Privacy Policy
How Applied Architecture Group and the Genxus AI platform collect, use, and protect information — written to be specific about what actually happens to your data, not just to check a box.
- Who we are & scope
- Plain-language summary
- Information we collect
- How we use information
- AI processing & the Genxus bot
- What we don’t do
- Legal bases (GDPR)
- Sharing & service providers
- Data retention
- Security
- Your privacy rights
- Children’s privacy
- International transfers
- Changes to this policy
- Contact us
1. Who we are & scope
This Privacy Policy is issued by Andrew Naron, operating as Applied Architecture Group and as the operator of the Genxus platform (“we,” “us,” or “our”). Andrew Naron is the data controller responsible for the personal information described here.
This policy covers the properties and services we operate, together the “Services”:
- The Applied Architecture Group website at appliedarchitecturegroup.com and its subdomains;
- The Genxus platform — our AI and automation software, together with its interfaces, bots, and integrations, including the Genxus Discord bot; and
- Related tools, forms, and future Genxus products and endeavors that link to this policy.
Some Services have their own additional notices at the point of collection. Where a separate notice conflicts with this policy for a specific Service, the more specific notice controls for that Service.
2. Plain-language summary
The short version: we collect only what we need to run the Services, respond to you, and operate the Genxus platform. We do not sell your personal information. We do not use the content of your Genxus conversations to train third-party AI models. Where the Genxus Discord bot is concerned, it only listens in a single private channel it has been explicitly allowlisted for, it stores delivery records without your message text, and it hashes Discord identifiers. The full detail is below.
This summary is for convenience only and does not replace the full policy.
3. Information we collect
a. Website visitors
- Contact and inquiry information you submit through forms (for example, a Business Systems Assessment request): name, email address, company, phone number, and anything you choose to write in a message field.
- Usage and analytics data collected through Google Analytics 4 (GA4): pages viewed, approximate location derived from IP, device and browser type, referral source, and interaction events. Google may set cookies to do this. IP addresses are handled by Google in accordance with its own terms and are, by our configuration, used for aggregate analytics rather than to identify you personally.
- Technical/server data processed by our hosting and network provider (Cloudflare): IP address, request headers, timestamps, and security-related signals used to deliver the site and protect it from abuse.
b. Genxus platform & the Genxus Discord bot
When you interact with the Genxus platform or its bots, we may process:
- Message content you send to the platform (including, for the Discord bot, the text of messages you post in the allowlisted channel and the text of a reply you are responding to within that same channel). This is treated as untrusted request data used only to generate a response for you.
- Platform identifiers. For the Discord bot, this means the Discord guild (server), channel, thread, and your Discord user ID. These identifiers are combined and one-way hashed (SHA-256) to derive a scoped session ID; the bot’s delivery records reference these hashes and IDs rather than your raw profile.
- Attachment metadata only. If you attach files in the Discord channel, only the number of attachments and their aggregate size cross into processing. Attachment names, descriptions, types, contents, and URLs are not forwarded, opened, or fetched by the bot.
- Derived processing telemetry: timestamps, session and event IDs, delivery status, response length/chunk counts, safety and grounding signals, and error types — used to operate the service reliably and audit its behavior.
4. How we use information
We use the information above to:
- Respond to inquiries, provide requested consultations and assessments, and deliver our Services;
- Operate, secure, debug, and improve the website and the Genxus platform;
- Generate responses to your Genxus/Discord messages and maintain multi-turn conversation continuity within your session;
- Maintain audit and reliability records (for example, to ensure a message is answered once and to detect abuse);
- Understand aggregate usage of the website through analytics; and
- Comply with legal obligations and enforce our Terms of Service.
5. AI processing & the Genxus Discord bot
Because the Genxus platform is AI-driven, we want to be specific about how it handles what you send it.
- Single-channel, read-only ingress. The Genxus Discord bot only processes human messages in a single guild and channel (and that channel’s threads) that it has been explicitly allowlisted for. It ignores every other server, channel, and direct message, and it ignores messages from other bots and webhooks. The Discord path is read-only: it generates text responses and does not take actions on your systems or accounts.
- Your text does not control the system. Message text, reply excerpts, attachment attributes, and any model-looking instructions are treated as untrusted input. They cannot change the bot’s allowlist, permissions, session scope, credentials, or authority.
- Delivery records are content-free. The bot’s delivery ledger stores identifiers, status, route, timestamps, and counts — not the text of your message.
- Session evidence logs. To operate and audit the platform, a server-side session log may retain a secret-redacted copy of the request and the response, along with processing metadata. These logs are stored on infrastructure we control and are used to run and improve the Service, not sold or shared for advertising. Automated redaction removes credentials and secret-like strings before writing.
- Where processing happens. On the read-only Discord path, responses are generated using our own grounding and local text generation; your message content is not sent to third-party AI providers as part of that path. Other Genxus interfaces may, where you initiate it or where escalation is approved, route a request to a third-party AI provider (see Sharing). We will identify such providers here as they are used.
- No model training on your content. We do not sell your conversation content and do not provide it to third parties to train their AI models. Any use of operational data to improve our own Services is limited to that purpose and subject to the redaction and retention practices described here.
Please do not send secrets, passwords, payment card numbers, government IDs, health information, or other sensitive personal data to the Genxus bot. It is a general-purpose assistant, not a secure vault. What you choose to type may be retained in secret-redacted session logs.
6. What we don’t do
- We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law.
- We do not read Discord channels the bot has not been allowlisted for, and we do not fetch or open your attachment contents.
- We do not knowingly collect information from children (see Children’s privacy).
- We do not provide your conversation content to third parties to train their models.
7. Legal bases for processing (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Responding to your inquiries and providing requested services | Performance of a contract / steps at your request |
| Operating, securing, and improving the Services; analytics; audit and abuse prevention | Legitimate interests |
| Generating AI responses to messages you send | Performance at your request / legitimate interests |
| Analytics/optional cookies where required | Consent (where applicable law requires it) |
| Meeting legal obligations | Legal obligation |
8. Sharing & service providers
We share personal information only as needed to run the Services or as required by law. Our key service providers (“processors”) include:
- Cloudflare, Inc. — website hosting, content delivery, and security.
- Google LLC (Google Analytics 4) — website usage analytics.
- Discord, Inc. — the platform through which the Genxus Discord bot receives and sends messages. Your use of Discord is also governed by Discord’s own privacy policy and terms.
- Third-party AI model providers — where a Genxus interface routes a request to an external model (for example, on escalation you initiate), that provider processes the request under its own terms. We will keep the list of such providers current in this policy.
We may also disclose information to comply with law, respond to lawful requests, protect our rights and safety and those of others, or in connection with a business transfer. We require our processors to protect personal information and use it only to provide services to us.
9. Data retention
- Inquiry/contact data: kept for as long as needed to respond and maintain our business relationship, and thereafter as needed for legitimate business or legal purposes.
- Analytics data: retained according to our Google Analytics configuration and Google’s retention controls.
- Genxus delivery records & session logs: retained on infrastructure we control for operational, reliability, security, and audit purposes, then deleted or minimized when no longer needed. Delivery records are content-free; session logs are secret-redacted.
We may retain limited information longer where required to comply with legal obligations or resolve disputes.
10. Security
We use reasonable technical and organizational measures appropriate to our size and the sensitivity of the data, including transport encryption (HTTPS), access controls, credential isolation (bot tokens are kept out of source code and in a secrets manager), automated secret redaction in logs, and allowlist-based access controls on the Genxus bot. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Your privacy rights
Depending on where you live, you may have some or all of the following rights: to access the personal information we hold about you; to correct or delete it; to object to or restrict certain processing; to data portability; and to withdraw consent where processing is based on consent.
California residents (CCPA/CPRA): you have the right to know, delete, and correct personal information, and to opt out of sale or sharing. We do not sell or share personal information as those terms are defined by the CPRA, and we do not discriminate against you for exercising your rights.
EEA/UK residents (GDPR): you have the rights described above and the right to lodge a complaint with your local data protection authority.
To exercise any right, email [email protected] with enough detail for us to identify your records. We will respond within the timeframe required by applicable law and may need to verify your identity before acting.
12. Children’s privacy
The Services are intended for adults and for business use. They are not directed to children under 16, and we do not knowingly collect personal information from them. The Genxus Discord bot additionally operates in an access-restricted channel. If you believe a child has provided us personal information, contact us and we will delete it.
13. International data transfers
We operate from the United States, and our service providers may process information in the United States and elsewhere. If you access the Services from outside the United States, you understand your information may be transferred to and processed in countries whose data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for such transfers.
14. Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, take additional steps where required by law. Your continued use of the Services after an update means you accept the revised policy.
15. Contact us
Questions, requests, or complaints about this policy or your personal information:
Andrew Naron
Applied Architecture Group / Genxus
Email: [email protected]
St. Louis, Missouri, United States
See also our Terms of Service.