Log in
Get Started

HomeLegal CenterPRIVACY POLICY

PRIVACY POLICY

NYGMA.AI

Last Updated: March 18, 2025

This Privacy Policy explains how Genie9 LTD (“Genie9”, “we”, “us”, or “our”), a company registered in England and Wales with company registration number 08669198, collects, uses, and protects your personal information in connection with the Nygma.ai service (“Service”).

We take your privacy extremely seriously. Our Service is built on zero-knowledge encryption architecture, which means we cannot access your encrypted content. This Privacy Policy explains the technical and administrative measures we take to protect your privacy.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION.

1. INTRODUCTION

1.1 Purpose. This Privacy Policy describes:

  • The information we collect and how we collect it
  • How we use and process that information
  • How we protect your information
  • Your rights regarding your information
  • Our zero-knowledge encryption architecture and its privacy implications

1.2 Scope. This Privacy Policy applies to all users of the Nygma.ai service, including website visitors, account holders, and individuals who receive shared content.

1.3 Definitions. Terms defined in our EULA have the same meaning when used in this Privacy Policy. Additionally:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Zero-Knowledge Encryption” means the encryption architecture where encryption and decryption occur solely on your device, and Genie9 does not possess the capability to access or view your unencrypted Content or encryption keys.

2. INFORMATION WE COLLECT

Due to our zero-knowledge encryption architecture, we have very limited access to your data. Here’s what we do and don’t collect:

2.1 Information You Provide Directly:

  • Account Information: Email address, name (if provided), and password hash
  • Payment Information: When you subscribe to a paid plan, payment details are processed by Stripe, our payment processor. We only store subscription status and history, not your actual payment details
  • Customer Support Information: Information you provide when contacting our support team

2.2 Information Collected Automatically:

  • Usage Information: Login timestamps, IP addresses, device information, browser type, operating system
  • Technical Metrics: Drive operations (creation, locking, unlocking), but not the contents or names of files
  • Website Analytics: How you interact with our website and service using anonymized data

2.3 Information We Do NOT Have Access To:

  • File Contents: Due to zero-knowledge encryption, we cannot access the contents of your files
  • File Names: All file names are encrypted on your device before upload
  • File Metadata: File sizes, dates, and other metadata are encrypted
  • Folder Structures: Your organizational structure is encrypted
  • Passwords: Your actual passwords (we only store securely hashed versions)
  • Encryption Keys: Your encryption keys never leave your device

3. ZERO-KNOWLEDGE ENCRYPTION EXPLAINED

3.1 How Our Zero-Knowledge Encryption Works:

  • All encryption and decryption processes occur locally on your device
  • Encryption keys are generated on your device and never transmitted to our servers
  • All content (files, filenames, metadata) is encrypted before leaving your device
  • We store only encrypted data that we cannot decrypt

3.2 Technical Limitations:

  • We cannot see what files you store
  • We cannot recover your data if you lose your password and recovery key
  • We cannot scan your files for malware
  • We cannot index your files for search functionality (all searching happens on your device)
  • We cannot provide your data to any third party in unencrypted form

3.3 Privacy Benefits:

  • Protection against data breaches: Even if our servers were compromised, your data remains encrypted
  • Protection against internal threats: Our staff cannot access your data
  • Protection against legal compulsion: We cannot provide readable data to authorities because we don’t have the technical capability to decrypt it

4. HOW WE USE YOUR INFORMATION

4.1 Providing the Service:

  • Creating and managing your account
  • Processing your transactions and subscriptions
  • Storing your encrypted content
  • Providing customer support

4.2 Service Improvement:

  • Analyzing usage patterns to improve features
  • Troubleshooting technical issues
  • Developing new features and functionality

4.3 Security:

  • Detecting and preventing fraud and unauthorized access
  • Protecting the security of our systems and your account
  • Monitoring for unusual account activity

4.4 Communication:

  • Sending service notifications and updates
  • Responding to your inquiries
  • Providing information about features, updates, and offers (if you’ve opted in)

4.5 Legal Compliance:

  • Complying with applicable laws and regulations
  • Enforcing our Terms of Service and other legal rights
  • Responding to legal requests (subject to the technical limitations of our zero-knowledge architecture)

5. INFORMATION SHARING AND DISCLOSURE

5.1 Third-Party Service Providers:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting our services and storing encrypted data
  • Payment Processing: Stripe for processing payments
  • Analytics: Limited analytics providers to help improve our service

5.2 Legal Requirements:

  • We may disclose your information if required by law, regulation, legal process, or governmental request
  • Due to our zero-knowledge architecture, we can only provide encrypted content, which remains unreadable without your encryption keys
  • We will notify you of such requests unless prohibited by law

5.3 Business Transfers:

  • If Genie9 is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
  • We will notify you of any change in ownership or uses of your information

5.4 With Your Consent:

  • We may share information with third parties when you explicitly consent to such sharing

5.5 No Sale of Personal Data:

  • We do not sell your personal data to third parties

6. LAW ENFORCEMENT DATA REQUESTS

6.1 Our Approach to Law Enforcement Requests:

  • We comply with valid legal orders to the extent technically possible
  • We will notify users of requests when legally permitted to do so
  • We require proper legal process before considering any government request for information

6.2 Technical Limitations:

  • Due to our zero-knowledge encryption architecture, we can only provide:
    • Account information (email, registration date, etc.)
    • Payment information we have access to
    • Login history and IP addresses
    • Encrypted content (which remains unreadable without your keys)
  • We cannot provide:
    • Decrypted content of your files
    • Decrypted filenames or folder structures
    • Your passwords or encryption keys

6.3 Transparency:

  • We publish periodic transparency reports detailing the number and types of government requests received
  • We challenge overly broad requests or those without proper legal basis

7. DATA SECURITY

7.1 Encryption:

  • All content is encrypted on your device using AES-256-GCM or ChaCha20-Poly1305
  • All data in transit is protected using TLS 1.3 encryption
  • Encryption keys are never transmitted to or stored on our servers

7.2 Security Measures:

  • Regular security assessments and penetration testing
  • Secure infrastructure with access controls
  • Employee access controls and security training
  • Continuous monitoring for unauthorized access

7.3 Security Features:

  • Two-factor authentication option for account access
  • Advanced security options including Duress Mode and Time Bomb features
  • Login notification for suspicious activities

7.4 Data Breach Response:

  • In the unlikely event of a data breach, we will notify affected users promptly
  • Due to our zero-knowledge architecture, even in case of a breach, your encrypted content remains protected by your encryption keys

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Storage Location:

  • Your encrypted data is stored on servers located in the United States through Amazon Web Services

8.2 International Transfers:

  • Your information may be transferred to, and processed in, countries other than the country where you reside
  • We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws

8.3 EU/UK Data Subjects:

  • For users in the European Union or United Kingdom, where we transfer your personal data outside the EU/UK, we use appropriate safeguards such as Standard Contractual Clauses

9. DATA RETENTION

9.1 Account Information:

  • We retain your account information for as long as your account is active
  • After account deletion, basic information may be retained for a short period for legal and business purposes

9.2 Encrypted Content:

  • Your encrypted content is stored until you delete it
  • When you delete content, it is permanently deleted from our active systems immediately
  • Backups containing deleted content are cycled out within 30 days

9.3 Account Deletion:

  • When you delete your account, all your encrypted content is immediately and permanently deleted
  • Due to the zero-knowledge nature of our service, once deleted, data cannot be recovered

10. YOUR PRIVACY RIGHTS

10.1 General Rights:

  • Right to access your personal data
  • Right to correct inaccurate personal data
  • Right to delete your personal data (subject to certain exceptions)
  • Right to restrict or object to certain processing of your personal data
  • Right to data portability
  • Right to withdraw consent

10.2 EU/UK Specific Rights:

  • If you are located in the European Union or United Kingdom, you have rights under the GDPR or UK GDPR
  • You can submit requests regarding your rights by contacting legal@genie9.com

10.3 California Specific Rights:

  • California residents have additional rights under the California Consumer Privacy Act (CCPA)
  • You can submit requests regarding your California privacy rights by contacting legal@genie9.com

10.4 Limitation Due to Zero-Knowledge Architecture:

  • Due to our zero-knowledge architecture, we cannot access your encrypted content
  • This means we cannot search, view, or provide you with access to encrypted content if you lose your password and recovery key
  • We cannot delete specific encrypted content within your account; you must do this yourself while logged in

11. CHILDREN’S PRIVACY

11.1 Age Restrictions:

  • The Service is not directed to children under 16 years of age
  • We do not knowingly collect personal information from children under 16
  • If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information

12. COOKIES AND TRACKING

12.1 Cookies We Use:

  • Essential Cookies: Required for the Service to function
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

12.2 Your Cookie Choices:

  • You can control cookies through your browser settings
  • You can opt out of analytics cookies via our cookie banner
  • Declining non-essential cookies will not affect your ability to use the Service

12.3 Do Not Track:

  • We respond to Do Not Track signals in accordance with applicable laws

13. UPDATES TO THIS PRIVACY POLICY

13.1 Policy Changes:

  • We may update this Privacy Policy from time to time
  • We will notify you of any significant changes through the Service or via email
  • Your continued use of the Service after such notification constitutes acceptance of the updated Privacy Policy

13.2 Effective Date:

  • The effective date of this Privacy Policy is indicated at the top of this document

14. CONTACT INFORMATION

14.1 Questions and Concerns:

  • If you have any questions or concerns about this Privacy Policy, please contact us:
    • Email: legal@genie9.com
    • Mail: Genie9 LTD, 3 Shortlands, W68DA, London, United Kingdom

14.2 Data Protection Representative:

  • Our Data Protection Officer can be contacted at: legal@genie9.com

14.3 Supervisory Authority:

  • If you are located in the European Union or United Kingdom, you have the right to lodge a complaint with your local data protection authority

15. TECHNICAL IMPOSSIBILITY DISCLOSURE

Your privacy is protected by technical design, not just by policy. Due to our zero-knowledge architecture, we technically cannot access, view, or decrypt your data under any circumstances. This means we cannot assist with data recovery if you lose your password and recovery key, nor can we provide decrypted data to law enforcement even when presented with valid legal orders. We can only provide encrypted data, which remains unreadable without your encryption keys.

This represents the highest level of privacy protection possible: one where the service provider is technically prevented from accessing user content, not just prohibited by policy.

END OF PRIVACY POLICY

Log in to your account