If you delete specific content or your account, the content may be deleted or anonymized from our active systems, though residual copies or backups might persist for a limited period (until routine cleaning).
• Billing Records: We keep payment and transaction records as long as required by Austrian commercial and tax law (generally 7 years for financial records, in accordance with local regulations).
• Analytics Data: Analytics data may be retained for a duration appropriate to our needs. For example, we might keep aggregated usage data indefinitely to identify long-term trends, but raw session logs or detailed analytics might be kept only for a shorter period. Where possible, we will aggregate or anonymize analytics data over time to avoid storing any data that could identify individuals for longer than necessary.

If we no longer have a legitimate need or legal obligation to retain your personal information, we will securely delete or anonymize it.

9. International Data Transfers

Genseo is based in Austria, and we primarily store and process data within the European Economic Area (EEA). However, some of our third-party service providers are located in or have servers in other countries (for example, the United States). This means your personal data may be transferred to and processed in countries outside of your country of residence or the EEA, which may have data protection laws that differ from those in your jurisdiction.

Whenever we transfer personal data out of the EEA, we ensure that appropriate safeguards are in place, as required by the GDPR. These safeguards might include:

• Standard Contractual Clauses: We may rely on the European Commission’s approved standard contractual clauses with our service providers, which contractually oblige the recipient to handle personal data in compliance with EU data protection standards.
• Adequacy Decisions: In some cases, we may transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection.
• Additional Measures: We also assess on a case-by-case basis and apply additional technical and organizational measures as necessary (such as encryption in transit and at rest, or specific data minimization strategies) to ensure transferred data is protected.

By using our Service or providing us with your information, you acknowledge that your information may be transferred to our facilities and to those third parties with whom we share it as described in this Policy.

10. Your Rights (GDPR and EU Users)

If you are in the European Union or another jurisdiction that grants similar rights to data subjects, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we use it.
• Right to Rectification: You can ask us to correct any inaccuracies in your personal information or to complete information that is incomplete.
• Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten") under certain circumstances. For example, this right may apply if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and no other legal basis for processing exists.
• Right to Restrict Processing: You can request that we limit the processing of your personal data in certain situations (for instance, if you contest the accuracy of the data or object to our processing).
• Right to Data Portability: You have the right to obtain your personal data from us in a structured, commonly used and machine-readable format, and to transmit that data to another controller, where technically feasible and when the processing is based on your consent or the performance of a contract.
• Right to Object: You may object to our processing of your personal data when we rely on legitimate interest as the legal basis, especially if the processing is for direct marketing purposes. If you object, we will stop processing your information for that purpose unless we have compelling legitimate grounds to continue that override your interests, rights, and freedoms.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory data protection authority if you believe that we have infringed your rights. In Austria, the supervisory authority is the Austrian Data Protection Authority ("Datenschutzbehörde"). If you reside in another EU member state, you can find your relevant authority through the European Data Protection Board.

To exercise any of your rights, please contact us at the contact information provided in Section 13 (Contact Us). We may need to verify your identity before fulfilling certain requests (to ensure that we don't disclose data to an unauthorized person). We will respond to your request within a reasonable timeframe and in accordance with applicable law.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If you are under 16, please do not use Genseo or provide any information about yourself.

If we learn that we have inadvertently collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information as soon as possible. If you are a parent or guardian and believe that a child under 16 has provided us with personal information, please contact us so we can investigate and delete any such data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we do, we will update the "Last updated" date at the top of the Policy. If we make any material changes, we will provide a prominent notice (such as on our website or via email notification) and, where required by law, obtain your consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Genseo after any changes to this Privacy Policy constitutes your acceptance of those changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

• Email: support@genseo.com
• Address: trinker media gmbh, Angelo-Eustacchio-Gasse 62, 8010, Graz, Austria.

We will do our best to respond promptly and help resolve any issues or concerns you may have.