Back to Home

Privacy Policy

Last Updated: March 20, 2026

At Gennai, a product of NUVIO LAB - FZCO ("we", "us", or "our"), accessible from https://www.gennai.io, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you use our invoice management service.

1. Information We Collect

We collect the following types of information to provide and improve our services:

  • Account Information: Your name, email address, and profile information when you create an account or sign in with Google.
  • Payment Information: Billing details processed securely through Stripe. We do not store your complete credit card information on our servers.
  • Email Data (Gmail/Outlook): We access your email accounts solely to scan for emails containing invoice attachments (PDF files). We only read email metadata and attachments identified as invoices.
  • WhatsApp Data: When you use our WhatsApp invoice submission feature, we collect your WhatsApp phone number, the documents (invoices, receipts, images) you send us, and message metadata (timestamps, message IDs). We process these documents to extract invoice data.
  • Invoice Data: Information extracted from your invoices including supplier names, amounts, dates, and other relevant billing details.
  • Google Drive Data: We create and organize folders in your Google Drive to store your extracted invoices.
  • Usage Data: Information about how you interact with our service, including log data and analytics.

2. How We Use Google User Data

Gennai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we use Google user data as follows:

  • Gmail Access: We scan your inbox to identify emails with PDF attachments that contain invoices. We use AI to extract relevant data from these invoices. We do not read, store, or process the content of your personal emails.
  • Google Drive Access: We create organized folders (by year and month) in your Google Drive and upload your extracted invoices for easy access and backup.
  • Limited Use: We only use Google user data for the purposes described in this policy. We do not use this data for advertising, and we do not sell or share it with third parties except as required to provide our service.

3. How We Use WhatsApp Data

When you use our WhatsApp invoice submission feature, we process your data as follows:

  • Phone Number Verification: You must register and verify your WhatsApp phone number in your Gennai account before sending invoices. This ensures only authorized users can submit documents to your organization.
  • Document Processing: When you send a PDF or image to our WhatsApp number, we download the file, extract invoice data using AI, and store the invoice in your Gennai account.
  • Message Handling: We only process messages containing documents (PDFs, images). We do not store or read text-only messages beyond what is necessary to provide confirmations.
  • Data Storage: Documents sent via WhatsApp are stored securely in our cloud infrastructure, encrypted at rest. The extracted invoice data is stored in your Gennai account.
  • Data Retention: WhatsApp message metadata is retained only as long as necessary to process your request. Documents are retained according to your account settings and our standard retention policy.
  • No Third-Party Sharing: We do not share your WhatsApp data with third parties for marketing or advertising purposes.

You can disconnect your WhatsApp phone number and request deletion of associated data at any time through your account settings or by contacting privacy@gennai.io.

4. WhatsApp Business Platform Compliance

Our use of the WhatsApp Business Platform complies with the WhatsApp Business Policy and WhatsApp Privacy Policy. Specifically:

  • We only use WhatsApp to provide our invoice processing service as described in this policy
  • We do not send unsolicited marketing messages via WhatsApp
  • We do not sell or share WhatsApp user data with third parties for their own purposes
  • We respond to user messages within WhatsApp's allowed timeframes
  • Users can opt-out of WhatsApp communications at any time by removing their phone number from their account

5. How We Use QuickBooks Data

When you connect your QuickBooks Online account, Gennai accesses your QuickBooks data solely to enable invoice export functionality. Specifically:

  • Company Information: We read your company name, country, and currency preferences to configure the integration correctly.
  • Vendors: We read existing vendors to avoid duplicates and create new vendor records when exporting invoices that reference new suppliers.
  • Bills: We create Bill records in QuickBooks corresponding to the invoices you choose to export from Gennai. We attach the original PDF to each Bill.
  • Accounts: We read your Chart of Accounts to select the appropriate expense account for Bill creation.
  • Currency & Exchange Rates: For multi-currency companies, we read exchange rates to ensure accurate Bill amounts in foreign currencies.

What we do NOT do with QuickBooks data:

  • We do not read your customers, sales invoices, payments, or banking data
  • We do not modify or delete existing records in QuickBooks (we only create new Bills and Vendors)
  • We do not use QuickBooks data for advertising, analytics, or any purpose other than providing the export service
  • We do not sell or share QuickBooks data with third parties

Token Security: Your QuickBooks OAuth tokens are encrypted at rest using AES-256-GCM encryption. Tokens are automatically refreshed and re-encrypted. You can disconnect QuickBooks at any time from your Gennai dashboard or directly from the QuickBooks App Store, which immediately revokes all access.

Webhooks: We receive real-time notifications from QuickBooks when Bills or Vendors you exported are modified or deleted, so we can keep your Gennai records in sync. Webhook payloads are verified using HMAC-SHA256 signatures to prevent tampering.

6. How We Use Accounting Integration Data (Xero, Holded)

When you connect third-party accounting platforms such as Xero or Holded, we access their APIs solely to export invoice data from Gennai into your accounting system. This includes creating purchase records (bills), managing supplier/vendor contacts, and attaching PDF files. We do not access financial reports, bank feeds, payroll, or any data beyond what is necessary for invoice export. All OAuth tokens for these services are encrypted at rest using AES-256-GCM.

7. Data Usage for AI/ML Models

Gennai does not use any user data, including data obtained through Google Workspace APIs or QuickBooks APIs, to develop, improve, or train generalized AI and/or ML models. Your data is used solely for providing the Gennai invoice extraction and organization services as described in this Privacy Policy.

8. Purpose of Data Collection

We collect and process your data for the following purposes:

  • To provide our core invoice extraction and organization service
  • To display your invoices and spending analytics in your dashboard
  • To enable sharing and collaboration with your accountant or team members
  • To process payments and manage your subscription
  • To communicate with you about service updates and support
  • To improve and optimize our service

9. Data Sharing

We do not sell your personal data. We only share your data in the following circumstances:

  • Service Providers: We use trusted third-party services to operate our platform, including Stripe (payments), Clerk (authentication), Intuit QuickBooks (accounting export), and cloud infrastructure providers. These providers only access data necessary to perform their services.
  • With Your Consent: When you choose to share invoice access with your accountant or team members.
  • Legal Requirements: When required by law or to protect our legal rights.

10. Data Protection and Security

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using TLS/SSL
  • Data at rest is encrypted using AES-256 encryption
  • We use secure OAuth 2.0 for Google authentication
  • Access controls and authentication protect your account
  • Regular security audits and monitoring

11. Data Retention and Deletion

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: Your data is retained while your account is active and you maintain a subscription.
  • Account Cancellation: Upon cancellation, your data will be deleted within 30 days, except where we are required to retain it for legal or compliance purposes.
  • Data Deletion Requests: You may request deletion of your personal data at any time by contacting us at privacy@gennai.io. We will process your request within 30 days.
  • Google Data: Google user data will be deleted when you disconnect your Gmail account or cancel your subscription.

Billing Dispute and Refund Records: In addition to the above, we retain certain records to support billing disputes, fraud prevention, and refund processing:

  • Usage data: Credits consumed, invoices processed, activity logs, and timestamps
  • Billing records: Payment dates, amounts, subscription changes, and credit pack purchases
  • Support communications: Correspondence with our support team regarding billing, refunds, or disputes

These records are retained for up to 12 months after account closure or until all pending disputes are resolved, whichever is later. This retention is necessary to protect both you and Gennai in the event of payment disputes or chargeback proceedings.

12. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Revoke Access: Disconnect your Google account at any time through your dashboard settings or through Google's security settings. Disconnect QuickBooks from your Gennai dashboard or from the QuickBooks App Store.

13. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics cookies to understand how users interact with our service. You can control cookie preferences through your browser settings.

14. Children's Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

15. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection laws.

16. Updates to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated via email to registered users. We encourage you to review this policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: privacy@gennai.io
Website: https://www.gennai.io

By using Gennai, you agree to the terms of this Privacy Policy.