Privacy Policy

Effective Date: March 21, 2026
Last Updated: March 21, 2026

Dysruptia LLC ("we", "us", "our") operates GenSmart (www.gensmart.co), a SaaS platform for creating and deploying AI conversational agents. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you register.
• Organization Information: Company name, billing address, and tax identifiers.
• Payment Information: Processed securely by Stripe. We do not store credit card numbers on our servers.
• Agent Content: Prompts, knowledge base documents, and configurations you create for your AI agents.

Information Collected Through Your Agents

• Contact Data: Names, phone numbers, and email addresses of individuals who interact with your AI agents (your end-users).
• Conversation Data: Messages exchanged between your end-users and your AI agents via WhatsApp or Web widget.
• Captured Variables: Data your agents are configured to collect from conversations (e.g., preferences, interests).

Automatically Collected Information

• Usage Data: Pages visited, features used, API calls made.
• Device Information: Browser type, operating system, IP address.
• Session Cookies: Essential cookies for authentication (see Cookie Policy).

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the GenSmart platform.
• Process payments and manage your subscription.
• Send transactional emails (account verification, password resets, billing receipts).
• Send product notifications (usage alerts, new features) — you can opt out.
• Analyze usage patterns to improve the platform.
• Respond to support requests and inquiries.
• Comply with legal obligations.

3. AI Processing

Your agent configurations, knowledge base content, and conversation messages are sent to third-party AI providers for processing:

• OpenAI (GPT-4o, GPT-4o-mini) — openai.com/policies/privacy-policy
• Anthropic (Claude Sonnet, Claude Haiku) — anthropic.com/privacy

These providers process data according to their respective privacy policies and data processing agreements. We select providers that do not use customer data for model training.

4. Third-Party Services

We share data with the following categories of third-party service providers:

• Payment Processing: Stripe, Inc. — processes subscription payments.
• Messaging: Meta Platforms, Inc. — delivers WhatsApp messages through the WhatsApp Business API.
• Email: Resend — sends transactional and notification emails.
• Hosting: Amazon Web Services (AWS) — hosts our infrastructure.

We do not sell your personal information to third parties.

5. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion request (grace period for recovery).
• Conversation Data: Retained while your account is active. You can export or delete conversation data at any time from Settings > Data & Privacy.
• Payment Records: Retained for 7 years as required by tax and accounting regulations.
• Server Logs: Retained for 90 days for security and debugging purposes.

6. Your Rights

You have the right to:

• Access your personal data — export available in Settings > Data & Privacy.
• Rectify inaccurate data — edit your profile and contacts at any time.
• Delete your account and associated data — available in Settings > Data & Privacy (30-day grace period).
• Port your data — export in standard formats (JSON, CSV).
• Object to processing — contact us to discuss your concerns.
• Withdraw Consent — for optional communications, via email preferences or account settings.

For EU/EEA residents, these rights are provided under the General Data Protection Regulation (GDPR). For California residents, additional rights may apply under the CCPA.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Access tokens stored in memory only (never in localStorage).
• Refresh tokens in httpOnly, secure cookies with rotation.
• Parameterized SQL queries to prevent injection.
• Regular security reviews and updates.

8. Cookies

We use only essential session cookies. We do not use third-party tracking cookies or advertising cookies. For details, see our Cookie Policy.

9. Children's Privacy

GenSmart is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

10. International Data Transfers

Our servers are located in the United States. If you are accessing GenSmart from outside the United States, your data will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the platform at least 30 days before the changes take effect.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

• Email: privacy@gensmart.co
• Company: Dysruptia LLC
• Website: www.gensmart.co