Privacy Policy

Effective: April 2026

1. Introduction

GENZARATE ("we", "us", "our") is a data and insights platform designed to help organisations understand engagement, wellbeing, and behavioural trends through digital interactions, surveys, and analytics.

We are committed to protecting personal data and handling it responsibly, particularly when our platform is used by younger audiences. This Privacy Policy explains how we collect, use, process, and safeguard personal data across our applications, dashboards, and related services.

2. Data Controller

Depending on how the platform is used:

  • GENZARATE may act as a Data Controller for platform operations, analytics, security, and product improvement; and/or
  • as a Data Processor, acting on behalf of client organisations ("Customers") who engage GENZARATE to run surveys, campaigns, or research initiatives.
  • Customer organisations may also act as independent Data Controllers for their users. The applicable role depends on the specific context in which the platform is used.

3. Types of Data We Collect

A) Identity & Account Data

  • Name (where provided)
  • Email address
  • Username or participant ID
  • Organisation or campaign affiliation

B) Demographic & Profile Data

  • Age or age band
  • Gender (optional)
  • Location (e.g. region or country)
  • Preferences and interests

C) Engagement & Behavioural Data

  • App usage activity (logins, interactions)
  • Check-ins and survey responses
  • Campaign participation
  • Reward interactions (where applicable)

D) Technical Data

  • IP address
  • Device type and operating system
  • Browser type
  • Timestamps and session data

E) Analytics & Aggregated Data

  • Derived insights
  • Aggregated or anonymised datasets

We aim to minimise the collection of directly identifiable data wherever possible.

4. How We Collect Data

We collect data:

  • Directly from users
  • Automatically through platform usage and system logs
  • From client organisations onboarding participants

5. How We Use Personal Data

We use personal data to:

  • Deliver and operate the platform
  • Enable surveys, check-ins, and campaigns
  • Generate insights and analytics for client organisations
  • Improve platform performance and functionality
  • Monitor engagement and usage
  • Ensure platform security and prevent misuse
  • Comply with legal and regulatory obligations

We do not use personal data for automated decision-making that produces significant legal or similar effects.

6. Legal Basis for Processing

Depending on context, GENZARATE relies on:

  • Consent
  • Contractual necessity
  • Legitimate interests
  • Compliance with legal obligations

The applicable legal basis depends on GENZARATE's role as Data Controller or Data Processor and the nature of the service provided.

7. Data Use for Analytics and Insights

  • Individual-level data may be processed for analytical purposes
  • Insights are typically delivered in aggregated or anonymised form
  • There is no intentional exposure of identifiable data across organisations
  • Personal data is not sold

Aggregated, non-identifiable insights may be used for benchmarking and research.

8. Multi-Tenant Data Separation

GENZARATE operates a secure multi‑tenant platform and applies controls to ensure:

  • Logical separation of client data
  • Role‑based access control
  • No cross‑client data visibility

9. Data Sharing

We may share data with:

  • Client organisations
  • Trusted service providers (e.g. hosting, infrastructure, analytics)
  • Legal or regulatory authorities where legally required

GENZARATE does not sell personal data.

10. International Transfers

Where personal data is transferred internationally, GENZARATE implements appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, in accordance with applicable data protection laws.

11. Data Security

We apply appropriate technical and organisational measures, including:

  • Role‑based access controls
  • Encryption of data in transit and at rest
  • Monitoring and logging of system activity
  • Restricted access to sensitive datasets

12. Data Retention

Personal data is retained only as long as necessary to:

  • Deliver services
  • Support analytics and reporting
  • Meet contractual obligations
  • Comply with legal requirements

Retention periods are determined based on:

  • Data type
  • Processing purpose
  • Applicable legal obligations

Where data is no longer required, it is deleted or anonymised. Client organisations may define retention policies when acting as Data Controllers.

13. Children and Young People

GENZARATE may be used in contexts involving children and young people.

Where required by law:

  • Appropriate parental or guardian consent must be in place
  • Data collection is limited to what is necessary
  • Additional safeguards are applied

Where client organisations onboard participants, GENZARATE relies on those organisations to ensure that appropriate consent mechanisms are implemented, unless GENZARATE is acting as the Data Controller. We take a responsible and ethical approach to youth data.

Protecting minors is a top priority. Our platform has zero tolerance for child sexual abuse material (CSAM) and exploitation. We cooperate fully with law enforcement and relevant authorities on child safety matters. Please review our Child Safety Standards for more details.

14. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain core platform functionality
  • Understand usage patterns
  • Improve performance

Cookie usage may include essential and analytics cookies. We do not use intrusive tracking technologies without appropriate consent.

15. Your Rights

Depending on applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request the deletion of your data
  • Restrict or object to certain processing
  • Request data portability

16. Exercising Your Rights

Requests can be submitted via:

hello@genzarate.com

We will:

  • Respond within applicable legal timeframes
  • Verify identity where required

Requests relating to data controlled by client organisations may be redirected to the relevant client.

17. Account and Data Deletion

Users may request deletion of their data at any time by contacting:

hello@genzarate.com

Where feasible, we will delete or anonymise personal data, retaining only what is required by law. Data controlled by client organisations may need to be managed through the relevant client.

18. Data Protection Officer (DPO)

Data Protection Officer: Mark Foster

Email:hello@genzarate.com

19. Updates

We may update this Privacy Policy from time to time to reflect changes in law, technology, or platform operations.

20. Contact

GENZARATE CONSULTANCIES L.L.C

General:hello@genzarate.com

Child Safety:hello@genzarate.com