Data Protection

Client-Facing Policy Summary

What We Do

GENZARATE provides a secure analytics platform for understanding engagement, behaviour, and wellbeing through surveys, check-ins, and digital interactions. Our platform enables brands and institutions to gather insight while prioritising privacy and responsible data use.

Core Data Protection Principles

1. Data Minimisation

We collect only the data necessary to deliver meaningful insights and platform functionality.

2. Separation by Design

Client data is strictly isolated within a secure, multi‑tenant architecture to prevent cross‑access or data leakage.

3. Controlled Access

Role‑based access controls ensure that users can access only data relevant to their responsibilities.

4. Privacy by Default

Insights are delivered in aggregated, anonymised, or de‑identified form wherever possible.

5. Youth Data Responsibility

GENZARATE applies enhanced safeguards when working with younger users and student populations, reflecting the additional care required when processing youth data.

How Data Is Used

Data is processed to:

  • Enable campaigns, surveys, and engagement tracking
  • Generate analytics and insights for clients
  • Improve and maintain platform functionality

GENZARATE does not sell personal data.

Security Measures

We apply appropriate technical and organisational security measures, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Monitoring and logging of system activity
  • Use of reputable and secure infrastructure providers

Data Ownership & Roles

  • Clients typically act as Data Controllers, determining the purpose and use of the data
  • GENZARATE acts as a Data Processor and analytics provider, processing data on behalf of clients in accordance with contractual and legal obligations

Data Subject Rights

Data subjects have the right to:

  • Access their personal data
  • Request correction or deletion of their data

Requests are typically managed by the client as Data Controller, with GENZARATE providing reasonable assistance where required. Requests may be submitted via designated contact channels.

Retention & Deletion

  • Data is retained only for as long as necessary to fulfil defined purposes
  • Retention periods are defined contractually and reviewed periodically
  • Data is deleted or anonymised when no longer required

Compliance

GENZARATE aligns with:

  • GDPR and applicable local data protection laws
  • Comparable international privacy and data protection frameworks

Contact

For data protection enquiries, please contact:

hello@genzarate.com