Get Started
Get Started
3
Months of Starter for
Offer Ends January 31st
$99
Offer Ends Soon.
Claim the Offer

Privacy Policy

(“Privacy Policy”) applies to the websites related to KARTRA provided by Genesis Digital, LLC and its affiliated companies (“Genesis Digital” or “We”), including but not limited to the sites at kartra.com, as well as to any software, services, and/or products offered on such website (hereafter the “Sites”).

Privacy Policy

Genesis Digital values privacy – ours and yours. To help maintain your privacy and the security of your personal information, we communicate this and all of our privacy policies to Genesis Digital employees and agents, and we internally enforce privacy safeguards. 

We’ve developed this Privacy Policy to explain how we collect, use, disclose, transfer, and store information received from you in connection with the Sites. Before disclosing information to us, please familiarize yourself with our privacy practices so you can understand how your information may be used by Genesis Digital. If you are a Controller of personal data under the GDPR and want to understand how Genesis Digital processes data please request a copy of our Data Processing Addendum to our End-User License Agreement.

Our Collection and Use of Information:

Genesis Digital may collect information in a number of ways from users who access our Sites or services. We collect personal and non-personal information in various ways. You may provide your information to us to receive a product, service, or communication from us; we may request your information to better serve you; or we may require your information in order to be able complete a transaction (e.g. a purchase) or provide access (e.g. to a paid service).

A. Collection of Personal Information

 Personal information (or “Personally Identifiable Information” or “PII”) is information and data that can be used to specifically identify or contact a single person. You may be asked to provide your personal information when you contact Genesis Digital for any reason. Genesis Digital may share your personal information internally. If we do, we will use it in accordance with this Privacy Policy. We may also combine personal information with other information to help us to develop or improve our products, services, content, communications, and/or advertising, or to provide improved user experiences for you.

Personal information we collect

Examples of some types of personal information Genesis Digital may collect in connection with the Sites and how we may use it include the following: 

  • When you purchase, register, or login to use software, products, or services, request support, download a software update, register for a webinar, live workshop, or training, provide feedback on a software product, or participate in a promotion, contest or online survey, or respond to an advertisement, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, and/or social media credentials. We may collect credit card information in connection with your use of the Kartra shopping cart services.
  • If you use the KARTRA family of software/services, or the Sites shopping cart, we may collect information required to provide the services in connection with such service including PII such as your name, email address, IP address and current location. We may also collect certain personally identifying financial information (“PIFI”) in connection with the Sites shopping cart. Such PIFI may include your credit card number (or a portion thereof), the expiration date for the credit card, bank information such as your bank’s name, routing number, and/or your account information. This information in some cases may only be stored temporarily, or transiently, e.g. during a particular secure session between your computer and a Genesis Digital server.
  • We may also ask for certain information only in circumstances where required by law. For example, if you are using the KARTRA shopping cart, where we are required when setting up certain financial accounts to obtain e.g. your Social Security number (SSN), then we will ask for it. As above, such information may only be stored transiently, during a secure session.

How we use your personal information

  • Optional Communications: The personal information we collect allows us to provide you with Genesis Digital’s latest product announcements, helpful tips and information, special offers, software updates, and upcoming events. If you don’t want to receive these communications, or do not wish to be on our mailing list, you can opt out of receiving them. Each communication will provide opt-out directions, and you can also generally opt-out via your account dashboard if you are a registered user, client, or customer. The information in connection with these optional communications and your responses help us to improve our products, services, content, and advertising.
  • We also use personal information to help us develop, deliver, improve, and customize our software, products, services, content, and advertising and to provide a better user experience for every user of our software, products, and services.
  • Important Communications: We may use your personal information to send important communications, e.g., about your purchases of or access to software, products, or services, material changes to our EULA, terms, conditions, and policies (including this Privacy Policy), critical updates to software products, or services, or changes (including regulatory changes) that impact your use of Genesis Digital software, products, or services. Because this information is vital to your interaction with Genesis Digital, you may NOT opt out of receiving these communications if you wish to continue to use the Sites, or any software, products, or services offered in connection with the Sites.
  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Genesis Digital’s software, products, services, communications, support and/or help functions, and user interfaces.
  • If you enter into a promotion such as a contest, a giveaway, a one-time or special offer, or similar promotion, we may use the information you provide to administer those programs.
  • If we become involved in a legal process as a result of your actions on the Sites, or in connection with any software, products, or services offered via the Sites, we may be required to disclose your PII or PIFI to a government authority, or a third party who e.g., issues a subpoena that require us to provide it. Our response(s) to any such legal process will be handled on a case-by-case basis following the advice of our attorneys.

Business Purposes for Collecting Personal Information

We collect and use personal information for the following business purposes:

Contract: To provide and maintain the services necessary to fulfill a contractual agreement with you.

Service Delivery: To provide, maintain, and improve our software, products, and services including account management, customer support, and technical assistance.

Transaction Processing: To process payments, fulfill orders, manage subscriptions, and handle returns or refunds.

Communication: To send transactional emails, service announcements, security alerts, and respond to inquiries.

Marketing and Advertising: To send promotional communications, personalize marketing content, and measure advertising effectiveness (with appropriate consent).

Analytics and Research: To understand user behavior, analyze website traffic, conduct market research, and improve our offerings.

Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and law enforcement requests.

Business Operations: For auditing, accounting, internal research, quality assurance, and other internal business purposes.

B. Collection of Non-Personal Information

Information of a type or in a form that does not permit direct identification of or association with any specific individual is ‘non-personal information.’ Combinations of personal and non-personal information are considered personal information if the combined information can be used to identify or contact any specific individual(s). Aggregated data is considered non-personal information for the purposes of this Privacy Policy as long as it cannot be used to identify or contact any specific individual. Internet Protocol (IP) addresses and certain other identifiers may be considered personal information under various local laws; we endeavor to comply with the laws and regulations that are applicable to us.

How we collect and use your non-personal information

We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

  • We may collect non-personal information (e.g. demographic information) regarding our customers collectively including information such as age, gender, occupation, preferred language, zip code, area code, geographic location, or the time zone from which customers access the Sites, products, or services. Such non-personal information is used so that we can better understand who our customers are, and their behavior generally with regards the Sites, and to improve our software, products, services, communications, support, help, user experiences, and advertising for our customers.
  • We also may collect non-personal information regarding customer activities on the Sites or use of the Genesis Digital software, products, and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of the Sites, or our software, products, and services are of most interest or which can be improved. Non-personal support or help request data may be used to improve our software or the Sites, communications, and user interfaces, or to allow us to provide additional product or service offerings to our present or future customers.
  • We may collect non-personal information regarding the digital footprints of our customers with respect to accessing the Sites, or any related software, products, or services including mobile and non-mobile access, specific types of devices being used, unique device IDs, type of browser(s) being used, networks that our customers use, and other non-personal information. This information may be used to improve the Sites, software, products, or services including but not limited to their performance, functionality, design, or responsiveness.

C. Cookies and Other Technologies

To help Genesis Digital serve you better, we use technological means to better understand and adapt to user behavior. To accomplish this, the Sites, as well as our online software and services, email messages, and advertisements may use cookies or related technology such as pixel tags, clear gifs, and web beacons. These technologies help us to know which parts of the Sites people have visited and provide data to aid us in understanding the effectiveness of the software services, our advertisements, and web searches. These data are used to improve our software, products, services, communications, and advertisements. We generally consider such information collected through the use of cookies and other technologies as non-personal information and treat it accordingly.

We also use cookies and other technologies to remember personal information when you use the Sites, software, products, or services. These uses are intended to improve your personal experience. For example, we can provide better and more personal results if we ‘remember’ your preferred settings, your name, and such.

Genesis Digital may use cookies or other technologies in connection with certain advertising services to determine your experience with our content including whether an ad is likely to be of interest to you, whether or not you are served a particular ad, and the number of times you are served a particular ad. These technologies allow us to measure the effectiveness of our ad campaigns. You may have options for opting out of such targeted ads. You should contact your service provider or your mobile provider to inquire about how to do so.

Genesis Digital also uses specific technologies in connection with certain communications such as emails that may be used to track actions by recipients. For example, these communications may include one or more clickable text or graphics that include URLs that link to content on the Sites. However, these URLs, may pass through a web server that tracks the click before arriving at the linked content on the Sites. The tracked data can help Genesis Digital determine the effectiveness of our communications to users and customers, or to gage interest in specific topics. If you prefer not to have your responses to such communications tracked in this manner, do not click links in the email messages. Such communications may also include pixel tags that can tell us whether e.g. an email has been opened. We may use this information to throttle the number of messages sent to users or customers, or to remove people who do not read or interact with our communications from one or more lists.

We also use cookies and other technologies to track certain behaviors of unknown visitors on our site. E.g. if you visit our site by following a link in an email from a third party or in an advertisement from such a party, we may track that behavior. In such cases, we may not have any personally identifying information about you at that time; however, if you later sign up for a product or service, or make a purchase, we may be able to associate your past behaviors on our sites with you thereafter.

Cookies and other technologies can generally be controlled on your devices. If you want to disable cookies and you should review your privacy or security settings. Please note that certain features of the Sites or related software, products, or services may not be available if you have cookies disabled on your device. We will typically try to warn you that a page or feature you are trying to reach will not function without cookies enabled. If you have your cookies on your device or browser disabled and are having difficulties, you may wish to enable them to see if the problem is resolved.

Finally, it’s worth mentioning that some of these cookies are strictly necessary to the operational functioning of the platform, such as for example those related to the transactional checkout process. Some others, while improving the user experience and feature scope of the platform, are not strictly necessary to utilize our services such as, for example, certain tracking cookies.

Cookies we use on our Platform

  • Session Cookies. These cookies are strictly necessary for the use of the Sites platform. Disabling them is not possible while accessing our services, as they are required to deliver the core functionalities of the system.
  • Strictly Necessary Cookies. These cookies are strictly necessary for the use of the Sites. Disabling them is not possible while accessing our services, as they are required to deliver the core functionalities of the system.
  • Performance or Functional Cookies. These cookies collect basic technical information that helps us improve the platform’s performance and reliability. For example, they assist in identifying errors, optimizing load times, and ensuring overall system stability.
  • Technical Tracking Cookies. These cookies collect basic technical information that helps us improve the platform’s performance and reliability. For example, they assist in identifying errors, optimizing load times, and ensuring overall system stability.

Exercising Your Rights

As a platform Client, you have the following rights regarding cookies we manage:

  • Access and Review: You can request details about the cookies we use and their purpose.
  • Request Deletion: Although essential cookies cannot be disabled during use of the platform, you may request the deletion of any associated data once you no longer use the Sites.

File a Complaint: If you believe your rights regarding cookies or data usage have been violated, you can contact us at legal@genesisdigital.co to lodge a complaint.

Please note: The rights described above apply only to cookies managed by the Sites. Cookies implemented by Clients on their own websites or services, and which affect their End Users, are outside the scope of this policy and are the sole responsibility of the respective Client.

Responsibility of our Platform Users (Clients)

Clients using the Sites to build websites or deliver services to their own end users (referred to as “End Users”) are responsible for managing their own cookie policies and ensuring compliance with relevant legal and regulatory requirements for their respective businesses.

Genesis Digital uses the following list of cookies on our website including, but not limited to:

Genesis Digital – Kartra Platform Cookie Tables

Strictly Necessary Cookies

CookieDomainDescriptionDuration
__cf_bmapp.kartra.comCloudflare sets this cookie to distinguish between humans and bots. It helps Cloudflare protect the site from bot-based attacks and prevents automated requests from consuming resources.30 Min
_cfuvidapp.kartra.comCloudflare sets this cookie to throttle request rate and identify individual clients behind a shared IP address to apply rate limits.Session
kllapp.kartra.comKartra sets this login session cookie to authenticate and maintain a logged-in user session within the platform.Session
kuuidapp.kartra.comKartra sets this cookie to assign a unique identifier to each visitor, enabling the platform to track individual user sessions and activity across the application.1 Year
auth0login.kartra.comAuth0 sets this cookie as part of the authentication flow to maintain login state and session continuity during the sign-in process.Session
auth0_compatlogin.kartra.comAuth0 sets this compatibility cookie to support older browsers during the authentication process.Session
auth0_transient_0app.kartra.comAuth0 sets this transient cookie to maintain state during OAuth 2.0 authorization flows.Session
didlogin.kartra.comAuth0 sets this device identifier cookie to recognize trusted devices during authentication.1 Year
did_compatlogin.kartra.comAuth0 sets this compatibility version of the device identifier cookie for browsers that do not support SameSite cookie attributes.1 Year
XSRF-TOKENapp.kartra.comThis cookie is set to protect against Cross-Site Request Forgery (CSRF) attacks by validating that form submissions and API requests originate from the authenticated user session.Session
fake_lead_logged_inapp.kartra.comKartra sets this cookie to identify visitors accessing the platform under a free membership or trial status.Session
kartra_ignore_mobileapp.kartra.comKartra sets this cookie when a user elects to view the full desktop version of the platform rather than the mobile-optimized layout.1 Year

Performance or Functional Cookies

CookieDomainDescriptionDuration
kartra_split_testapp.kartra.comKartra sets this cookie to assign visitors to a specific variant during A/B split tests, ensuring a consistent experience throughout a user’s session.Session
kartra_profile_icon_tooltipapp.kartra.comKartra sets this cookie to record whether a user has dismissed the profile icon tooltip so it is not shown again on subsequent visits.1 Year
vcapp.kartra.comKartra sets this cookie to track the number of visits a user has made to a specific product or page within the platform, enabling visit-count-based rules and triggers.1 Year
kvp_{hashed_member_id}app.kartra.comKartra sets this cookie to store the authenticated member’s hashed identifier for video page comment functionality.1 Year
kprofileapp.kartra.comKartra sets this cookie to cache the authenticated user’s profile data, enabling faster page loads and a personalized experience within the platform.Session
articles_visitedsupport.kartra.comKartra sets this cookie on the helpdesk to track which support articles a visitor has already viewed, enabling personalized article recommendations.Session
kartra_analytics_ratingsupport.kartra.comKartra sets this cookie to record whether a visitor has already submitted a rating for a helpdesk article, preventing duplicate ratings from the same browser.1 Year
_helpkit_sessionsupport.kartra.comThis session cookie is set by the helpdesk application to maintain the user’s browsing session while navigating support documentation.Session
_fw_crm_vapp.kartra.comFreshworks sets this cookie to identify a visitor in the CRM system. It is used by the Freshdesk support widget to associate support interactions with a known contact record.1 Year

Advertisement or Analytics Cookies

CookieDomainDescriptionDuration
_gaapp.kartra.comGoogle Analytics sets this cookie to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request and used to calculate visitor, session, and campaign data.2 Years
_ga_*app.kartra.comGoogle Analytics 4 sets this cookie to persist session state, store engagement data, and generate analytics reports on how visitors use the application.2 Years
_gcl_auapp.kartra.comGoogle Tag Manager sets this cookie to experiment with advertisement efficiency on websites using its services, and to link conversions from Google Ads to user sessions.3 Months
_clckapp.kartra.comMicrosoft Clarity sets this cookie to remember a unique user ID and user preferences. It helps Clarity recognize returning visitors and keep their settings consistent across visits.1 Year
_clskapp.kartra.comMicrosoft Clarity sets this cookie to combine multiple page views by the same user into a single session recording, providing a comprehensive view of the user’s visit for behavioral analytics.1 Day
_fbpapp.kartra.comFacebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after the user has visited the website.3 Months
kaff_{hashed_member_id}app.kartra.comKartra sets this cookie to identify the affiliate who referred a visitor or member, enabling accurate attribution and commission calculation for affiliate marketing campaigns.1 Year
kartra_jv_{hashed_member_id}app.kartra.comKartra sets this cookie to identify the joint venture broker associated with a referred member, enabling accurate revenue sharing and commission attribution for JV partnerships.1 Year

As part of standard protocols, Genesis Digital’s servers automatically gather certain information and store it in log files. This information may include date/time stamp of access, Internet Protocol (IP) address(es), device type, operating system, browser and version, language, log-in details, Internet Service Provider (ISP), referring page, exit page, and other data.

These log files are useful for a number of purposes including helping Genesis Digital to maintain security, measure relative usage, understand and analyze trends regarding users, server access, load, or server problems, more effectively and efficiently administer the Sites, as well as related software, products, services, or communications, and gather non-personal demographic information about our users. Consistent with the provisions of this Privacy Policy, Genesis Digital may use the data in its Log Files in a variety ways useful to its business or to provide better experiences for its users and customers.

E. Social Media

Genesis Digital may collect certain information from you if you interact with us via social media such as Facebook, X (formerly Twitter), LinkedIn, Pinterest, Snapchat, Instagram, TikTok, and other such services. For example, you may be given the option to register for webinars, take advantage of special offers, receive mailings, newsletters or the like, via your social media account. The information we receive or collect from such social media, and our ability to collect it, may depend on the social media site, its policies, and its requirements or its technology. We may collect the information you provide from these social media interactions and may use it for various purposes to improve our services or your experience, or to contact you regarding the reason you connected with us or with additional offers in the future. Of course, you have the opportunity to opt-out at any time provided we do not require a means of contacting you to fulfill your request.

Any information you disclose in any public areas of our website or the Internet, including via social media becomes public information. You should exercise caution when deciding to disclose personal information in these public areas.

F. Children

Protecting children’s privacy is important to Genesis Digital. The Sites and our software, products, and services are intended for use by adults eighteen (18) years of age or older. We do not direct our services to, and we do not knowingly collect personal information from, children under 18. If we learn that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information from our systems.

Please note: you must be 18 or older to use the Sites and to purchase the software, products, or services offered via the Sites. Minors may use the Sites only with the involvement of a parent or legal guardian.

The Children’s Online Privacy Protection Act of 1998 (COPPA) governs the online collection of personal information from children under 13. The California Age-Appropriate Design Code Act and similar state laws provide additional protections for users under 18. Genesis Digital’s age restriction is intended to keep the Sites outside the scope of these regimes; we comply with COPPA and applicable state children’s privacy laws to the extent any information from a person under the applicable age threshold is inadvertently collected.

Notwithstanding the foregoing, if we discover or form a reasonable belief that we have received any information from a child under 18 in violation of this policy, we will delete that information. If you believe Genesis Digital has any information from a child under age 18, please contact us at the following address:

  • Mail: Genesis Digital, LLC 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147
  • Email: legal@genesisdigital.co

Health Information and HIPAA

Genesis Digital, LLC is not itself a Covered Entity or a Business Associate as those terms are defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). However, we recognize that some of our customers are Covered Entities (or Business Associates of Covered Entities) who may wish to use the Kartra platform in connection with services that involve Protected Health Information (“PHI”).

Genesis Digital maintains a comprehensive HIPAA compliance program, validated by SecurityMetrics, that addresses the administrative, physical, and technical safeguards required by the HIPAA Security Rule, the requirements of the HIPAA Privacy Rule applicable to Business Associates, and the Breach Notification Rule. The program is maintained on an ongoing basis and includes a current Security Rule risk analysis, documented policies and procedures, workforce training, and validated subprocessor agreements with downstream service providers that may process PHI on our behalf.

For customers that are Covered Entities or Business Associates and that intend to process PHI on the Kartra platform, Genesis Digital will execute a mutually signed Business Associate Agreement (BAA) prior to such processing. To request a BAA, customers may email legal@genesisdigital.co or open a support ticket, and we will provide a BAA for mutual signature.

Customers may not transmit, store, or otherwise process PHI on the Kartra platform unless and until a BAA has been mutually executed between the customer and Genesis Digital. Use of the platform to process PHI without an executed BAA is a violation of these terms and may result in suspension of service. Customers who do not require a BAA confirm by their use of the Sites that they will not use the platform to process PHI.

The Sites use standard analytics and advertising technologies provided by third parties, including Google Analytics, the Meta (Facebook) Pixel, and Microsoft Clarity. These third parties do not offer Business Associate Agreements and are not configured to receive PHI. Customers operating under a BAA with Genesis Digital are responsible for using the Kartra platform in a manner that does not transmit PHI to such third-party analytics or advertising technologies, including by avoiding PHI in page URLs, form field labels, or content otherwise exposed to these tools.

 Disclosure to Third Parties

At times Genesis Digital may make certain personal information available to strategic partners that work with us to provide software, products and services, or that help us service our customers, including but not limited to Google, Facebook and other partners & affiliates of Genesis Digital. Personal information will only be shared by Genesis Digital to provide or improve the Sites, and our software, products, services, and advertising.

A. Service Providers

To provide its various products or services, Genesis Digital works with third party providers, who may be located wherever Genesis Digital operates, or in any other location. Such companies provide services to Genesis Digital. Examples may include information processing, emailing services, server hosting, transaction processing and banking services, video hosting, product/service delivery, communications, managing and enhancing customer data, providing technical support and/or customer service, and conducting customer research or satisfaction surveys. At any given time, Genesis Digital may work with one or more such provider. We will only provide personal information to these companies where required for them to provide their services, or to improve our products or services for our customers. These companies are contractually obligated to protect your information.

For a complete list of our providers and sub processors please see our Data Processing Addendum: https://kartra.com/dpa/

B. Others

In some cases, Genesis Digital may be required by legal process to disclose your personal information. Such disclosure may be compelled by applicable law, regulation, judicial order, and/or lawful requests from local authorities. Genesis Digital may also disclose information about you if we determine, in our sole discretion, that disclosure is necessary or appropriate to ensure the safety of any individual(s), or for purposes of national security, law enforcement, or other issues of public importance.

If the Sites and/or software, products, or services, or Genesis Digital LLC becomes the subject of a reorganization under the bankruptcy law, a merger, a sale, or other change in control, any and all personal information in Genesis Digital’s control will be transferred to the trustee, debtor in possession, successor, acquirer, or such other third party as will control Genesis Digital, the Sites, and/or software, products, or services thereafter.

We reserve the right to disclose personal information if we reasonably believe that disclosure is necessary to protect our users, customers, or the public, prevent fraud or financial wrongdoing, or in any action to enforce our End User License Agreement, Terms and Conditions, or other policies regarding Genesis Digital.

Personal Information Protection

Genesis Digital uses commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access of personal information to our employees, contractors, and/or agents who need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Genesis Digital and its third party providers use Secure Sockets Layer (SSL) encryption on all web pages where personal information, including financial information is transmitted.

You are solely responsible for any personal information you choose to submit on non-secure sites including but not limited any discussion forums or public comment threads on the Sites, or any social media sites, groups, or threads related to the Sites or the related software, products, or services.

 Access to Your Personal Information

Genesis Digital software customers should periodically log in to review your name, contact information and other readily available personal information, and to ensure they are accurate, complete, and up to date. You can make changes to your information. Changes to your personal details and particulars should be made through the software. The Sites users should verify that their financial information in their account is accurate, complete, and up to date, particular checking the accuracy of any changes you make.

You can request access to any personal information we have for you. We will make a good faith effort to provide you with access to reasonably accessible information. You can request that we correct the data if it is inaccurate or delete your personal data. Genesis Digital will comply with such requests if they are reasonable and we will delete your data if Genesis Digital is not required to retain it by law, and does not require it for legitimate business purposes. We may reserve the right to refuse deletion requests that we believe require undue time, or technical effort, or were not provided by local law. We also reserve the right to deny or delay requests where the personal information is scheduled to be deleted as part of any upcoming purge of data that is not being retained. Requests for access, correction, or deletion can be submitted to legal@genesisdigital.co

Links to Third-Party Sites

The Sites, software, products, services, and communications may contain links to third-party websites, products, or services. Information collected by third parties is governed by their privacy practices, not this Privacy Policy. Please be aware when you leave the Sites and understand that you are subject to a third party’s privacy policy except when you are on the Sites, or using Genesis Digital’s related software, products, or services.

International Data Transfers

Genesis Digital ensures lawful international data transfers through a tiered approach:

  1. Data Privacy Framework (Primary): We rely on our DPF certification for transfers to the United States and other DPF-certified entities
  2. Standard Contractual Clauses (Secondary): We implement SCCs when DPF certification does not apply or provide sufficient coverage
  3. Supplementary Measures: Additional technical and organizational safeguards may be implemented as required

Data Privacy Framework

EU-U.S. Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework.

Genesis Digital complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU_U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States.  Genesis Digital has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles.  If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.  To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Genesis Digital may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

Genesis Digital is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Genesis Digital complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

Choice

In accordance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Genesis Digital offers individuals the opportunity to choose (opt out) whether their personal information is disclosed to a non-agent third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.

Where Genesis Digital intends to use personal data received from the EU, UK, or Switzerland for a new purpose that is materially different from the purpose for which it was originally collected, or disclose such data to a non-agent third party controller, Genesis Digital will provide individuals with clear notice and a reasonable opportunity to opt out of such use or disclosure before doing so. To exercise this right, individuals may contact Genesis Digital’s Data Protection Officer at legal@genesisdigital.co or in writing at the address below. Genesis Digital will honor all valid opt-out requests promptly and will not condition the provision of its services on an individual’s decision to opt out.

For sensitive personal information — which includes, but is not limited to, medical and health information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual, or information received from third parties under an obligation of confidentiality — Genesis Digital will obtain affirmative express consent (opt in) from the individual before such information is disclosed to a non-agent third party or used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized.

Inquiries or Complaints

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Genesis Digital commits to resolving complaints about your privacy and our collection or use of your Personal Data promptly.  We will respond to complaints within 45 days of the request.  Individuals with inquiries or complaints regarding this Privacy Policy should first contact Genesis Digital at legal@genesisdigital.co or send a letter (preferably by tracked registered post to ensure delivery confirmation) to the address below. We may need to verify your identity and place of residence before completing your rights request. You may have the option to select binding arbitration under the EU-U.S. Data Privacy Framework Panel for the resolution of your complaint under certain circumstances.

Attn: Data Protection Officer

Genesis Digital, LLC 

4730 S. Fort Apache Rd. Suite 300

Las Vegas, NV 89147

USA

Unresolved Issues

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Genesis Digital commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.edpb.europa.eu/about-edpb/about-edpb/members_en for the EU; https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/ for the UK; and https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html for Switzerland, for more information or to file a complaint. 

The services of EU DPAs are provided at no cost to you. However, we encourage you to contact us first at legal@genesisdigital.co, and we will do our very best to resolve your concern.

Genesis Digital is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”). The Federal Trade Commission has jurisdiction over Genesis Digital’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Genesis Digital may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Binding Arbitration

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, you may have the option to invoke binding arbitration for the resolution of your complaint by the relevant Data Privacy Framework Panel under certain circumstances. For more information on this option, please see Annex I of the DPF Principles here:  https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

If you have any questions about your ability to use our software platforms in the EU or with regard to your EU customer’s data, feel free to contact our Data Protection Officer, Robert Smith, or our EU Representative, Darren Dressler, at legal@genesisdigital.co to discuss, or request a copy of our Data Processing Addendum to our EULA.

EEA/EU Users and the GDPR

The GDPR is a unified regulation that supersedes and universalizes previous privacy laws in Europe, offering citizens and residents of the European Union (EU) greater transparency and controls over how their personal data is used by others. The GDPR requires the compliance of businesses which transact in Europe, or which facilitate transaction in Europe.

We have always made security and privacy among its highest priorities. That’s why we’ve committed not only to providing tools to facilitate your compliance with the GDPR, but to educate you on your responsibilities as a business owner. As the GDPR’s scope is broad, and the potential penalties for noncompliance are large, we’ve ensured that our tools are available to all our customers, at no additional cost.

For more information about GDPR, your rights under GDPR and our legal basis for processing your data, please see our GDPR Statement: https://kartra.com/gdpr/

Standard Contractual Clauses

In addition to the DPF certification, Genesis Digital uses Standard Contractual Clauses (SCCs) to ensure lawful transfer of personal data to third-country service providers and business partners and to maintain GDPR compliance when sharing customer data with international subsidiaries or affiliates.

Genesis Digital implements the SCCs when the Data Privacy Framework certification does not apply or is insufficient. The SSCs provide direct contractual rights and obligations between parties.  

For specific information on our SSCs please see our Data Processing Addendum: https://kartra.com/dpa/

Canadian Privacy Rights

This section applies to individuals in Canada and describes how we handle personal information under Canadian federal and provincial privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Scope of Canadian Privacy Laws

Our collection, use, and disclosure of personal information from Canadian residents is governed by:

  • Federal: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Alberta: Personal Information Protection Act (PIPA)
  • British Columbia: Personal Information Protection Act (PIPA)
  • Quebec: Act Respecting the Protection of Personal Information in the Private Sector
  • Other provincial laws as applicable based on your location and our activities

Consent Requirements

We obtain your consent before or at the time of collecting your personal information. Consent may be express (clearly given) or implied (through your actions), depending on the sensitivity of the information and the circumstances.

Express Consent is obtained for:

  • Financial information and payment details
  • Sensitive personal information
  • Information used for marketing communications
  • Cross-border transfers of personal information

Implied Consent may apply for:

  • Basic contact information for service delivery
  • Information reasonably required to complete transactions
  • Non-sensitive information for operational purposes

Withdrawal of Consent

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. However, withdrawing consent may limit our ability to provide certain services to you.  To withdraw consent please contact our Privacy Officer Robert Smith at legal@genesisdigital.co or mailing us at the address provided at the bottom of this policy.

Purpose Limitation

We collect, use, and disclose personal information only for purposes that are:

  • Identified at or before the time of collection
  • Reasonable and appropriate given the circumstances
  • Consented to by you or permitted by law

Primary Purposes

We use personal information for these identified purposes:

  • Providing and delivering our software, products, and services
  • Processing payments and managing accounts
  • Customer support and communication
  • Product development and improvement
  • Marketing with your consent

Secondary Purposes

Any use for purposes other than those identified requires additional consent, unless permitted by law.

Disclosure to Third Parties

We may disclose personal information to:

  • Service providers under contract to protect your information
  • Business partners for joint offerings (with your consent)
  • Legal authorities when required by law
  • Professional advisors bound by confidentiality

Transfers Outside Canada

Personal information may be transferred to, processed, or stored outside Canada, including in the United States. When we transfer personal information outside Canada:

  • We ensure appropriate safeguards are in place
  • The information remains subject to applicable privacy laws
  • You may contact us for information about our transfer safeguards

International Service Providers

Our service providers outside Canada are contractually required to:

  • Protect personal information using appropriate safeguards
  • Use information only for specified purposes
  • Comply with applicable privacy requirements
  • Notify us of any unauthorized access or disclosure

Your Rights Under Canadian Privacy Law

Right to Access

You have the right to:

  • Know what personal information we have about you
  • Understand how your information is being used
  • Receive a copy of your personal information
  • Learn about our privacy practices and policies

Right to Correction

You may request correction of personal information that is:

  • Inaccurate or incomplete
  • Not up to date
  • Not relevant for the purposes for which it is being used

Right to Challenge Compliance

You may challenge our compliance with privacy laws by:

  • Filing a complaint with us directly
  • Contacting the appropriate privacy commissioner
  • Seeking other remedies available under applicable law

Data Accuracy

We make reasonable efforts to ensure that personal information is:

  • Accurate and complete for its intended use
  • Up to date as necessary for the purposes
  • Corrected when we become aware of inaccuracies

Retention and Disposal

We retain personal information only as long as necessary to:

  • Fulfill the identified purposes
  • Meet legal or regulatory requirements
  • Resolve disputes or enforce agreements

Personal information is securely destroyed or anonymized when no longer needed.

Security Safeguards

We protect personal information through:

  • Physical safeguards (secure facilities, locked filing cabinets)
  • Technological safeguards (encryption, access controls, firewalls)
  • Administrative safeguards (policies, training, access limitations)

The level of protection corresponds to the sensitivity of the information and the harm that could result from unauthorized access or disclosure.

Privacy Breach Response

In the event of a privacy breach involving personal information, we will:

  • Contain and investigate the breach
  • Assess the risk of harm to affected individuals
  • Notify affected individuals if there is a real risk of significant harm
  • Report to the Privacy Commissioner as required by law
  • Take steps to prevent similar breaches

How to Exercise Your Rights

You may exercise any of these rights by contacting our Privacy Officer Robert Smith at legal@genesisdigital.co or mailing us at the address provided at the bottom of this policy.

Response Timeframes

We will respond to your requests within:

  • 45 days for access requests (or as required by applicable provincial law)
  • A reasonable time for correction requests
  • Promptly for urgent matters affecting your privacy

Inquiries or Complaints

Internal Complaints

If you have concerns about our privacy practices:

  1. Contact Us First: Submit your complaint to our Privacy Officer Robert Smith by email to legal@genesisdigital.co or mailing us at the address provided at the bottom of this policy.
  2. Investigation: We will investigate your complaint promptly and fairly
  3. Response: We will provide a written response explaining our findings and any actions taken
  4. Follow-up: We will implement corrective measures if your complaint is substantiated

External Complaints

If you are not satisfied with our response, you may file a complaint with:

Federal: Privacy Commissioner of Canada

Provincial Commissioners (as applicable based on your location):

  • Alberta: Office of the Information and Privacy Commissioner of Alberta
  • British Columbia: Office of the Information and Privacy Commissioner for BC
  • Quebec: Commission d’accès à l’information du Québec
  • Other provinces: Contact the appropriate provincial privacy commissioner

Quebec-Specific Provisions

For Quebec residents, additional rights and obligations apply under Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (as amended by Law 25), including:

  • Enhanced consent requirements for certain types of processing
  • Specific rules for collecting personal information from third parties
  • Additional notification requirements for confidentiality incidents (privacy breaches), including notification to the Commission d’accès à l’information du Québec where there is a risk of serious harm
  • Rights regarding automated decision-making
  • Privacy impact assessments for the acquisition, development, and overhaul of information system projects involving personal information, and for the communication of personal information outside Quebec
  • Right to data portability (effective September 22, 2024) for personal information collected directly from the individual in a structured, commonly used technological format
  • Cross-border transfer assessments conducted before communicating personal information outside Quebec, considering the sensitivity of the information, the purposes of use, the protection measures in place, and the legal regime applicable in the receiving jurisdiction

Notice of Compliance to California Residents

This section applies to California residents and describes your rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). If you are a California resident, you have specific rights regarding your personal information. 

As a California resident, you have the following rights:

Right to Know

You have the right to request that we disclose:

  • The categories of personal information we collect about you
  • The categories of sources from which we collect personal information
  • The business or commercial purpose for collecting, selling, or sharing personal information
  • The categories of third parties to whom we disclose personal information
  • The specific pieces of personal information we have collected about you

Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions under California law.

Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

Right to Opt-Out

You have the right to opt-out of the “sale” or “sharing” of your personal information as those terms are defined under California law.

Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of your sensitive personal information to purposes necessary to perform services or provide goods you have requested.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your California privacy rights, including by:

  • Denying you goods or services
  • Charging you different prices or rates
  • Providing you a different level or quality of goods or services
  • Suggesting that you may receive a different price or rate or different level or quality of goods or services

Sale and Sharing of Personal Information

We do not sell your personal information.  However, some of our advertising and analytics activities may constitute “sharing” under California law.

Categories of Personal Information Collected, Disclosed, and Shared (12-Month Lookback)

In the preceding twelve (12) months, we have collected the following categories of personal information about California consumers, as those categories are defined under the CCPA/CPRA:

  • Identifiers: name, email address, postal address, phone number, IP address, account login credentials, and unique device identifiers.
  • Customer records (Cal. Civ. Code § 1798.80(e) categories): name, contact information, payment card information processed by our payment processors, and bank account information for certain shopping cart users.
  • Commercial information: products or services purchased, purchase history, and transaction details.
  • Internet or other electronic network activity information: browsing history on our Sites, interaction data, and cookie and similar identifier data.
  • Geolocation data: general location derived from IP address. We do not collect precise geolocation through the Sites.
  • Audio, electronic, or visual information: information voluntarily submitted by users (e.g., webinar recordings, support communications).
  • Inferences: inferences drawn from the above categories to create a profile reflecting preferences, characteristics, and behaviors.
  • Sensitive personal information: account login credentials in combination with passwords, used for authentication purposes only.

The sources from which we collect these categories include the consumer directly, the consumer’s use of the Sites and our services, advertising and analytics partners, and publicly available sources. The business or commercial purposes for collection are described in the “Business Purposes for Collecting Personal Information” section above.

We disclose each of the above categories to the following types of third parties for business purposes: (a) service providers and processors under contract; (b) advertising and analytics partners (which may also constitute “sharing” under California law); (c) professional advisors (legal, accounting, audit) bound by confidentiality; and (d) governmental and law enforcement authorities where required by law.

For purposes of cross-context behavioral advertising, we “share” the following categories under California law: identifiers, internet or other electronic network activity information, and inferences. These categories may be shared with advertising and analytics partners, including platforms operated by Google, Meta (Facebook), and Microsoft.

We do not sell personal information for monetary consideration. We do not knowingly collect, sell, or share personal information of consumers under sixteen (16) years of age.

Right to Opt-Out of Sale or Sharing of Personal Information

California residents may opt out of the “sale” or “sharing” of their personal information at any time. To exercise this right, email us at legal@genesisdigital.co with the subject line “Do Not Sell or Share My Personal Information,” or use the “Do Not Sell or Share My Personal Information” link in our website footer (where available). We also honor opt-out requests received via Universal Opt-Out Mechanisms as described below.

Right to Limit the Use of Sensitive Personal Information

To the extent we use sensitive personal information for purposes beyond those expressly permitted under California law, California residents may direct us to limit our use and disclosure of that information. To exercise this right, email us at legal@genesisdigital.co with the subject line “Limit the Use of My Sensitive Personal Information,” or use the “Limit the Use of My Sensitive Personal Information” link in our website footer (where available). Our current use of sensitive personal information is limited to authentication, security, fraud prevention, and other purposes expressly permitted under California law.

Universal Opt-Out Mechanisms and Global Privacy Control

Genesis Digital recognizes Universal Opt-Out Mechanisms (UOOMs), including the Global Privacy Control (GPC) browser signal, as required by applicable state privacy law (including California, Colorado, Connecticut, Oregon, Texas, and Montana). When we detect a valid GPC signal from your browser, we treat it as a request to opt out of the “sale” and “sharing” of personal information for the browser and device on which the signal is enabled. If you are logged into an account when the signal is received, we will also apply the opt-out to the personal information associated with that account.

Retention of Personal Information

We retain personal information only as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy applicable legal, accounting, regulatory, or reporting requirements. The criteria we use to determine retention periods include: (i) the duration of our ongoing relationship with you and the provision of services to you; (ii) whether we have a legal obligation to retain the information (e.g., tax, anti-money-laundering, or recordkeeping obligations); and (iii) whether retention is advisable in light of our legal position (e.g., regarding statutes of limitations, ongoing litigation, or regulatory investigations). When personal information is no longer needed for these purposes, it is deleted, anonymized, or securely destroyed.

How to Exercise Your Rights

You may exercise any of these rights or opt-out of sharing by emailing us at legal@genesisdigital.co or mailing us at the address provided at the bottom of this policy.

Additional State Privacy Rights

This section addresses privacy rights for residents of states with comprehensive privacy laws beyond California. As state privacy legislation continues to evolve, we are committed to complying with applicable requirements and providing transparency about your rights.

States with Comprehensive Privacy Laws

The following states have enacted comprehensive consumer privacy laws that may apply to our processing of your personal information:

  • Virginia: Virginia Consumer Data Protection Act (VCDPA) – Effective January 1, 2023
  • Colorado: Colorado Privacy Act (CPA) – Effective July 1, 2023
  • Connecticut: Connecticut Data Privacy Act (CTDPA) – Effective July 1, 2023
  • Utah: Utah Consumer Privacy Act (UCPA) – Effective December 31, 2023
  • Texas: Texas Data Privacy and Security Act (TDPSA) – Effective July 1, 2024
  • Florida: Florida Digital Bill of Rights (FDBR) – Effective July 1, 2024
  • Oregon: Oregon Consumer Privacy Act (OCPA) – Effective July 1, 2024
  • Montana: Montana Consumer Data Privacy Act (MCDPA) – Effective October 1, 2024
  • Iowa: Iowa Consumer Data Protection Act – Effective January 1, 2025
  • Delaware: Delaware Personal Data Privacy Act (DPDPA) – Effective January 1, 2025
  • Nebraska: Nebraska Data Privacy Act (NDPA) – Effective January 1, 2025
  • New Hampshire: New Hampshire Data Privacy Act (NHDPA) – Effective January 1, 2025
  • New Jersey: New Jersey Data Privacy Act (NJDPA) – Effective January 15, 2025
  • Tennessee: Tennessee Information Protection Act (TIPA) – Effective July 1, 2025
  • Minnesota: Minnesota Consumer Data Privacy Act (MCDPA) – Effective July 31, 2025
  • Maryland: Maryland Online Data Privacy Act (MODPA) – Effective October 1, 2025
  • Indiana: Indiana Consumer Data Protection Act – Effective January 1, 2026
  • Kentucky: Kentucky Consumer Data Protection Act (KCDPA) – Effective January 1, 2026
  • Rhode Island: Rhode Island Data Transparency and Privacy Protection Act – Effective January 1, 2026

Additional states may enact privacy laws that could apply to our services. This list will be updated as new laws take effect.

Common Consumer Rights Under State Privacy Laws

If you are a resident of a state with a comprehensive privacy law, you may have the following rights (specific rights vary by state):

Right to Access/Know

  • Confirm whether we process your personal data
  • Access categories and specific pieces of personal data we process
  • Obtain information about our data processing practices

Right to Delete

  • Request deletion of personal data we have collected about you
  • Subject to certain legal exceptions and business necessity requirements

Right to Correct

  • Request correction of inaccurate personal data we maintain about you

Right to Data Portability

  • Receive your personal data in a portable, machine-readable format
  • Request transfer of your data to another entity (where technically feasible)

Right to Opt-Out

  • Opt-out of targeted advertising
  • Opt-out of sale of personal data
  • Opt-out of profiling that produces legal or similarly significant effects

Right to Non-Discrimination

  • We will not discriminate against you for exercising your privacy rights

Sensitive Data Processing

Under many state privacy laws, certain types of personal data receive enhanced protection. This may include:

  • Racial or ethnic origin
  • Religious beliefs
  • Mental or physical health information
  • Sexual orientation
  • Citizenship or immigration status
  • Genetic or biometric data
  • Precise geolocation data
  • Personal data from children

We obtain consent or ensure we have another appropriate legal basis before processing sensitive personal data as defined by applicable state laws.

How to Exercise Your Rights

You may exercise any of these rights or opt-out of sharing by emailing us at legal@genesisdigital.co or mailing us at the address provided at the bottom of this policy.

Changes to this Privacy Policy and Privacy Questions

If you have any questions or concerns about this Privacy Policy please email us at legal@genesisdigital.co

This Privacy Policy is subject to change from time to time at Genesis Digital’s sole discretion. Please check this page periodically for changes. Any such changes to the Privacy Policy will be available on this page. If the policy has been changed in a material way, a notice will be posted on our website along with a link to the updated Privacy Policy. Your continued use of our site following the posting of changes to these terms will mean you accept the changes. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.

We will also archive prior versions of this Privacy Policy and make those versions available for your review.

This Privacy Policy does not create any contractual or other legal rights in or on behalf of Genesis Digital or any other party and is not intended to create any such rights.

Questions about this Privacy Policy may be directed to us in writing at:

  • Mail: Genesis Digital, LLC 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147
  • Email: legal@genesisdigital.co

LAST UPDATED: April 29, 2026