Privacy Notice

This Privacy Notice explains how GenerativeX Inc. ("GenerativeX," "we," "us," or "our") collects, uses, discloses, and safeguards personal data in connection with our websites, services, Office add-ins, and related support channels (together, the "Services").

This Notice applies to our controller activities. For services provided through an enterprise customer or employer, your organization may provide additional privacy information.

Data protection laws distinguish between a controller and a processor. We act as controller for our websites, accounts, billing, support, and telemetry we determine.

When an enterprise customer deploys an add-in or service and we process end-user content on that customer's instructions, we act as their processor or service provider. For those processor activities, please refer to your organization's privacy notice. We may direct certain requests to your organization where we act as processor.

Data you provide may include contact and account data such as name, business email, organization, preferences, inquiry details submitted through our website contact form, professional data such as title, department, and relationship to us, support and feedback such as messages, tickets, and call recordings where permitted, and billing data such as payer details. Card numbers are handled by our payment processor; we do not store full card data.

Data collected automatically may include usage and device data such as app events, feature use, error or diagnostic logs, IP address, device, operating system, browser, and identifiers. Cookies or SDKs on our online properties may be used for operations and analytics. We do not use third-party advertising cookies in the add-in.

Data from other sources may include single sign-on or Microsoft identity tokens and identifiers used to authenticate and authorize features, and information from your employer, reseller, or partner to enable enterprise provisioning and support. We do not retain raw tokens beyond what is necessary for session operation.

When you invoke AI or other processing features in Office add-ins, the add-in may transmit selected document content such as spreadsheet values, formulas, presentation slides, formatting, comments, relevant context, prompts, and interaction metadata to our systems and trusted processors to return results.

We use personal data to provide, operate, and secure the Services, authenticate users and authorize features, deliver AI-powered outputs you request, troubleshoot, support, and communicate about the Services, handle billing, accounting, audits, compliance, and prevention of fraud or abuse, and develop and improve functionality, including aggregated or de-identified analytics.

We do not use add-in data for targeted advertising. We do not sell personal data.

We process only the minimum content necessary to fulfill the requested operation.

Unless your organization opts in by contract, we do not use your content to train foundation models.

We may engage vetted third-party AI providers acting under our instructions and data processing agreements. A current list of sub-processors is available upon request.

We disclose personal data only as needed to service providers and sub-processors for cloud hosting, security, analytics, support, and AI engines operating under contract, to your organization for usage or administration information when the Service is provided through your employer, to integrations you enable, to comply with law or protect rights, safety, and security, in connection with mergers, acquisitions, or reorganization, or with your direction or consent.

You may opt out of non-transactional marketing emails using the unsubscribe link in those messages. You may use your browser or platform settings to manage cookies and analytics controls.

You may submit requests to access, correct, or delete personal data through the contact channels below. Where we act as processor or service provider, we may refer your request to your organization. Depending on where you live, applicable law may provide additional privacy rights.

We apply administrative, technical, and physical safeguards, including encryption in transit, access controls, least-privilege administration, environment segregation, monitoring, and secure software development practices. No method is 100% secure.

We retain personal data only for as long as necessary for the purposes described above or as required by law.

Session data and in-memory processing for the add-in are temporary. Logs and support artifacts are kept for limited periods needed for operations, security, and compliance. Where deletion is not immediately possible, such as backups, data is isolated until deletion.

We may process and store data outside your country. Where required, we use appropriate safeguards such as contractual protections.

The Services are not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child provided data, contact us to request deletion.

We may update this Notice. We will revise the "Last Updated" date and, where required, provide additional notice for material changes.