This Privacy Policy applies to both GenieHaus (geniehaus.io) and GenieTracker (genietracker.geniehaus.io), operated by MGF Group. By using our services, you agree to the practices described here.
MGF Group ("Company," "we," "us," or "our") operates the GenieHaus platform and the GenieTracker management suite. Our principal place of business is located at Michigan, USA.
For privacy-related inquiries contact us at mohamed.safa@mgfgrp.com.
2. Information We Collect
2.1 Information You Provide Directly
Account data: Name, email address, password (hashed), and profile information when you register.
Workspace & project data: Content you create within GenieTracker — contacts, contracts, envelopes, tasks, and other records.
Billing data: Payment method details processed by QuickBooks/Intuit on our behalf; we do not store raw card numbers.
Communications: Messages you send to our support team or through in-app feedback.
2.2 Information Collected Automatically
Usage data: Pages visited, features used, clicks, session duration, and error logs.
Device & log data: IP address, browser type, operating system, referrer URL, and timestamps.
Cookies: First-party cookies we set to maintain sessions and preferences (see Section 5).
2.3 Information from Third Parties
Payment and billing status from QuickBooks / Intuit and Stripe.
Single sign-on data if you authenticate via a supported OAuth provider.
3. How We Use Your Information
Provide, maintain, and improve the GenieHaus and GenieTracker services.
Process payments and manage subscriptions through QuickBooks/Intuit.
Monitor and analyse usage patterns to improve user experience.
Detect, investigate, and prevent fraudulent or unauthorised activity.
Comply with legal obligations applicable in the jurisdictions where we operate.
We do not sell your personal information to third parties, and we do not use your data for targeted advertising.
4. How We Share Your Information
Service providers: Hosting, infrastructure, payment processing (QuickBooks/Intuit, Stripe), and email vendors under written data-processing agreements.
Your organisation: Workspace administrators may access data within their workspace.
Legal authorities: When required by law, court order, or to protect user safety.
Business transfers: In connection with a merger, acquisition, or sale of assets.
5. Cookies & Tracking Technologies
We use first-party cookies only — no third-party advertising or analytics trackers. See our full Cookies Policy for the complete inventory.
6. Data Retention
Active workspace data removed within 30 days of account deletion.
Backup copies purged within 90 days.
Financial and billing records retained for up to 7 years (IRS requirements).
Depending on your location you may have rights to: access, correct, delete, or port your data; object to or restrict processing; and withdraw consent. California residents (CCPA) may opt out of the sale of personal information (we do not sell personal information). EU/EEA & UK residents (GDPR) may lodge a complaint with their local supervisory authority.
To exercise any right, contact mohamed.safa@mgfgrp.com. We respond within 30 days.
8. International Data Transfers
Our infrastructure is primarily in the United States. Transfers from the EU/EEA or UK are protected by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
9. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors. Contact us immediately if you believe we have done so.
10. Security
We implement encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews. To report a vulnerability: mohamed.safa@mgfgrp.com.
11. Changes to This Policy
Material changes will be notified by email or in-app notice at least 14 days before they take effect.