Privacy Highlights
- Who we are: Genesis-RM is a financial risk analysis platform operated by
ABMS SOFTWARE LIMITED (UK).
- Global Compliance: We adhere to the UK GDPR, EU GDPR, and provide CCPA-level
rights to US users.
- Your Payments: We do not store full credit card numbers. All
payments are securely handled by Creem (Merchant of Record).
- Data Sovereignty: Your data is processed securely, with cross-border transfer
safeguards in place.
1. Introduction
Welcome to Genesis-RM ("we," "our," or "us"). We are committed to protecting the privacy
and security of your personal information. This Privacy Policy explains how we collect, use, disclose,
and otherwise process your personal data in connection with our website https://genesis-rm.com (the "Site") and our risk analysis software
(the "Service").
Genesis-RM is operated by ABMS SOFTWARE LIMITED, a company registered in the United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, we are the Data Controller.
2. The Data We Collect
We collect personal data in three ways: (1) information you provide to us, (2) information automatically
collected, and (3) information from third parties.
A. Information You Provide Directly
- Account Credentials: When you register, we collect your email
address and password (hashed/encrypted) to establish your user account.
- Profile & Settings: We store your user preferences, such as chart settings, risk
parameters, and dashboard configurations. This allows us to customize your experience ("User
State").
- Commercial Inquiries: If you contact us for enterprise licensing or API access, we
collect your name, job title, and company details.
- Support Communications: Content of emails or support tickets sent to us.
B. Information We Collect Automatically
- Usage Data: We use Google Analytics to collect information about
your interaction with the Service. This includes your IP address, browser type, device information,
pages visited, dwell time, and interaction with specific financial models.
- Log Data: Server logs that record IP addresses, access times, and error reports for
security and debugging.
- Cookies & Pixels: We use essential cookies for authentication and analytical
cookies to track usage (subject to your consent).
C. Technical Tracking & Compliance Data
- Data Fingerprinting: To comply with our market data licenses, our providers (such as Tiingo, Inc.) use "fingerprinting" technology to track the downstream distribution of market data and identify unauthorized redistribution or scraping.
- Usage Monitoring: We monitor API queries and access patterns to prevent account sharing and automated abuse.
D. Information from Third Parties
- Payment Data: We use Creem as our Merchant of Record. They
handle the entire checkout process. We receive only a "token" or confirmation data (e.g.,
"Subscription Active," "Plan Type," and expiration date) to manage your access. We do not
see, process, or store your raw credit card information.
3. How We Use Your Data
We process your data based on specific legal grounds:
1. Performance of a Contract
- Service Delivery: To authenticate you and provide access to the SaaS dashboard.
- Billing: To verify subscription status via Creem.
- Notices: To send administrative emails (e.g., password resets, downtime notices).
2. Legitimate Interests
- Product Improvement: Analyzing aggregated usage data to refine our financial
algorithms and UI.
- Security: Monitoring for suspicious activity, API abuse, or unauthorized account
sharing.
- Fraud Prevention: Verifying identities to prevent payment fraud.
3. Legal Obligations
- Compliance: Retaining transaction records for HMRC (UK tax authority) audits.
- Safety: Responding to valid law enforcement requests.
4. Cookies and Tracking Technologies
We classify cookies into two categories:
- Strictly Necessary: Essential for the login session, CSRF protection, and payment
gateway integration. You cannot opt-out of these.
- Performance & Analytics: (Google Analytics) These help us understand user behavior.
We only activate these if you consent via our Cookie Banner.
You can manage your cookie preferences at any time via the "Cookie Settings" link in our footer.
5. Sharing Your Data
We do not sell your personal data. We disclose data only to the following "Data Processors" who operate
under strict confidentiality agreements:
| Processor |
Purpose |
Location |
| Creem |
Merchant of Record (Payments & Tax) |
EU |
| Google Analytics |
Traffic & Behavior Analysis |
USA |
| Tiingo, Inc. |
Market Data Provider |
USA |
| Cloud Infrastructure |
Hosting & Database (Hetzner) |
EU |
| Email Service |
Transactional Emails (Hostinger) |
USA |
| Professional Advisers |
Legal, Accounting |
UK |
6. International Transfers
Our primary service providers are located in the United States.
When we transfer your personal data from the UK/EEA to the US, we ensure protection through:
- The UK International Data Transfer Agreement (IDTA).
- Standard Contractual Clauses (SCCs) approved by the European Commission/UK ICO.
- Data Privacy Framework (DPF) participation where applicable by the vendor.
By using our Service, you acknowledge and consent to this transfer.
7. Data Retention
We practice data minimization. We retain data only as long as necessary:
- Active Accounts: For the duration of your subscription + 12 months (to allow for
reactivation).
- Financial Records: 6 years from the end of the financial year (UK
limitation period for tax/contract claims).
- Marketing Data: Until you unsubscribe.
- Analytics Data: 14 months (Google Analytics default retention).
8. Your Rights (UK GDPR & Global)
You have the following rights regarding your data:
- Right to Access: Request a copy of the data we hold.
- Right to Rectification: Correct inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your account and
data, subject to legal retention rules (e.g., tax laws).
- Right to Restrict Processing: Pause processing during a dispute.
- Right to Portability: Receive your data in a structured CSV/JSON format.
- Right to Object: Object to processing based on "Legitimate Interests."
For California Residents (CCPA/CPRA): Although we may not meet the statutory threshold,
we voluntarily offer you the right to know what personal info is collected and the right to delete it.
We do not "sell" or "share" personal data for cross-context behavioral advertising.
To exercise these rights, contact info@genesis-rm.com.
9. Security
We implement industry-standard security measures, including:
- Encryption of data in transit (TLS 1.2+).
- Encryption of passwords and sensitive keys at rest.
- Strict access controls and 2FA for administrative staff.
- Regular security audits of our codebase.
10. Contact Us
