Privacy Policy

Last updated: April 7, 2026

1. Data Controller Identification

GenomaHQ Tecnologia Ltda. (“GenomaHQ”, “we”, “our”), a private legal entity headquartered in São Paulo, SP, Brazil, is the controller of personal data processed on this website (genomahq.com) and on the SaaS platform (app.genomahq.com).

Contact: contact@genomahq.com

2. Roles in the B2B Context

As a B2B platform, GenomaHQ may act in different roles in the processing of personal data, depending on the origin and purpose of the data:

• GenomaHQ as Controller: data collected directly through the website and platform for its own purposes, such as contact form leads, navigation data, and interface preferences;
• GenomaHQ as Processor: when a Customer inputs brand, competitor, or business data into the platform for AI visibility analysis. In these cases, the Customer is the Controller and GenomaHQ processes the data on their behalf, following contractual instructions;
• Customer as Controller: the Customer determines the purposes and means of processing data related to their own brand strategy, team members, and business operations.

When GenomaHQ acts as a Processor, it commits to processing data only in accordance with the Customer’s documented instructions and to implementing the security measures set out in this Policy.

3. Personal Data Collected

We collect the following data through the contact form and the platform:

• Identification data: full name, job title, company name;
• Contact data: corporate email address, phone number;
• Platform usage data: brand and competitor names entered by the user, AI monitoring queries, and free-text messages;
• Account & subscription data: plan tier, billing information, API usage metadata;
• Navigation data: IP address, browser type, pages visited, date and time of access (via server logs);
• Interface preferences: light/dark theme setting stored in the browser’s localStorage.

4. Purposes of Processing

Your data is processed to:

• Respond to demo requests and commercial inquiries;
• Provide the contracted GenomaHQ platform services;
• Deliver AI visibility analytics, LLM brand monitoring, competitor benchmarks, and share of voice reports;
• Send service-related communications (onboarding, support, alerts);
• Send marketing communications, with consent;
• Fulfill legal and regulatory obligations;
• Improve the user experience of the website and platform;
• Prevent fraud and ensure platform security.

5. Legal Bases (LGPD, Art. 7)

Processing is based on the following legal grounds:

• Contract performance (item V): data necessary to deliver the contracted service;
• Legitimate interest (item IX): relevant commercial communications and platform security. A Legitimate Interest Assessment (LIA/DPIA) has been conducted and is available upon request at contact@genomahq.com;
• Consent (item I): marketing communications and non-essential cookies;
• Legal obligation (item II): retention of fiscal, accounting, and audit data.

6. Sharing with Third Parties

We do not sell your data. We may share it with partners acting as processors, strictly for the purposes described:

• Prismic (Intercom, Inc.): content management system used for website content publishing;
• LLM API providers (OpenAI, Google, Anthropic, Perplexity, and others): used to query AI model outputs for brand monitoring purposes — only query strings are transmitted, not personally identifiable information;
• Payment processor: for subscription billing and invoicing;
• Transactional email providers: for sending notifications and confirmations;
• Analytics platform: aggregated traffic analysis (no individual identification);
• Public authorities: when required by law or court order.

7. Cookies & Similar Technologies

We use:

• Essential cookies: required for website functionality, including authentication session management;
• localStorage: stores your light/dark theme preference locally on your device;
• Analytics cookies: used to understand aggregated navigation patterns, with consent.

You may configure your browser to refuse cookies, but this may affect certain features of the platform.

8. Data Security

We adopt appropriate technical and organizational measures, including:

• Data transmission over HTTPS (TLS 1.2+);
• Encryption at rest for sensitive data;
• Role-based access control (RBAC);
• Continuous monitoring and audit logs;
• Internal security incident response policy.

While we adopt all reasonable measures, no system is 100% secure.

8.1 Incident Notification

In the event of a security incident that may cause relevant risk or harm to data subjects, GenomaHQ will notify the ANPD (Brazil’s National Data Protection Authority) and affected data subjects within 3 (three) business days of becoming aware of the incident, in accordance with Resolution CD/ANPD No. 15/2024. Supplementary information may be provided within 20 (twenty) business days. Incident records are retained for 5 (five) years. For urgent security-related communications, contact us at contact@genomahq.com.

9. Retention & Deletion

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected, subject to the following criteria:

• Contact data (leads): up to 2 years after the last contact, unless converted to a customer;
• Active customer data: for the duration of the contract and for 5 years after termination (statutory tax/accounting obligation);
• Access logs: up to 6 months, in accordance with Brazil’s Internet Civil Framework (Lei nº 12.965/2014).

After the applicable period, data is permanently deleted or irreversibly anonymized.

10. Data Subject Rights (LGPD, Art. 18)

You have the right to:

• Confirmation and access: confirm whether we process your data and obtain a copy;
• Correction: correct incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion: of unnecessary data or data processed in non-compliance with the LGPD;
• Portability: receive your data in a structured format;
• Deletion: request deletion of data processed on the basis of consent;
• Withdrawal of consent: at any time, without affecting prior processing;
• Objection: object to processing carried out on the basis of legitimate interest;
• Information on sharing: know which entities your data is shared with.

To exercise your rights, contact us at contact@genomahq.com. We respond within 15 calendar days.

11. Minors

The GenomaHQ platform and this website are directed exclusively to legal entities and their authorized representatives, and are not intended for individuals under 18 years of age. GenomaHQ does not intentionally collect personal data from minors, in accordance with Art. 14 of the LGPD. If we identify that data from a minor has been inadvertently collected, it will be deleted immediately. If you believe we have collected data from a minor, please contact us.

12. International Data Transfers

Part of our infrastructure involves services hosted outside Brazil, including LLM API providers (OpenAI, Google, Anthropic, Perplexity) and Prismic CMS, which are headquartered in the United States. In these cases, we ensure that transfers comply with the LGPD through standard contractual clauses or because the recipient country has an adequate level of protection recognized by the ANPD.

13. Changes to This Policy

This policy may be updated periodically. Material changes will be communicated by email (to customers) or by a prominent notice on the website. We recommend reviewing it periodically. The last updated date is indicated at the top of this document.

14. Contact & Complaints

For questions, requests, or complaints related to the processing of personal data:

• Email: contact@genomahq.com
• You may also file a complaint directly with the Autoridade Nacional de Proteção de Dados (ANPD): www.gov.br/anpd

See also our Terms of Use.