Geneviva ("we", "us", or "our") operates genevia.app from California, USA. This policy describes what personal information we collect, how we use it, and your rights under applicable law — including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), CalOPPA, and the EU/UK General Data Protection Regulation (GDPR/UK GDPR) for users in the European Economic Area and United Kingdom.
The data controller for personal information processed through genevia.app is Geneviva, operated by its owner, reachable at hello@genevia.app. We do not have a Data Protection Officer (DPO) as we do not meet the thresholds requiring one under GDPR Article 37.
We collect the following categories of personal information (as defined under the CCPA):
We do not collect sensitive personal information (as defined by CPRA) beyond what is listed above. We do not collect Social Security numbers, financial information, precise geolocation, or biometric data.
Geneviva includes an optional medical summary feature. If you or your family members add health-related information to a family tree profile, that constitutes special category data under GDPR Article 9. We process such data solely on the basis of your explicit consent (Art. 9(2)(a)), given when you voluntarily enter that information. You may delete it at any time. We do not use health data for any purpose other than displaying it within your private tree.
We do not sell your personal information and have not done so in the preceding 12 months. We do not share your personal information with third parties for cross-context behavioral advertising. Because we do not sell or share data for these purposes, there is no need to opt out — but you have that right regardless.
Your family tree is private by default. Only people you explicitly invite can view your tree. We do not publish your family data to any public genealogy database.
We share data only with the following categories of service providers, who are contractually prohibited from using it for any purpose other than providing services to us:
We do not use advertising networks, data brokers, or analytics services that have access to your personal family tree content.
Geneviva is operated from the United States. If you access the service from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information will be transferred to and stored on servers in the United States.
The US does not have an adequacy decision from the European Commission for all transfers. We rely on the following transfer mechanisms:
We acknowledge that US law may not provide the same level of protection as EEA law. If this is a concern, you should not use the service. We will implement Standard Contractual Clauses (SCCs) or seek adequacy-framework certification as the service matures.
We do not disclose personal information to third parties for their direct marketing purposes. California residents may request information about any such disclosures by emailing hello@genevia.app, though we have none to report.
We retain your personal information for as long as your account is active. You may request deletion at any time via our Delete Data page. We will delete your account and all associated family tree data immediately upon confirmation.
Depending on where you live, you have the following rights. All users may exercise any of these rights regardless of location — we apply them universally.
To exercise any of these rights, email hello@genevia.app from the address associated with your account. We will respond within 30 days (extendable by up to two additional months for complex requests under GDPR; up to 45 days total under CCPA). We will verify your identity before processing requests and will not charge a fee for reasonable requests.
We do not use cross-site tracking technologies. We do not respond differently to Do Not Track (DNT) browser signals because we do not track users across third-party websites regardless of DNT setting.
We use strictly necessary cookies for session authentication only. We do not use tracking, advertising, or analytics cookies. You may disable cookies in your browser, but the service will not function without session cookies.
Geneviva is not directed at children under 13 and we do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with personal information, contact us at hello@genevia.app and we will delete it immediately.
If we make material changes, we will notify you by email or a prominent notice in the app at least 30 days before the changes take effect. The effective date at the top of this page will be updated.
Privacy questions or rights requests: hello@genevia.app.