Privacy Policy

Genaura Ltd is the controller for personal data processed for account, security, billing, and service operation purposes. Genaura Ltd Nicosia, Cyprus privacy@genaura.app | dpo@genaura.app

This policy covers data processed through: • GenauraBrain bot (Telegram interactions) • GenauraBrain web dashboard and APIs • Related sync, connector, payment, and support workflows

Identity and account data: • Telegram ID, first/last name, username, language • Email, optional phone, web account identifiers Service usage data: • Prompts, conversations, model responses, ratings • Settings (model preference, memory mode, connector preferences) Files and generated artifacts: • Uploaded files, metadata (type, size, mime) • Generated image/video/document metadata and storage references Payments: • Plan, provider, status, transaction references, billing metadata Security and operations: • Request IDs, job status, anti-abuse logs, error telemetry

We collect data from: • You directly (Telegram commands, web forms, uploads) • Telegram platform metadata provided by Telegram APIs • Payment and connector providers (status/callback metadata) • Operational systems that monitor service health and abuse

We rely on: • Article 6(1)(b) Contract — to deliver requested services • Article 6(1)(f) Legitimate interests — security, fraud prevention, reliability, product improvement • Article 6(1)(c) Legal obligation — accounting, tax, compliance, legal defence • Article 6(1)(a) Consent — where legally required (for example optional cookies/marketing) If you submit special-category data, you are responsible for ensuring lawful disclosure. We do not intentionally request special-category data.

We use data to: • operate chat, generation, sync, and account features • secure infrastructure and prevent abuse • process subscriptions and payments • provide support and incident response • improve model quality and service reliability using aggregate or controlled datasets

We do not sell personal data. We share personal data only with processors/service providers needed to run the Services, such as cloud hosting, messaging transport, payment providers, and email infrastructure. All such sharing is subject to contracts and appropriate controls.

Where data is processed outside the EU/EEA, we apply recognized safeguards such as EU Standard Contractual Clauses (SCCs), adequacy mechanisms, or equivalent lawful transfer controls. Some compute workloads or provider infrastructure may operate in non-EU regions.

Typical retention windows: • Web link sync tokens: around 10 minutes (plus minimal audit metadata) • Conversation history/files/artifacts: retained while account is active, then subject to deletion workflows and backup windows • Payment/accounting records: retained as legally required • Security logs: retained for anti-abuse and incident response periods Retention may be extended where law, dispute, or fraud prevention requires.

You may request: • access • rectification • erasure • restriction • portability • objection • withdrawal of consent (where consent is the legal basis) Contact privacy@genaura.app. We typically respond within one month. You may also complain to the Cyprus Commissioner for Personal Data Protection.

We apply proportionate technical and organizational controls including encryption, access controls, secret management, and monitoring. No system is perfectly secure. Where legally required, breaches are notified to relevant authorities and affected users in line with statutory timelines.

Services are not directed to young children. If you believe personal data of a child was submitted unlawfully, contact privacy@genaura.app for review.

We may update this policy to reflect legal or operational changes. Material updates are communicated where required. The effective date at the top shows the latest revision.