Data & Rights
Last updated: November 2025
1. Sub-processors
We rely on the following vendors to operate the Services. Material changes will be announced here at least 30 days in advance.
| Vendor | Purpose | Data types | Region |
|---|---|---|---|
| Amazon Web Services | Hosting, storage, GPU compute | Prompts, outputs, assets, account metadata | UK/EU/US |
| Cloudflare | CDN, edge security, DDoS protection | IP address, request metadata | Global |
| Stripe | Payments and invoicing | Email, billing metadata (no full card numbers) | EU/US |
| Postmark | Transactional email delivery | Email, message content | US |
2. Data Location & Transfers
Personal data may be processed in the UK, EU/EEA, or other countries where our vendors operate. Where data leaves the UK/EEA we use appropriate safeguards (for example, UK/EU Standard Contractual Clauses).
3. Exercising Your Rights
UK GDPR provides rights to access, rectification, erasure, restriction, portability, and objection. To exercise a right or withdraw consent (analytics, marketing, or voice features), email info@genifystudio.com from your account address. We may ask for verification to protect your data.
4. Security Incidents
We notify affected users without undue delay and, where legally required, notify the Information Commissioner’s Office within 72 hours of becoming aware of a personal data breach.