GenPX Inc. respects your privacy and is committed to protecting your personal data. This policy outlines how we collect, use, store, and protect the information we gather from clients, partners, and website users. By interacting with GenPX Inc., you consent to the practices described in this policy.

We collect data necessary to provide our services efficiently and securely. This includes personal identifiers (such as your name, email, and phone number), company-related data, and system credentials. We also collect system logs and activity data to ensure operational security and performance.

GenPX Inc. uses the collected data to deliver services, maintain platform integrity, support third-party integrations (like Salesforce or Workday), and respond to client requests. Additionally, the data helps us analyze usage patterns, detect suspicious activity, and comply with regulatory requirements.

We do not sell or lease personal information to third parties. Data may be shared with trusted service providers under strict confidentiality agreements to facilitate service delivery. We may also disclose information when legally required or to enforce our legal rights.

GenPX Inc. retains personal data only as long as necessary to fulfill the purposes for which it was collected. We regularly evaluate our data retention schedules and securely delete data that is no longer required, using industry-standard deletion and destruction protocols.

We implement strong security measures including encryption (in transit and at rest), network firewalls, and access controls. Only authorized personnel can access sensitive data, and all access is logged and monitored. Regular security assessments help us proactively address vulnerabilities.

Under applicable laws, individuals have the right to request access to their data, ask for corrections, request deletion, or receive their data in a portable format. GenPX Inc. responds to such requests promptly and free of charge unless a request is manifestly unfounded or excessive. Please contact privacy@genpx.com to exercise your rights.

If data is transferred outside your country of residence, GenPX Inc. ensures such transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs). We aim to meet the highest privacy standards, regardless of where your data is processed.

This policy may be updated from time to time to reflect changes in our practices, legal requirements, or technologies. We will notify affected parties of significant updates through appropriate channels, including our website or direct communication.

This policy outlines GenPX Inc.’s approach to maintaining a secure environment for all data and information systems. It defines responsibilities and the controls necessary to prevent, detect, and respond to security threats and breaches.

This policy applies to all personnel, contractors, systems, devices, and processes that handle or have access to GenPX Inc.'s and its clients' data, regardless of physical location or employment status.

GenPX Inc. is committed to protecting information assets against unauthorized access, ensuring data accuracy, and ensuring reliable availability. We adhere to industry standards such as SOC 2, ISO 27001, and the NIST Cybersecurity Framework.

We employ Role-Based Access Control (RBAC) to restrict access based on job functions. 

MFA is required for all administrative and sensitive system access to reduce risks associated with compromised credentials.

Access rights are reviewed quarterly and revoked immediately upon employee departure or change in job role.

Sensitive data is encrypted using industry-standard protocols (TLS 1.2+ for transit and AES-256 for storage).

Regular encrypted backups ensure recovery in the event of data loss or corruption.

Data classification and handling guidelines are implemented across the organization.

A comprehensive incident response plan is in place, defining roles, communication protocols, and mitigation procedures.

Employees are trained to recognize and report incidents promptly.

Clients are notified within 24 hours of identifying any security breach affecting their data.

GenPX Inc. ensures physical security via badge access, surveillance, and security personnel in facilities where sensitive operations occur.

All company-issued devices are encrypted and configured to auto-lock when idle.

Visitors are restricted and monitored in all sensitive areas.

Before engagement, third parties undergo rigorous security due diligence.

Vendor contracts include data protection clauses, and we periodically review third-party compliance with our policies.

Vendors with access to sensitive data must demonstrate alignment with GenPX’s security standards.

All employees must complete security awareness training during onboarding and annually thereafter.

Topics include phishing, password hygiene, secure data handling, and reporting incidents.

Simulated attacks and refresher courses ensure continued awareness.

Annual third-party penetration tests help identify vulnerabilities in our systems.

Internal security audits are conducted quarterly to ensure compliance with policies and standards.

Findings are documented and addressed with remediation plans.

This policy is reviewed annually by the security committee and updated as needed to reflect technological, legal, and organizational changes.

All updates are approved by senior management and communicated to staff.