Privacy Policy

1. Introduction

GenPicked (“we,” “our,” or “us”) operates the GenPicked platform, an AI-powered visibility and content optimization service for digital marketing agencies. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our platform, including any related services, features, content, or applications (collectively, the “Service”).

We respect your privacy and are committed to protecting your personal data. This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act as amended by the CPRA (“CCPA”), the CAN-SPAM Act, and other applicable data protection legislation.

2. Data Controller

For the purposes of the GDPR and UK GDPR, the data controller is GenPicked. If you have any questions about this Privacy Policy or our data practices, please contact us at:

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you register for an account, subscribe to a plan, use our services, or communicate with us. This includes:

• Account information: name, email address, company name, job title, and password.
• Billing information: payment card details (processed and stored securely by our payment processor, Stripe), billing address, and transaction history.
• Agency & client data: domain names, brand names, competitor URLs, and content you submit for analysis or optimization through the platform.
• Communications: emails, support tickets, survey responses, and any other correspondence with us.

3.2 Information Collected Automatically

When you access our Service, we automatically collect certain technical and usage data:

• Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
• Usage data: pages visited, features used, clickstream data, session duration, referral source, and interaction patterns.
• Cookies & similar technologies: we use cookies, pixel tags, and similar technologies as described in our Cookie Policy.

3.3 Information from Third Parties

We may receive information about you from third-party sources, including authentication providers (when you sign in via Google or other OAuth providers), analytics services (PostHog), and payment processors (Stripe).

4. Legal Basis for Processing (GDPR/UK GDPR)

We process your personal data under the following legal bases:

• Performance of a contract (Art. 6(1)(b)): to provide and maintain our Service, process payments, and manage your account.
• Legitimate interests (Art. 6(1)(f)): to improve our Service, prevent fraud, ensure security, and send non-marketing service communications. Our legitimate interests do not override your fundamental rights and freedoms.
• Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies, and analytics tracking. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws, regulations, and legal processes.

5. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the GenPicked platform and its features.
• Process transactions, manage subscriptions, and send billing-related communications.
• Personalize and improve your experience, including AI-powered content recommendations and optimization suggestions.
• Analyze usage patterns to improve the Service, develop new features, and fix bugs.
• Send transactional emails (account verification, password resets, subscription confirmations).
• Send marketing communications (only with your consent; you can opt out at any time).
• Detect, prevent, and address fraud, abuse, security issues, and technical problems.
• Comply with legal obligations and enforce our Terms of Service.

6. AI-Generated Content & Data Processing

GenPicked uses artificial intelligence models to analyze brand perception, generate content, and provide optimization recommendations. When you use these features, the data you submit (such as brand names, domains, and competitor URLs) is processed by our AI systems. We do not use your proprietary client data to train our AI models for other customers. Content generated through the platform is generated on your behalf and is governed by our Terms of Service.

7. Data Sharing & Disclosure

We do not sell your personal data. We may share your information with the following categories of recipients:

• Service providers: third-party vendors who assist us in operating our platform (e.g., Stripe for payments, PostHog for analytics, Azure for hosting, Pinecone for vector storage).
• AI model providers: we transmit content to AI model providers (such as OpenAI, Anthropic, and others) to generate analysis and content on your behalf. These providers process data under our instructions and their data processing terms.
• Legal requirements: when required by law, court order, or governmental authority, or to protect our rights, property, or safety.
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the recipient’s participation in a recognized data transfer framework (such as the EU-US Data Privacy Framework).

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data: retained for the duration of your account and up to 30 days after deletion request.
• Billing records: retained for up to 7 years to comply with tax and accounting obligations.
• Usage & analytics data: retained in identifiable form for up to 24 months, then anonymized or deleted.
• Marketing consent records: retained for as long as you remain subscribed, plus 3 years for compliance evidence.

10. Your Rights Under GDPR & UK GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

• Right of access: obtain a copy of your personal data we hold.
• Right to rectification: correct inaccurate or incomplete personal data.
• Right to erasure: request deletion of your personal data (subject to legal exceptions).
• Right to restrict processing: limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making: not be subject to decisions based solely on automated processing that produce legal effects.
• Right to withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@genpicked.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

11. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to know: request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to delete: request deletion of personal information we have collected.
• Right to correct: request correction of inaccurate personal information.
• Right to opt out of sale/sharing: we do not sell or share your personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information: limit our use and disclosure of sensitive personal information.
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, email us at privacy@genpicked.com with the subject line “CCPA Request.” We will verify your identity before processing your request and respond within 45 days.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2+) and at rest, access controls, regular security assessments, and secure development practices. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

13. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 18, we will take steps to delete such information as soon as possible. If you believe a child has provided us with personal data, please contact us at privacy@genpicked.com.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date, and where required by law, via email. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: