THIRD-PARTY SERVICES DISCLOSURE

NYGMA.AI

Last Updated: March 18, 2025

This Third-Party Services Disclosure provides information about the third-party services, integrations, and subprocessors used by Genie9 LTD (“Genie9”, “we”, “us”, or “our”), a company registered in England and Wales with company registration number 08669198, in connection with the Nygma.ai service (“Service”).

We strive to be transparent about the third-party services we use to provide, maintain, and improve our Service. This disclosure explains what third-party services we use, how we use them, and what data they may process.

1. INFRASTRUCTURE PROVIDERS

1.1 Cloud Hosting Services

• Amazon Web Services (AWS)
  • Purpose: Primary cloud infrastructure provider
  • Services Used: S3 (storage), EC2 (compute), RDS (database), CloudFront (content delivery)
  • Data Processed: Encrypted user content, encrypted metadata, operational logs
  • Data Location: United States (primary region)
  • More Information: AWS Privacy Notice

1.2 Content Delivery Network (CDN)

• Amazon CloudFront
  • Purpose: Deliver web application assets
  • Services Used: Content distribution
  • Data Processed: Website assets, non-personal usage data
  • Data Location: Global edge locations
  • More Information: CloudFront Privacy FAQs

1.3 Database Services

• Amazon RDS for MySQL
  • Purpose: Primary database service
  • Services Used: Relational database
  • Data Processed: Account information, encrypted metadata, service configuration
  • Data Location: United States (primary region)
  • More Information: RDS Documentation

2. PAYMENT PROCESSORS

2.1 Payment Processing

• Stripe
  • Purpose: Process subscription payments
  • Services Used: Payment processing, subscription management
  • Data Processed: Payment information, billing address, subscription status
  • Data Location: Global processing network
  • More Information: Stripe Privacy Policy

2.2 Payment Security

• Genie9 does not directly process, store, or transmit credit card information
• All payment information is handled directly by Stripe
• Payment Card Industry Data Security Standard (PCI DSS) compliance is maintained

3. ANALYTICS AND MONITORING

3.1 Service Analytics

• Google Analytics
  • Purpose: Analyze website and application usage
  • Services Used: Website analytics
  • Data Processed: Anonymous usage data, IP addresses (anonymized), user behavior
  • Data Location: Various global locations
  • User Control: Can be disabled through cookie preferences
  • More Information: Google Analytics Privacy

3.2 Error Monitoring

• Sentry
  • Purpose: Track and diagnose application errors
  • Services Used: Error reporting, performance monitoring
  • Data Processed: Error logs, device information, affected user IDs
  • Data Location: United States
  • More Information: Sentry Privacy Policy

3.3 System Monitoring

• Amazon CloudWatch
  • Purpose: Monitor system performance and availability
  • Services Used: Logging, metrics, alarms
  • Data Processed: System logs, performance metrics, resource utilization
  • Data Location: United States (primary region)
  • More Information: AWS Privacy Notice

4. COMMUNICATION SERVICES

4.1 Email Communication

• SendGrid
  • Purpose: Send transactional and marketing emails
  • Services Used: Email delivery
  • Data Processed: Email addresses, names, email content, open/click statistics
  • Data Location: United States
  • More Information: SendGrid Privacy Policy

4.2 Customer Support

• Zendesk
  • Purpose: Provide customer support services
  • Services Used: Help desk, knowledge base
  • Data Processed: Support requests, email addresses, communication history
  • Data Location: Global service network
  • More Information: Zendesk Privacy Policy

5. DEVELOPMENT AND OPERATIONAL TOOLS

5.1 Development Tools

• GitHub
  • Purpose: Code repository and development management
  • Services Used: Code storage, issue tracking, continuous integration
  • Data Processed: Code, development logs (no customer data)
  • Data Location: United States
  • More Information: GitHub Privacy Statement

5.2 DevOps Tools

• Docker
  • Purpose: Application containerization
  • Services Used: Container management
  • Data Processed: Application code and configurations (no customer data)
  • Data Location: Not applicable (used internally)
  • More Information: Docker Privacy Policy

6. SECURITY SERVICES

6.1 DDoS Protection

• AWS Shield
  • Purpose: Protect against distributed denial-of-service attacks
  • Services Used: Traffic filtering, attack mitigation
  • Data Processed: Network traffic metadata, IP addresses
  • Data Location: Global edge locations
  • More Information: AWS Privacy Notice

6.2 Web Application Firewall

• AWS WAF
  • Purpose: Protect web applications from common web exploits
  • Services Used: Traffic filtering, security rules
  • Data Processed: HTTP headers, request metadata, IP addresses
  • Data Location: Global edge locations
  • More Information: AWS WAF Documentation

7. ZERO-KNOWLEDGE CONTEXT

7.1 Data Processing Limitations

• Due to our zero-knowledge encryption architecture:
  • Third-party services cannot access the contents of your encrypted files
  • Even our infrastructure providers only handle encrypted data they cannot decrypt
  • The security of your content is maintained regardless of the location of the service

7.2 Data Minimization

• We limit the data shared with third-party services to what is necessary for their function
• Where possible, we anonymize or pseudonymize data before sharing with third parties
• We implement technical measures to prevent unnecessary data collection

8. DATA PROCESSING AGREEMENTS

8.1 Vendor Assessments

• We conduct security and privacy assessments of our third-party service providers
• We enter into data processing agreements with service providers that process personal data
• We require our service providers to maintain appropriate security measures

8.2 Subprocessor Changes

• We may update our third-party service providers from time to time
• Significant changes to our core service providers will be communicated to users
• This disclosure will be updated to reflect current third-party services

9. USER CONTROLS

9.1 Opt-Out Options

• Where applicable, users can opt out of certain third-party services:
  • Analytics cookies can be disabled through cookie preferences
  • Marketing communications can be disabled in account settings
  • Certain optional integrations can be disabled in service settings

9.2 Data Access Requests

• Users can request information about their data held by third-party services
• Requests should be submitted to privacy@genie9.com
• We will assist in forwarding appropriate requests to our service providers

10. CHANGES TO THIS DISCLOSURE

10.1 Updates

• We may update this Third-Party Services Disclosure from time to time
• Material changes will be communicated to users
• The current version will always be available on our website

11. LIMITATION OF LIABILITY

11.1 Liability Cap

• IN NO EVENT SHALL GENIE9’S TOTAL LIABILITY TO YOU FOR ANY CLAIMS RELATED TO THIRD-PARTY SERVICES OR THE SUBJECT MATTER OF THIS DISCLOSURE EXCEED ONE HUNDRED U.S. DOLLARS ($100.00), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE.

11.2 Third-Party Terms

• Each third-party service has its own terms of service and privacy policy
• We encourage you to review these policies for services that process your data
• We are not responsible for the privacy practices or content of third-party services

12. CONTACT INFORMATION

For questions about this Third-Party Services Disclosure, please contact:

Genie9 LTD
3 Shortlands
W68DA, London
United Kingdom
Email: privacy@genie9.com

END OF THIRD-PARTY SERVICES DISCLOSURE