We use cookies to enhance your browsing experience, strengthen security, and analyze website traffic. By clicking Accept, you consent to our use of cookies. Learn More
Understanding how we process and protect personal data helps ensure transparency, security, and compliance across the GeniusMesh platform.
This Data Processing Agreement (“DPA”) forms part of the applicable Terms of Service or other agreement between GeniusMesh, Inc. (“GeniusMesh”, “we”, “our”, or “us”) and the Customer governing the Customer’s access to and use of the GeniusMesh platform and related services.
This DPA explains how GeniusMesh processes Personal Data on behalf of its Customers and outlines our commitments as a Data Processor under the General Data Protection Regulation (GDPR).
Where GeniusMesh processes Personal Data on behalf of a Customer, the Customer acts as the Data Controller, and GeniusMesh acts as the Data Processor.
This page provides an overview of the GeniusMesh Data Processing Agreement for ease of reference. The executed agreement between GeniusMesh and the Customer remains the legally binding document.
Definitions
For the purposes of this DPA:
Scope of this DPA
This Data Processing Agreement applies whenever GeniusMesh processes Personal Data on behalf of a Customer in connection with providing the GeniusMesh platform and related services.
The DPA governs the processing of Personal Data performed by GeniusMesh solely for the purpose of delivering the contracted services.
Where there is any inconsistency between this DPA and the applicable customer agreement relating to the processing of Personal Data, the provisions of this DPA shall prevail.
Roles and Responsibilities
The Customer determines the purposes and means of processing Personal Data and acts as the Data Controller.
GeniusMesh processes Personal Data only on documented instructions from the Customer and only as necessary to provide the contracted services.
| Customer (Data Controller) | GeniusMesh (Data Processor) |
|---|---|
| Determines the purposes and means of processing | Processes Personal Data on documented customer instructions |
| Establishes the lawful basis for processing | Implements appropriate technical and organizational security measures |
| Responds to Data Subject requests | Assists Customers in fulfilling applicable GDPR obligations |
Categories of Personal Data and Data Subjects
Depending on the services used, GeniusMesh may process Personal Data relating to:
Data Subjects
Personal Data
As described in our DPA, GeniusMesh does not intentionally collect or process special categories of Personal Data unless expressly agreed with the Customer.
Purpose of Processing
GeniusMesh processes Personal Data solely to provide the services requested by the Customer.
Processing activities may include, but are not limited to:
Personal Data is processed only to the extent necessary to deliver and support the GeniusMesh platform.
Managed Database Services
GeniusMesh utilizes MongoDB Atlas as its primary managed database platform for storing and processing application data, customer information, configuration data, and operational data.
MongoDB Atlas provides a secure, cloud-hosted database environment with encryption in transit and at rest. Customer data is stored and processed in accordance with the security measures and data protection commitments described in this Data Processing Agreement.
AI-Powered Services
GeniusMesh utilizes Microsoft Azure AI Foundry to provide AI-powered features, workflow automation, intelligent platform capabilities, natural language processing, and agentic AI services.
When Customers choose to use AI-powered functionality, Customer-provided prompts, inputs, conversation history, contextual information, and generated outputs may be processed through Microsoft Azure AI services solely for the purpose of delivering the requested functionality.
Such processing is performed in accordance with applicable data protection laws, this Data Processing Agreement, and GeniusMesh’s security and privacy practices.
Data Processing Commitments
When processing Personal Data on behalf of Customers, GeniusMesh commits to:
Technical and Organizational Measures
GeniusMesh maintains administrative, technical, and organizational safeguards designed to protect Customer Personal Data throughout its lifecycle.
Security Governance
Our security program includes:
Infrastructure Security
The GeniusMesh platform is hosted primarily on Amazon Web Services (AWS) and utilizes additional managed cloud services to support database hosting and AI-powered capabilities.
Infrastructure includes:
Infrastructure is secured through private networking, encryption, centralized monitoring, secure credential management, and access controls.
Access Controls
Access to Customer Personal Data is protected through:
Data Protection
Security controls include:
Additional details are described in Annex II of the DPA.
International Data Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), GeniusMesh implements appropriate safeguards in accordance with applicable data protection laws.
Where required, international transfers are governed by the European Commission’s Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
Audit & Compliance
Upon reasonable request, GeniusMesh will provide Customers with information reasonably necessary to demonstrate compliance with applicable data protection obligations.
Where applicable, Customers may exercise audit rights in accordance with the terms of the DPA.
Personal Data Breach Notification
GeniusMesh maintains documented procedures for identifying, managing, and responding to Personal Data Breaches.
Where required by applicable law, GeniusMesh will notify affected Customers without undue delay and provide reasonable assistance to support regulatory notification obligations and mitigation efforts.
Return and Deletion of Personal Data
Upon termination of the applicable agreement, GeniusMesh will return or securely delete Customer Personal Data in accordance with the DPA unless retention is required by applicable law.
Annex I – Description of Processing
Annex I of the executed Data Processing Agreement describes:
It also describes the cloud platforms and technologies used by GeniusMesh in delivering its Services.
Annex II – Technical and Organizational Measures
A detailed description of the administrative, technical, and organizational safeguards implemented by GeniusMesh is included in Annex II of the executed Data Processing Agreement.
These measures include:
Annex III – Approved Subprocessors
GeniusMesh engages carefully selected third-party subprocessors to support the delivery, operation, maintenance, and continuous improvement of its Services. Each subprocessor is engaged only where necessary to provide the Services and is contractually required to implement appropriate technical and organizational measures to protect Personal Data in accordance with applicable data protection laws.
The current list of approved subprocessors, including the services provided, processing purpose, category, processing location or region, and vendor website, is maintained in the GeniusMesh Trust Center and is available at: https://trust.geniusmesh.com
The Trust Center is reviewed and updated whenever subprocessors are added, removed, or materially changed, in accordance with the notification obligations set out in this Data Processing Agreement.
GeniusMesh remains responsible for the performance of its approved subprocessors and for ensuring that they meet the applicable data protection obligations required under this Data Processing Agreement.
Contact Us
If you have any questions regarding this Data Processing Agreement or GeniusMesh’s privacy and security practices, please contact:
Security & Privacy Team
Email: security@geniusmesh.com