Genlytic
PrivacyTerms

Legal

Privacy Policy

Last updated: June 11, 2026 · Effective: June 11, 2026

This Privacy Policy explains how Genlytic collects, uses, stores, and protects personal data when you use our platform. It applies to all users of genlytic.app and is compliant with the Swiss Federal Act on Data Protection (revDSG, in force 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Controller

The data controller responsible for processing your personal data is:

Lionel Murbach
Operating as Genlytic
Switzerland
Email: hello@genlytic.app

No Data Protection Officer (DPO) is formally designated at this stage. All data protection inquiries are handled directly by the controller at the address above.

2. Data We Collect

We collect the following categories of personal data:

CategoryData PointsSource
Account dataName, email address, profile pictureYou / Clerk
Authentication dataEncrypted passwords, session tokens, 2FA stateClerk
Billing dataSubscription plan, billing cycle, invoice history (no raw card data)Stripe
Organization dataOrganization name, domain, member roles, usage countersYou
GEO scan dataBrand names, keywords, competitor names, target URLs you enterYou
AI response dataResponses from AI engines we query on your behalfAI providers
Usage & log dataPage views, feature interactions, error logs, IP address, browser/OSAutomatic
Communication dataEmails you send to hello@genlytic.app or via in-app formsYou

We do not collect special categories of data (Art. 9 GDPR / Art. 5 DSG) and do not engage in automated decision-making that produces legal effects.

4. How We Use Your Data

  • Create and manage your account and organization
  • Execute GEO scans and return results to your dashboard
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (receipts, password reset, 2FA codes)
  • Provide customer support when you contact us
  • Monitor platform security and detect abuse
  • Improve the platform through aggregated, anonymized usage analytics
  • Send product updates and GEO intel digest (opt-in only)

We do not sell, rent, or trade your personal data to third parties. We do not use your data to train AI models without your explicit consent.

5. Sub-processors

We rely on the following third-party service providers (sub-processors) to operate the platform. All are bound by data processing agreements (DPAs) and provide appropriate safeguards for international data transfers.

ProviderPurposeLocation
Clerk, Inc.Authentication, user management, 2FAUS
MongoDB Atlas (MongoDB, Inc.)Database storageUS / EU
Stripe, Inc.Payment processing, billing, invoicesUS
Vercel, Inc.Hosting, CDN, serverless functionsUS / Global
OpenAI, Inc.AI-powered suggestions and brief generationUS
Anthropic, PBCAI brief generationUS
Resend, Inc.Transactional email deliveryUS
Google LLCAnalytics (if enabled)US

6. International Data Transfers

Most of our sub-processors are based in the United States. Transfers of personal data from Switzerland or the EU to the US are governed by:

  • Standard Contractual Clauses (SCCs) as approved by the EU Commission (2021/914) and recognized by the Swiss FDPIC for transfers from Switzerland.
  • EU–US Data Privacy Framework for providers certified under the DPF (e.g. Google, Stripe, Vercel).

By using Genlytic, you acknowledge that your data may be transferred to and processed in countries outside Switzerland and the EU/EEA. We take all reasonable steps to ensure such transfers are protected by appropriate safeguards.

7. Data Retention

Data CategoryRetention Period
Account & profile dataUntil account deletion + 30 days for recovery
GEO scan & analytics dataDuration of subscription + 90 days after cancellation
Billing & invoice records10 years (Swiss OR / tax law obligation)
Server & access logs90 days rolling
Support correspondence3 years from last interaction
Newsletter subscribersUntil unsubscribe

8. Your Rights

Under the Swiss DSG and/or the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 25 DSG / Art. 15 GDPR): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 32 DSG / Art. 16 GDPR): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 32 DSG / Art. 17 GDPR): Request deletion of your data, subject to legal retention obligations.
  • Right to data portability (Art. 28 DSG / Art. 20 GDPR): Receive your data in a structured, machine-readable format.
  • Right to restriction (Art. 18 GDPR): Restrict processing in certain circumstances.
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Right to lodge a complaint: You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch, or with your local EU supervisory authority.

To exercise any of these rights, contact us at hello@genlytic.app. We will respond within 30 days. We may request proof of identity before processing sensitive requests.

9. Cookies & Analytics

We use the following types of cookies and tracking technologies:

  • Essential cookies: Set by Clerk for authentication sessions. These are strictly necessary and cannot be disabled without impairing the service.
  • Analytics cookies (optional): We may use Google Analytics (if configured) to understand aggregate usage patterns. This requires your consent where required by law. No analytics tracking occurs without explicit consent on first visit.
  • Payment cookies: Set by Stripe during checkout for fraud prevention (essential for billing flow).

You can manage cookie preferences in your browser settings. Disabling essential cookies will prevent login from working.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • TLS encryption for all data in transit
  • Bcrypt password hashing (factor 12)
  • JWT tokens with 7-day expiry and post-password-change invalidation
  • Redis-based brute-force lockout on login and password reset
  • Organization-scoped database access with mandatory tenant isolation
  • Token blacklisting on logout

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

11. Children

Genlytic is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@genlytic.app and we will delete the information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the platform at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Genlytic after the effective date constitutes acceptance of the updated policy.

13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact:

Lionel Murbach / Genlytic
Switzerland
hello@genlytic.app

We will acknowledge your request within 5 business days and respond substantively within 30 days.

Terms of Service →Back to Genlytic