Data & Rights
Last updated: December 2024
1. Sub-processors
We rely on the following vendors to operate the Services. Material changes will be announced here at least 30 days in advance.
| Vendor | Purpose | Data types | Region |
|---|---|---|---|
| Amazon Web Services | Hosting, storage, GPU compute | Prompts, outputs, assets, account metadata | UK/EU/US |
| Cloudflare | CDN, edge security, DDoS protection | IP address, request metadata | Global |
| Stripe | Payments and invoicing | Email, billing metadata (no full card numbers) | EU/US |
| Postmark | Transactional email delivery | Email, message content | US |
2. Data Location & Transfers
Personal data may be processed in the UK, EU/EEA, or other countries where our vendors operate. Where data leaves the UK/EEA we use appropriate safeguards (for example, UK/EU Standard Contractual Clauses).
3. Exercising Your Rights
UK GDPR provides rights to access, rectification, erasure, restriction, portability, and objection. To exercise a right or withdraw consent (analytics, marketing, or voice features), email info@genifystudio.com from your account address. We may ask for verification to protect your data.
4. Model Training & Your Data
We do not use your private prompts, uploads, or outputs to train our generative models, unless you explicitly opt-in (for example, by publishing to community galleries or enabling an 'improve models using my content' setting, if offered).
By default, your content is private and excluded from training. You can change this in Account → Privacy Settings at any time.
5. Security Incidents
We notify affected users without undue delay and, where legally required, notify the Information Commissioner's Office within 72 hours of becoming aware of a personal data breach.