How we handleyour data.

Who this policy covers.

This Privacy Policy applies to AppsGenii Technologies ("AppsGenii", "we", "us", "our") — a Wyoming C-Corporation headquartered at Dallas, Texas, USA — and to all websites, properties, and services we operate, including www.appsgenii.com, our client portals, and any engagement we deliver under a written agreement.

It applies to visitors to our website, prospects who contact us, candidates who apply for roles, and clients who engage us under a Master Services Agreement, Statement of Work, or similar contract.

For contracted engagements, the data processing terms in your signed agreement (DPA, SOW, MSA) take precedence over this public policy where they conflict.

What we collect, and how.

We collect personal information in three ways: information you give us directly, information collected automatically when you interact with our properties, and information we receive from third parties (such as referrers or partners).

Why we hold it.

We use personal information only for the purposes listed below, and only as long as we need to. We do not sell personal information to third parties.

• Respond to inquiries — to reply to contact-form messages, schedule calls, and route requests to the appropriate practice lead
• Deliver engagements — to perform the services contracted under your MSA / SOW, including project management, communications, and invoicing
• Hire and onboard — to review job applications, conduct interviews, and process new-hire paperwork
• Operate and improve our properties — to maintain website performance, troubleshoot errors, and improve content based on usage analytics
• Marketing and outreach — to send newsletters, product updates, event invitations, and account-based marketing materials. You can opt out at any time
• Legal and compliance — to comply with applicable law, respond to lawful requests, and protect AppsGenii's rights and property

Our legal bases under GDPR include (a) performance of a contract, (b) our legitimate business interests, (c) compliance with legal obligations, and (d) your consent — depending on the specific processing activity.

Cookies, pixels, and the rest.

We use cookies and similar technologies to operate our website, remember preferences, measure performance, and support marketing. Specifically:

• Strictly necessary cookies — required for the site to function (load balancing, security, session). No opt-out
• Analytics cookies — Google Analytics 4 and Microsoft Clarity, which help us understand how visitors use the site. Opt-out available via our cookie banner
• Marketing cookies — LinkedIn Insight Tag and Meta Pixel for retargeting and measuring campaign performance. Opt-out available via our cookie banner
• Embedded content — third-party players (YouTube, Vimeo, Calendly) may set their own cookies when their content is loaded

You can manage cookies through our cookie banner (when first visiting from EU/UK/California IPs), through your browser settings, or by using browser extensions such as Privacy Badger or uBlock Origin.

Who else sees your data.

We share personal information only with:

• Service providers we contract to operate our business — including hosting (AWS, Cloudflare), CRM (HubSpot, Salesforce), email (Google Workspace, Microsoft 365), analytics, helpdesk, and accounting platforms. Each is bound by a written agreement and confidentiality obligations
• Strategic partners — most notably Aramis Solutions, our GCC regional delivery partner. Aramis processes engagement data only when working on a project under a joint agreement
• Professional advisors — lawyers, auditors, and accountants who require access for their service to us
• Successor entities in the event of a merger, acquisition, or sale of business assets
• Government authorities when compelled by valid legal process, or to investigate fraud, abuse, or threats to safety

We do not sell personal information. We do not share personal information for the purposes of cross-context behavioral advertising as defined under CCPA.

How long we keep it.

We retain personal information only as long as we need to for the purpose it was collected, or as required by law. As a rule of thumb:

• Contact inquiries: up to 24 months after the last interaction, then archived or deleted
• Job applications: 12 months after the application closes (or longer if you consent to talent-pool consideration)
• Client engagement data: for the duration of the contract plus 7 years for tax, audit, and warranty purposes
• Analytics data: aggregated and anonymized after 26 months
• Marketing subscribers: until unsubscribe, plus a 24-month suppression list to honor opt-outs

Cross-border data flows.

AppsGenii operates from offices in Dallas, Bahrain, Dubai, Lisbon, Leeds, and Lahore. Personal information may be transferred and processed in any of these jurisdictions, as well as in the United States where our primary infrastructure is hosted.

For transfers of EU/UK personal data outside those territories, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and equivalent mechanisms. Where required, we conduct transfer impact assessments and implement supplementary measures.

If you would like a copy of the transfer safeguards we rely on, please contact us at [email protected].

What you can ask us to do.

Depending on where you live, you have rights under data-protection law including:

• Access — to know what personal data we hold about you and obtain a copy
• Correction — to fix inaccurate or incomplete personal data
• Deletion — to request erasure of personal data (subject to retention obligations)
• Portability — to receive your data in a structured, commonly-used, machine-readable format
• Objection & restriction — to object to or restrict certain processing, including direct marketing
• Withdraw consent — where processing is based on consent, to withdraw it at any time
• Non-discrimination — under CCPA, we will not discriminate against you for exercising your rights
• Complain to a regulator — for EU/UK residents, you may complain to your local data-protection authority

To exercise any of these rights, email [email protected] with the subject line "Data Subject Request". We will respond within 30 days (or earlier where required by law).

How we protect data.

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption in transit (TLS 1.2+) and at rest for sensitive data
• Role-based access controls and least-privilege principles
• Multi-factor authentication on production systems and admin accounts
• Background-checked engineering team; signed confidentiality agreements with all staff and contractors
• ISO 9000-aligned quality management system and HIPAA / PCI-DSS-ready operating practices for regulated engagements
• Regular vulnerability scans, dependency audits, and penetration testing for client-facing systems

No method of transmission or storage is 100% secure. If we become aware of a security incident affecting your personal data, we will notify you and applicable regulators where required by law.

Not for kids.

Our websites and services are not directed to children under 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete it.

When this changes.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Effective" date at the top of this page shows when the latest version took effect.

For material changes, we will provide reasonable notice — typically via a banner on the website, an email to active subscribers, or both — at least 30 days before the change takes effect, where feasible.

How to reach us.

For questions about this Privacy Policy or how we handle your data:

If you are in the EU/UK and feel we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data-protection supervisory authority. For California residents, complaints may be directed to the California Privacy Protection Agency (CPPA).