Lenzo. Cookie Policy

Effective Date: January 1, 2024
Last Updated: April 27, 2026

1. INTRODUCTION

This Cookie Policy ("Policy") explains how Genio Group, Inc. ("Genio Group," "we," "us," or "our"), operating under the trade name and service mark Lenzo, uses cookies and similar tracking technologies on the Lenzo Compliance Monitoring Platform accessible at lenzo.ai (the "Platform" or "Services").

This Policy applies to all users of the Platform worldwide, including visitors to our website and registered subscribers. This Policy should be read in conjunction with our Privacy Policy, which provides comprehensive information about how we collect, use, and protect your personal data.

Controller Information:

Genio Group, Inc. is the data controller responsible for the use of cookies and tracking technologies described in this Policy.

Contact Information:

For questions, concerns, or requests related to this Policy, contact us at: support [at] lenzo.ai

Governing Law and Jurisdiction:

This Policy is governed by the laws of the State of California, United States of America. Any disputes arising from or related to this Policy shall be resolved exclusively in the state or federal courts located in California.

Territorial Scope:

This Policy applies to users worldwide. Where specific regional requirements apply (EU/EEA, UK, California, Canada, Australia), we implement measures to ensure compliance with local laws while maintaining operational consistency.

IMPORTANT DISCLAIMER:

BY USING THE PLATFORM, YOU ACKNOWLEDGE AND AGREE THAT:

YOU ASSUME FULL AND SOLE RESPONSIBILITY FOR YOUR USE OF COOKIES AND TRACKING TECHNOLOGIES ON THE PLATFORM.
GENIO GROUP, INC. AND LENZO SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO COOKIES, TRACKING TECHNOLOGIES, OR DATA COLLECTED THROUGH SUCH TECHNOLOGIES.
YOU ARE SOLELY RESPONSIBLE FOR ENSURING THAT YOUR USE OF THE PLATFORM COMPLIES WITH ALL APPLICABLE LAWS, REGULATIONS, AND POLICIES IN YOUR JURISDICTION.
ALL RISKS ASSOCIATED WITH COOKIES AND TRACKING TECHNOLOGIES, INCLUDING BUT NOT LIMITED TO DATA COLLECTION, STORAGE, PROCESSING, AND THIRD-PARTY ACCESS, ARE BORNE EXCLUSIVELY BY YOU.

2. WHAT ARE COOKIES

2.1 Definition of Cookies

Cookies are small text files placed on your device (computer, smartphone, tablet) by a website or application when you visit or use it. Cookies enable the website to recognize your device and remember certain information about your preferences or past actions.

2.2 Types of Tracking Technologies

In addition to cookies, we use similar tracking technologies, including:

Pixels (Web Beacons): Small graphic images embedded in web pages or emails that track page views, email opens, and user behavior.
Local Storage: Technology that allows websites to store data locally on your browser with no expiration date unless manually deleted.
Session Storage: Similar to local storage but data is cleared when the browser session ends.
JavaScript Tags: Code executed in your browser to collect information about your interactions with the Platform.
Device Fingerprinting: Techniques that collect device configuration data to recognize returning visitors.

For simplicity, this Policy uses the term "cookies" to refer to all these technologies unless specifically stated otherwise.

2.3 Cookie Duration

Session Cookies: Temporary cookies that expire when you close your browser. These are used primarily for session management and security. Session cookies typically last for the duration of your browsing session.
Persistent Cookies: Cookies that remain on your device for a specified period or until manually deleted. These are used to remember your preferences and recognize you on return visits. Persistent cookies may remain active for periods ranging from hours to years, depending on their purpose.

2.4 Cookie Origin

First-Party Cookies: Set directly by Lenzo (lenzo.ai domain) and used exclusively by the Platform.
Third-Party Cookies: Set by external service providers (e.g., analytics or advertising partners) operating under their own domains. These cookies may track your activity across multiple websites.

3. COOKIES WE USE

We categorize cookies based on their purpose and the legal basis for their use. Critical: We do not install non-essential cookies until you provide your explicit consent through our cookie banner.

3.1 Strictly Necessary Cookies

These cookies are essential for the operation of the Platform and cannot be disabled without preventing you from using our Services.

Purpose:

Authentication: Verify your identity and maintain your logged-in session across the Platform.
Security: Protect against cross-site request forgery (CSRF) attacks, unauthorized access, and security threats.
Session Management: Track your session state and ensure continuity as you navigate between pages.
Load Balancing: Distribute traffic across servers to maintain performance, availability, and prevent service disruption.

Legal Basis:

GDPR/ePrivacy (EU/EEA/UK): Contractual necessity. These cookies are required to deliver the Services you have requested and to fulfill our obligations under the Terms of Service. Article 6(1)(b) GDPR and ePrivacy Directive Article 5(3) exemption for "strictly necessary" cookies.
CCPA/CPRA (California): No consent required. These cookies are necessary to provide the service you requested.
Other Jurisdictions: Operational necessity for service delivery.

No Consent Required: These cookies are automatically enabled and cannot be disabled through cookie preferences.

Examples: lenzo_session — Session identifier, csrf_token — Security token, lb_cookie — Load balancer identifier

3.2 Functional Cookies

These cookies enhance your experience by remembering your preferences and settings. While not strictly necessary, they improve Platform usability.

Purpose:

User Preferences: Store your dashboard layout, display settings, notification preferences, and interface configurations.
Language Selection: Remember your chosen language for the interface across sessions.
Customization: Retain personalized configurations you have applied to your account, including filters and view preferences.

Legal Basis:

GDPR/ePrivacy (EU/EEA/UK): Consent required. Article 6(1)(a) GDPR and ePrivacy Directive Article 5(3) consent requirement.
CCPA/CPRA (California): No consent required for functional purposes, but opt-out available.
Other Jurisdictions: Consent or legitimate interest, depending on local requirements.

User Control: You may disable functional cookies through cookie preferences. Disabling these cookies may result in reduced functionality and require reconfiguration of preferences on each visit.

Examples: user_prefs — Dashboard configuration, lang_pref — Language preference, theme_pref — Display theme selection

3.3 Analytics Cookies

These cookies collect information about how users interact with the Platform, helping us improve functionality, user experience, and service performance.

Purpose:

Usage Statistics: Measure page views, session duration, bounce rates, navigation patterns, and feature engagement.
Feature Adoption: Track which features are most frequently used and identify areas for improvement.
Error Tracking: Detect and diagnose technical issues, application errors, and performance bottlenecks.
Performance Monitoring: Assess loading times, platform responsiveness, and infrastructure performance.

Third-Party Providers:

Google Analytics (Google LLC): Tracks user behavior and generates aggregate reports on platform usage.
Mixpanel (Mixpanel, Inc.): Provides advanced analytics on user interactions, feature engagement, and conversion funnels.
PostHog (PostHog, Inc.): Product analytics platform for tracking user behavior, feature flags, session recordings, and A/B testing.
Sentry (Functional Software, Inc.): Monitors application errors, performance issues, and real-time diagnostics.

Legal Basis:

GDPR/ePrivacy (EU/EEA/UK): Consent required. Article 6(1)(a) GDPR. Analytics cookies are non-essential and require prior consent.
CCPA/CPRA (California): Opt-out required if data is shared or sold. Notice at collection provided.
Other Jurisdictions: Consent required in most privacy-protective jurisdictions.

User Control: You may opt out of analytics cookies without affecting core platform functionality. Consent can be withdrawn at any time through cookie preferences.

Data Processing: Analytics data is processed in the United States and European Union. International transfers are governed by Standard Contractual Clauses (SCCs).

Examples: _ga — Google Analytics user identifier (2 years), _gid — Google Analytics session identifier (24 hours), _gat — Google Analytics request throttle (1 minute), mp_* — Mixpanel event tracking (1 year), ph_* — PostHog analytics tracking (1 year), sentry_session — Sentry error tracking (session)

3.4 Marketing Cookies

These cookies are used to deliver targeted advertising, measure the effectiveness of marketing campaigns, and support retargeting efforts.

Purpose:

Conversion Tracking: Measure whether marketing campaigns lead to user sign-ups, subscriptions, or purchases.
Retargeting: Display relevant advertisements to users who have previously visited the Platform on external websites.
Attribution: Determine which marketing channels (search, social, display, AI platforms) drive the most engagement and conversions.
Campaign Optimization: Assess ad performance and optimize advertising spend across platforms.
Lead Generation: Support B2B sales prospecting and professional networking outreach.

Third-Party Providers:

Google Ads (Google LLC): Search, display, and video advertising across Google network.
Meta/Facebook Ads (Meta Platforms, Inc.): Advertising on Facebook, Instagram, Messenger, and Audience Network.
LinkedIn Ads (LinkedIn Corporation): Professional B2B advertising and sponsored content.
LinkedIn Sales Navigator (LinkedIn Corporation): B2B sales prospecting and lead tracking.
OpenAI/ChatGPT (OpenAI, L.L.C.): AI platform advertising and conversational marketing.
Anthropic/Claude (Anthropic PBC): AI assistant platform integration and marketing.
Perplexity (Perplexity AI, Inc.): AI search platform advertising and sponsored answers.
xAI/Grok (xAI Corp.): AI platform advertising and integration tracking.

Legal Basis:

GDPR/ePrivacy (EU/EEA/UK): Consent required. Article 6(1)(a) GDPR. Marketing cookies require prior explicit consent.
CCPA/CPRA (California): Opt-out required. Marketing cookies may constitute "selling" or "sharing" personal information under CCPA/CPRA. Users must be provided with a "Do Not Sell or Share My Personal Information" option.
Other Jurisdictions: Consent required in most privacy-protective jurisdictions.

User Control: You may opt out of marketing cookies at any time without impacting your access to the Platform. Opt-out does not prevent all advertising but limits targeted advertising based on your behavior.

Data Processing: Marketing data is processed by third-party advertising platforms, primarily located in the United States.

Examples: _fbp — Meta/Facebook Pixel (3 months), _fbc — Meta/Facebook Click ID (3 months), _gcl_au — Google Ads conversion (3 months), _gcl_aw — Google Ads click tracking (3 months), li_fat_id — LinkedIn first-party ad tracking (30 days), lidc — LinkedIn data center routing (24 hours), bcookie — LinkedIn browser ID (1 year), bscookie — LinkedIn secure browser ID (1 year), ln_or — LinkedIn Sales Navigator tracking (1 day), UserMatchHistory — LinkedIn ad optimization (30 days), AnalyticsSyncHistory — LinkedIn analytics sync (30 days), Platform-specific advertising identifiers for AI platforms

4. DETAILED COOKIE TABLE

The following table provides specific information about the cookies we use:

Cookie Name	Provider	Category	Purpose	Duration	Domain
lenzo_session	Lenzo	Strictly Necessary	Session authentication and state management	Session	.lenzo.ai
csrf_token	Lenzo	Strictly Necessary	Cross-site request forgery protection	Session	.lenzo.ai
lb_cookie	Lenzo	Strictly Necessary	Load balancer routing and traffic distribution	Session	.lenzo.ai
user_prefs	Lenzo	Functional	Dashboard customization and display settings	1 year	.lenzo.ai
lang_pref	Lenzo	Functional	Language preference storage	1 year	.lenzo.ai
theme_pref	Lenzo	Functional	Interface theme selection	1 year	.lenzo.ai
_ga	Google Analytics	Analytics	Distinguish unique users and sessions	2 years	.lenzo.ai
_gid	Google Analytics	Analytics	Distinguish unique users within 24-hour period	24 hours	.lenzo.ai
_gat	Google Analytics	Analytics	Throttle request rate to prevent server overload	1 minute	.lenzo.ai
mp_*	Mixpanel	Analytics	Track user interactions, events, and feature usage	1 year	.lenzo.ai
ph_*	PostHog	Analytics	Product analytics, session recordings, feature flags	1 year	.lenzo.ai
sentry_session	Sentry	Analytics	Error tracking session identifier and diagnostics	Session	.lenzo.ai
_fbp	Meta/Facebook	Marketing	Track conversions and enable retargeting campaigns	3 months	.lenzo.ai
_fbc	Meta/Facebook	Marketing	Facebook click identifier for attribution	3 months	.lenzo.ai
_gcl_au	Google Ads	Marketing	Conversion tracking and campaign attribution	3 months	.lenzo.ai
_gcl_aw	Google Ads	Marketing	Google Ads click tracking	3 months	.lenzo.ai
li_fat_id	LinkedIn	Marketing	LinkedIn first-party ad tracking	30 days	.lenzo.ai
lidc	LinkedIn	Marketing	LinkedIn data center selection	24 hours	.linkedin.com
bcookie	LinkedIn	Marketing	LinkedIn browser identifier	1 year	.linkedin.com
bscookie	LinkedIn	Marketing	LinkedIn secure browser identifier	1 year	.linkedin.com
ln_or	LinkedIn Sales Navigator	Marketing	Sales Navigator origin tracking	1 day	.lenzo.ai
UserMatchHistory	LinkedIn	Marketing	LinkedIn ad delivery optimization	30 days	.linkedin.com
AnalyticsSyncHistory	LinkedIn	Marketing	LinkedIn analytics synchronization	30 days	.linkedin.com

Note: This table represents commonly used cookies. Additional cookies may be set by third-party services integrated into the Platform, including AI platform providers (OpenAI, Anthropic, Perplexity, xAI). Cookie names beginning with prefixes (e.g., mp_*, ph_*) may include multiple variations. We update this table periodically to reflect current practices.

Cookie Retention: Persistent cookies are retained for the duration specified in the table. We review cookie durations annually to ensure they do not exceed what is necessary for their intended purpose.

5. THIRD-PARTY COOKIES

We utilize third-party service providers to enhance platform functionality, analyze usage, and deliver marketing content. These providers may set cookies on your device when you use the Platform.

5.1 Google Analytics

Provider: Google LLC

Purpose: Web analytics, user behavior tracking, aggregate reporting, and traffic analysis

Data Collected: IP address (anonymized via IP anonymization), browser type, device information, operating system, pages visited, session duration, referral source, user interactions

Data Processing Location: United States (may also process in other Google data center locations)

Opt-Out: https://tools.google.com/dlpage/gaoptout

Data Retention: Google Analytics data is retained for 26 months by default. Aggregate reports may be retained indefinitely.

5.2 Mixpanel

Provider: Mixpanel, Inc.

Purpose: Product analytics, feature usage tracking, user engagement measurement, conversion funnel analysis

Data Collected: User interactions, feature clicks, button taps, page views, session data, device information, custom events

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences or via Mixpanel's opt-out mechanism

Data Retention: Event data retained for duration specified in Mixpanel retention settings (typically 60 days to indefinite based on plan)

5.3 PostHog

Provider: PostHog, Inc.

Purpose: Product analytics, session recordings, feature flags, A/B testing, user behavior analysis, heatmaps

Data Collected: User interactions, page views, click events, session recordings, feature flag evaluations, custom events, device information, IP address

Data Processing Location: United States and European Union (EU hosting available)

Opt-Out: Available through Platform cookie preferences or via PostHog's opt-out mechanism

Data Retention: Event data retained according to configured retention settings

5.4 Sentry

Provider: Functional Software, Inc. (dba Sentry)

Purpose: Error tracking, performance monitoring, debugging, real-time application diagnostics

Data Collected: Error logs, stack traces, user session data, device and browser information, IP addresses, performance metrics

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences. Note that disabling error tracking may impact our ability to diagnose and resolve technical issues.

Data Retention: Error data retained for 90 days by default

5.5 Google Ads

Provider: Google LLC

Purpose: Search advertising, display advertising, video advertising, conversion tracking, remarketing

Data Collected: Click data, conversion events, device information, IP address, browsing behavior across Google network

Data Processing Location: United States and global Google data centers

Opt-Out: https://adssettings.google.com

Data Retention: Conversion data retained for up to 540 days

5.6 Meta/Facebook Ads

Provider: Meta Platforms, Inc.

Purpose: Advertising on Facebook, Instagram, Messenger, conversion tracking, custom audiences, retargeting

Data Collected: Click data, conversion events, device information, IP address, browsing behavior, Facebook user ID (if logged in)

Data Processing Location: United States and global Meta data centers

Opt-Out: https://www.facebook.com/ads/preferences

Data Retention: Conversion data retained according to Meta's data retention policies

5.7 LinkedIn Ads

Provider: LinkedIn Corporation (Microsoft)

Purpose: Professional B2B advertising, sponsored content, conversion tracking, matched audiences, account-based marketing

Data Collected: Click data, conversion events, professional profile information, company data, device information, IP address

Data Processing Location: United States

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Data Retention: Conversion data retained according to LinkedIn's data retention policies

5.8 LinkedIn Sales Navigator

Provider: LinkedIn Corporation (Microsoft)

Purpose: B2B sales prospecting, lead tracking, account insights, relationship management, InMail tracking

Data Collected: Professional profile views, lead interactions, account engagement, InMail opens and clicks, device information

Data Processing Location: United States

Opt-Out: https://www.linkedin.com/psettings/advertising

Data Retention: Lead and account data retained according to LinkedIn's data retention policies

5.9 OpenAI/ChatGPT

Provider: OpenAI, L.L.C.

Purpose: AI platform integration, conversational marketing, chatbot functionality, user interaction tracking

Data Collected: Conversation logs, user queries, interaction events, device information, usage patterns

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences

Data Retention: Data retained according to OpenAI's data retention policies

5.10 Anthropic/Claude

Provider: Anthropic PBC

Purpose: AI assistant integration, conversational interface, user interaction analytics

Data Collected: Conversation logs, user queries, interaction events, device information, usage patterns

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences

Data Retention: Data retained according to Anthropic's data retention policies

5.11 Perplexity

Provider: Perplexity AI, Inc.

Purpose: AI search integration, sponsored answers, search analytics, user query tracking

Data Collected: Search queries, click data, interaction events, device information, search patterns

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences

Data Retention: Data retained according to Perplexity's data retention policies

5.12 xAI/Grok

Provider: xAI Corp.

Purpose: AI platform integration, conversational interface, user interaction tracking

Data Collected: Conversation logs, user queries, interaction events, device information, usage patterns

Data Processing Location: United States

Opt-Out: Available through Platform cookie preferences

Data Retention: Data retained according to xAI's data retention policies

5.13 Third-Party Responsibility

Third-party providers are independent data controllers for the data they collect through cookies. WE ARE NOT RESPONSIBLE FOR THEIR PRIVACY PRACTICES, DATA HANDLING, SECURITY MEASURES, OR COMPLIANCE WITH APPLICABLE LAWS. YOU ASSUME ALL RISKS ASSOCIATED WITH THIRD-PARTY COOKIE USE, INCLUDING BUT NOT LIMITED TO DATA COLLECTION BY ANALYTICS PROVIDERS, ADVERTISING NETWORKS, AI PLATFORMS, AND SOCIAL MEDIA COMPANIES. We recommend reviewing their privacy policies before consenting to their cookies.

5.14 Data Transfer Mechanisms

Third-party providers are primarily located in the United States. Data transfers to these providers from the EU/EEA and UK are governed by:

Standard Contractual Clauses (SCCs): Approved by the European Commission under Article 46(2)(c) GDPR
Supplementary Measures: Encryption (TLS 1.3 for data in transit, AES-256 for data at rest), access controls, and contractual obligations
UK Addendum: For UK data transfers, we implement the UK International Data Transfer Agreement/Addendum

Data Subject Rights: Users in the EU/EEA and UK retain all rights under GDPR regarding data processed by third parties, including the right to access, rectify, erase, restrict processing, object, and data portability.

6. MANAGING COOKIES

You have multiple options for controlling and managing cookies.

6.1 Consent Mechanism and Prior Consent

Initial Interaction: When you first visit the Platform, you will see a cookie banner that explains our use of cookies and requests your consent for non-essential cookies.

Critical: Non-essential cookies (functional, analytics, marketing) are not placed on your device until you provide explicit consent. This implements "prior consent" required by the ePrivacy Directive and GDPR.

Consent Options:

Accept All: Consent to all cookie categories, including functional, analytics, and marketing cookies.
Reject All: Decline all non-essential cookies. Only strictly necessary cookies will be used. You will retain full access to Platform functionality.
Customize (Granular Consent): Select specific cookie categories you wish to allow or block. You may consent to functional cookies while rejecting analytics and marketing cookies, or any other combination.

Consent Withdrawal: You may withdraw consent at any time. Withdrawal is as easy as providing consent — one click through the cookie preferences interface. Consent withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Consent Records: We maintain records of your consent choices, including date, time, consent scope (categories accepted/rejected), and consent method. These records are retained for compliance and audit purposes.

No Cookie Walls: We do not restrict access to the Platform if you reject non-essential cookies. You may use all features and functionality with only strictly necessary cookies enabled.

6.2 Platform Controls

Account Settings: Logged-in users can manage cookie preferences directly from their account settings:

Navigate to Settings > Privacy > Cookie Preferences
Toggle cookie categories on or off
View active cookies and their purposes
Save your preferences

Cookie preferences are applied immediately upon saving.

Preference Center: A dedicated Cookie Preferences Center is accessible from the Platform footer and from the cookie banner. The Preference Center allows you to:

Review all cookie categories and purposes
View the complete list of active cookies (linked to this Cookie Policy)
Withdraw consent for specific categories
Access opt-out links for third-party services
Download your current consent record

Direct Opt-Out Links for Third-Party Services:

Analytics:

Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout (browser add-on)
Mixpanel Opt-Out: https://docs.mixpanel.com/docs/privacy/protecting-user-data
PostHog Opt-Out: Available via Platform cookie preferences

Advertising - Search & Display:

Google Ads Opt-Out: https://adssettings.google.com

Advertising - Social & Professional:

Meta/Facebook Ads Opt-Out: https://www.facebook.com/ads/preferences
LinkedIn Ads Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
LinkedIn Sales Navigator Opt-Out: https://www.linkedin.com/psettings/advertising

AI Platforms:

OpenAI/ChatGPT: https://openai.com/policies/privacy-policy/ (contact for opt-out)
Anthropic/Claude: https://www.anthropic.com/legal/privacy (contact for opt-out)
Perplexity: https://www.perplexity.ai/hub/legal/privacy-policy (contact for opt-out)
xAI/Grok: https://x.ai/legal/privacy-policy (contact for opt-out)

Industry-Wide Opt-Outs:

General Ad Industry Opt-Out (US): https://optout.aboutads.info/
General Ad Industry Opt-Out (EU): https://youronlinechoices.eu/
Network Advertising Initiative Opt-Out: https://thenai.org/how-to-opt-out/

6.3 Browser Controls

All major web browsers allow you to manage cookies through browser settings. Below are instructions for common browsers:

Google Chrome:

Click the three-dot menu icon (⋮) in the top-right corner
Select Settings > Privacy and security > Third-party cookies
Choose Block third-party cookies or configure site-specific settings
To view/delete existing cookies: Settings > Privacy and security > Third-party cookies > See all site data and permissions
To clear all cookies: Settings > Privacy and security > Clear browsing data > Cookies and other site data

Mozilla Firefox:

Click the menu icon (☰) in the top-right corner
Select Settings > Privacy & Security
Under Cookies and Site Data, choose Standard, Strict, or Custom protection
To manage cookies: Click Manage Data to view and remove specific cookies
To clear cookies: Settings > Privacy & Security > Cookies and Site Data > Clear Data

Apple Safari (macOS):

Open Safari > Preferences (or Settings on Safari 16+)
Navigate to Privacy
Select Prevent cross-site tracking to block third-party cookies
To manage cookies: Click Manage Website Data to view and remove specific cookies
To block all cookies: Enable Block all cookies (may affect functionality)

Apple Safari (iOS):

Open Settings > Safari
Enable Prevent Cross-Site Tracking
To block all cookies: Enable Block All Cookies under Privacy & Security

Microsoft Edge:

Click the three-dot menu icon (⋯) in the top-right corner
Select Settings > Cookies and site permissions > Manage and delete cookies and site data
Choose Block third-party cookies or configure site-specific exceptions
To view/delete cookies: Click See all cookies and site data
To clear cookies: Settings > Privacy, search, and services > Clear browsing data > Cookies and other site data

Blocking Third-Party Cookies: Most browsers allow you to block third-party cookies while permitting first-party cookies. This limits cross-site tracking while maintaining essential site functionality. Third-party cookie blocking is enabled by default in Safari and Firefox; Chrome and Edge require manual configuration.

Private/Incognito Mode: Browsing in private or incognito mode prevents persistent cookies from being stored after the session ends. Session cookies remain active during the browsing session but are deleted when you close the browser.

Browser Limitations: Browser-based cookie controls apply only to cookies. Other tracking technologies (local storage, session storage, pixels) may not be affected by browser cookie settings. For comprehensive control, use Platform cookie preferences in addition to browser controls.

7. DO NOT TRACK (DNT) AND GLOBAL PRIVACY CONTROL (GPC)

7.1 Do Not Track (DNT)

Do Not Track (DNT) is a browser setting that signals to websites that you do not wish to be tracked. The Platform recognizes DNT signals sent by your browser.

Platform Response to DNT: When a DNT signal is detected:

Analytics Cookies: Automatically disabled. Google Analytics, Mixpanel, PostHog, and Sentry tracking will not be activated.
Marketing Cookies: Automatically disabled. No advertising or retargeting cookies will be set (Google, Meta, LinkedIn, AI platforms).
Functional Cookies: Remain available but require explicit consent if DNT is enabled.
Strictly Necessary Cookies: Remain active as they are essential for platform operation.

Enabling DNT in Your Browser:

Chrome: Settings > Privacy and security > Send a "Do Not Track" request with your browsing traffic
Firefox: Settings > Privacy & Security > Send websites a "Do Not Track" signal that you don't want to be tracked
Safari: Preferences > Privacy > Website tracking > Prevent cross-site tracking (automatically enabled)
Edge: Settings > Privacy, search, and services > Send "Do Not Track" requests

7.2 Global Privacy Control (GPC)

Global Privacy Control (GPC) is a privacy signal that allows users to automatically exercise their opt-out rights under privacy laws like CCPA/CPRA. When enabled, GPC sends a legally binding signal that you do not want your personal information sold or shared.

Platform Response to GPC: When a GPC signal is detected:

Marketing Cookies: Automatically blocked. No marketing, advertising, or retargeting cookies will be set (including Google, Meta, LinkedIn, and AI platform cookies).
Analytics Cookies: Automatically blocked if they involve sharing data with third parties for cross-context behavioral advertising.
CCPA/CPRA Opt-Out: Automatically honored. GPC is treated as a valid "Do Not Sell or Share My Personal Information" request.
Functional and Strictly Necessary Cookies: Remain active as they are necessary for service delivery or do not involve selling/sharing personal information.

Enabling GPC: GPC is supported by privacy-focused browsers and browser extensions:

Browsers: Brave, DuckDuckGo, Firefox (with extension), Safari (with extension)
Browser Extensions: Privacy Badger, OptMeowt, Global Privacy Control Extension

Legal Recognition: GPC signals are legally recognized under CCPA/CPRA in California and under similar laws in other US states (Colorado, Connecticut, etc.). We honor GPC signals as legally binding opt-out requests.

8. IMPACT OF DISABLING COOKIES

Disabling cookies affects platform functionality depending on the category:

8.1 Strictly Necessary Cookies

Impact if Disabled: The Platform will not function. You will be unable to log in, access your account, manage compliance monitoring, view dashboards, or use any platform features. These cookies are essential for service delivery and cannot be disabled if you wish to use the Platform.

Technical Reason: Strictly necessary cookies maintain your authenticated session, prevent security attacks (CSRF), and ensure requests are routed to the correct servers.

8.2 Functional Cookies

Impact if Disabled: The Platform will function, but your experience will be degraded. Your preferences will not be saved between sessions, requiring you to reconfigure settings (language, dashboard layout, notification preferences, theme) each time you visit.

Technical Reason: Functional cookies store your personalized settings. Without them, the Platform defaults to standard configurations on every visit.

User Action Required: If functional cookies are disabled, you must manually set your preferences on each visit. Core functionality (compliance monitoring, sanctions screening, product classification, reporting) remains fully accessible.

8.3 Analytics Cookies

Impact if Disabled: No impact on core platform functionality. You will have full access to all compliance monitoring, sanctions screening, product classification, reporting, and dashboard features. Disabling analytics cookies only prevents us from collecting usage statistics to improve the Platform.

Technical Reason: Analytics cookies collect data for our internal use to improve user experience and identify issues. They do not affect your ability to use Platform features.

Benefit to User: Disabling analytics cookies enhances your privacy by preventing behavior tracking and data sharing with third-party analytics providers (Google, Mixpanel, PostHog).

8.4 Marketing Cookies

Impact if Disabled: No impact on platform functionality. You will continue to receive full access to all features and services. Disabling marketing cookies only prevents personalized advertising and conversion tracking.

Technical Reason: Marketing cookies track your interaction with our marketing campaigns and enable retargeting on external websites. They have no role in Platform operation.

Advertising After Opt-Out: You may still see generic (non-targeted) advertisements for Lenzo on external websites, social platforms, and AI platforms, but these ads will not be based on your browsing behavior or Platform usage.

9. LEGAL BASES AND REGIONAL COMPLIANCE

We process cookies based on different legal frameworks depending on your location.

9.1 European Union, European Economic Area, and United Kingdom (GDPR/ePrivacy Directive/UK PECR)

Legal Bases:

Contractual Necessity (Article 6(1)(b) GDPR): Strictly necessary cookies are processed to fulfill our contractual obligations under the Terms of Service. These cookies are essential to provide the Services you have subscribed to.

Consent (Article 6(1)(a) GDPR): Functional, analytics, and marketing cookies require your explicit, informed, and freely given consent. Consent is requested through our cookie banner upon your first visit. We implement "prior consent" — non-essential cookies are not placed on your device until you explicitly consent. Consent must be granular (per category), specific, informed, unambiguous, and freely given. You may withdraw consent at any time.

ePrivacy Directive Compliance: We comply with ePrivacy Directive 2002/58/EC (as amended) Article 5(3), which requires prior consent for cookies except those strictly necessary for service delivery. This directive takes precedence over GDPR as lex specialis for cookies.

UK PECR Compliance: For users in the United Kingdom, we comply with the Privacy and Electronic Communications Regulations (PECR), which implement ePrivacy requirements in UK law and operate alongside UK GDPR.

Your Rights:

Withdraw consent at any time
Access information about cookies and data collected
Object to processing based on legitimate interest (if applicable)
Lodge a complaint with your national Data Protection Authority (EU/EEA) or the Information Commissioner's Office (UK)

9.2 California, United States (CCPA/CPRA)

Legal Framework: The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), governs the use of cookies for California residents.

Key Differences from GDPR: CCPA/CPRA uses an opt-out model rather than opt-in consent. We do not require prior consent for most cookies, but we provide opt-out mechanisms for cookies that involve "selling" or "sharing" personal information.

"Selling" or "Sharing" Under CCPA/CPRA: Marketing cookies and certain analytics cookies that share data with third parties for cross-context behavioral advertising may constitute "selling" or "sharing" personal information under CCPA/CPRA. This includes data shared with Google, Meta, LinkedIn, and AI platform providers. We provide an opt-out mechanism for these activities.

Your Rights:

Right to Opt-Out: Opt out of the sale or sharing of your personal information collected through cookies.
Right to Know: Request information about the categories and specific pieces of personal information collected through cookies.
Right to Delete: Request deletion of personal information collected through cookies (subject to exceptions for necessary data).
Right to Correct: Request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information (if applicable).
Right to Non-Discrimination: Exercise your rights without discrimination in service, pricing, or quality.

Notice at Collection: This Cookie Policy serves as our Notice at Collection for information collected through cookies. We collect the following categories of personal information through cookies: identifiers (cookie IDs, IP addresses), internet activity (browsing behavior, page views), and device information (browser type, operating system).

Minors (Under 16): If you are under 16 years old, we require opt-in consent before placing non-essential cookies. If you are under 13, we require parental consent. The Platform is designed for business users and is not directed to minors.

Age Verification: We do not implement age verification mechanisms because the Platform is not directed to minors and is accessed through corporate accounts.

California Minors (Under 16): If we learn that we have placed cookies on the device of a California resident under 16 years of age without opt-in consent (or parental consent for those under 13), we will immediately delete those cookies and any data collected through them.

Parental Notice: If you believe your child under 18 has provided personal information through our Platform or that we have placed cookies on their device, contact us immediately at support [at] lenzo.ai. We will take prompt action to delete the cookies and associated data.

COPPA Compliance: While the Platform is not subject to the Children's Online Privacy Protection Act (COPPA) due to its B2B nature and lack of targeting to children, we adhere to the principles of COPPA and will not knowingly collect information from children under 13.

9.3 Canada (PIPEDA)

Legal Framework: Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) governs the collection, use, and disclosure of personal information in the course of commercial activities.

Consent Requirement: PIPEDA requires meaningful consent for the collection, use, or disclosure of personal information. We obtain express consent for non-essential cookies through our cookie banner.

Your Rights:

Withdraw consent at any time (subject to legal or contractual restrictions)
Access personal information collected through cookies
Challenge the accuracy of personal information
File a complaint with the Office of the Privacy Commissioner of Canada

9.4 Australia (Privacy Act)

Legal Framework: Australia's Privacy Act 1988 and the Australian Privacy Principles (APPs) govern the handling of personal information.

Consent Requirement: We obtain consent for cookies that collect personal information, in accordance with APP 3 (collection of solicited personal information) and APP 6 (use or disclosure of personal information).

Your Rights:

Access personal information collected through cookies
Request correction of inaccurate personal information
Make a privacy complaint to us or to the Office of the Australian Information Commissioner (OAIC)

9.5 Other Jurisdictions

For users in jurisdictions not specifically mentioned above, we apply privacy-protective practices consistent with internationally recognized privacy principles. We obtain consent for non-essential cookies and provide opt-out mechanisms where required by local law.

10. YOUR RIGHTS

You have specific rights regarding cookies and data collected through cookies. Rights vary by jurisdiction.

10.1 Right to Withdraw Consent

You may withdraw consent for functional, analytics, and marketing cookies at any time through:

Platform Cookie Preference Center (Settings > Privacy > Cookie Preferences)
Cookie banner (click "Cookie Settings" in footer)
Browser cookie controls
Email request to support [at] lenzo.ai

Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. After withdrawal, we will immediately stop placing non-essential cookies on your device.

10.2 Right of Access

You may request information about the cookies we use and the data collected through cookies. To exercise this right, contact us at support [at] lenzo.ai. We will provide:

List of cookies currently active on your account
Categories of data collected through cookies
Purposes of cookie usage
Third parties receiving data from cookies (including analytics, advertising, and AI platform providers)

10.3 Right to Object

You have the right to object to the processing of cookies based on legitimate interest (functional cookies) or for direct marketing purposes (marketing cookies). Upon receiving an objection, we will cease using the specified cookies unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

10.4 Right to Deletion

You may request deletion of data collected through cookies. Upon receiving a deletion request, we will:

Delete cookies from your device (by clearing cookies via Platform interface)
Instruct third-party providers to delete data collected through their cookies
Delete data stored on our servers related to cookie activity

Note: Some data may be retained for legal obligations (e.g., billing records, compliance audit logs) or legitimate interests (e.g., fraud prevention).

10.5 Right to Data Portability (GDPR)

You may request a copy of data collected through cookies in a structured, machine-readable format (JSON or CSV). This right applies only to data processed based on consent or contract.

10.6 Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with a supervisory authority:

EU/EEA Users: Contact your national Data Protection Authority. List available at: https://www.edpb.europa.eu/about-edpb/board/members_en

UK Users: Information Commissioner's Office (ICO) Website: https://ico.org.uk Helpline: 0303 123 1113

California Residents: California Privacy Protection Agency (CPPA) Website: https://cppa.ca.gov Email: regulations [at] cppa.ca.gov

Canadian Users: Office of the Privacy Commissioner of Canada Website: https://www.priv.gc.ca Toll-Free: 1-800-282-1376

Australian Users: Office of the Australian Information Commissioner (OAIC) Website: https://www.oaic.gov.au Enquiries: 1300 363 992

Exercising Rights: To exercise any of the above rights, contact us at support [at] lenzo.ai. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA/CPRA).

11. INTERNATIONAL DATA TRANSFERS

11.1 Cross-Border Transfers

Many of our third-party service providers (Google Analytics, Mixpanel, PostHog, Sentry, Google Ads, Meta, LinkedIn, OpenAI, Anthropic, Perplexity, xAI) are based in the United States. When you use the Platform, cookies may transfer data to servers located outside your country of residence, including countries that may not provide the same level of data protection as your jurisdiction.

Primary Data Processing Locations:

United States (Google, Mixpanel, PostHog, Sentry, Meta, LinkedIn, OpenAI, Anthropic, Perplexity, xAI, and other advertising platforms)
European Union (Google, PostHog, and other providers may process in EU data centers for EU users)

11.2 Transfer Mechanisms for EU/EEA and UK Users

We implement appropriate safeguards to protect your data during international transfers:

Standard Contractual Clauses (SCCs): We have executed Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR with third-party providers that process data outside the EEA. SCCs are contractual commitments between data exporters and importers ensuring adequate data protection.

UK International Data Transfer Agreement/Addendum: For data transfers from the UK, we implement the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, as required by UK GDPR and UK Information Commissioner's Office (ICO) guidance.

Supplementary Measures: In addition to SCCs, we implement supplementary technical and organizational measures:

Encryption: Data transmitted to third-party servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
Access Controls: Strict access controls limit who can access data transferred internationally.
Data Minimization: We transfer only data necessary for the specified purpose.
Contractual Obligations: Third-party providers are contractually obligated to implement adequate security measures and comply with data protection laws.

EU-US Data Privacy Framework (DPF): Some third-party providers participate in the EU-US Data Privacy Framework (formerly Privacy Shield). Where applicable, we rely on DPF as an additional transfer mechanism. However, we primarily rely on SCCs as our transfer mechanism to ensure compliance regardless of DPF status.

11.3 Your Rights Regarding International Transfers

Users in the EU/EEA and UK retain all rights under GDPR/UK GDPR regarding data transferred internationally, including:

Right to be informed about the transfer
Right to access data held by international recipients
Right to request that international transfers be stopped (subject to contractual and legal limitations)
Right to lodge a complaint with a supervisory authority regarding international transfers

12. POLICY UPDATES

12.1 Review and Amendments

We review this Policy periodically to ensure it remains accurate and reflects current practices, legal requirements, and technological developments. We may update this Policy to account for:

New cookies or tracking technologies
Changes in third-party providers (including new analytics, advertising, or AI platform integrations)
Changes in applicable privacy laws
Changes in our data processing practices
User feedback and best practices

12.2 Notification of Material Changes

Material changes to this Policy will be communicated through:

Email Notification: Sent to the email address associated with your account at least 30 days before changes take effect.
Platform Banner: A prominent notification displayed on the Platform dashboard alerting you to the updated Policy.
Updated Effective Date: The "Last Updated" date at the top of this Policy will be revised to reflect the date of the most recent changes.

Material Changes Definition: Material changes include: introduction of new cookie categories requiring consent, changes to legal bases for processing, changes to data retention periods, addition of new third-party providers with access to significant personal data, or changes that materially affect your rights.

12.3 Acceptance of Changes

Continued use of the Platform after notification of material changes constitutes acceptance of the updated Policy. If you do not agree with the changes, you may:

Adjust your cookie preferences to reject new cookie categories
Discontinue use of the Platform
Request account deletion by contacting support [at] lenzo.ai

If you request account deletion before material changes take effect, the previous version of the Policy will govern the deletion process.

12.4 Non-Material Changes

Non-material changes (e.g., typographical corrections, clarifications, updates to third-party links, organizational restructuring without substantive changes) take effect immediately upon posting. Non-material changes do not require advance notice but are reflected in the "Last Updated" date.

12.5 Version History

Previous versions of this Cookie Policy are available upon request. Contact support [at] lenzo.ai to request archived versions.

13. CHILDREN'S PRIVACY

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors through cookies or any other means.

Business Users Only: The Platform is a business-to-business (B2B) Compliance Monitoring Platform designed for corporate use. Users must be authorized business representatives with the authority to agree to our Terms of Service.

Age Verification: We do not implement age verification mechanisms because the Platform is not directed to minors and is accessed through corporate accounts.

14. LIMITATION OF LIABILITY AND ASSUMPTION OF RISK

14.1 Complete Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

GENIO GROUP, INC. AND LENZO SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO:
- The use or inability to use cookies or tracking technologies
- Data collected, stored, processed, or transmitted through cookies
- Third-party cookie practices, data handling, or security measures (including but not limited to Google, Meta, LinkedIn, OpenAI, Anthropic, Perplexity, xAI, and other analytics, advertising, or AI platform providers)
- Unauthorized access to or alteration of data collected through cookies
- Any errors, omissions, interruptions, deletions, defects, or delays in cookie operations
- Any claims or demands of third parties arising from cookie use
IN NO EVENT SHALL OUR TOTAL LIABILITY EXCEED THE AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR ONE HUNDRED U.S. DOLLARS ($100), WHICHEVER IS LESS.

14.2 User Assumption of All Risks

BY USING THE PLATFORM, YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT:

YOU ASSUME FULL AND SOLE RESPONSIBILITY FOR ALL RISKS ASSOCIATED WITH COOKIES AND TRACKING TECHNOLOGIES, INCLUDING BUT NOT LIMITED TO DATA COLLECTION BY ANALYTICS PROVIDERS (GOOGLE, MIXPANEL, POSTHOG, SENTRY), ADVERTISING NETWORKS (GOOGLE ADS, META, LINKEDIN), AND AI PLATFORMS (OPENAI, ANTHROPIC, PERPLEXITY, XAI).
YOU ARE SOLELY RESPONSIBLE FOR ENSURING COMPLIANCE WITH ALL APPLICABLE LAWS, REGULATIONS, AND INTERNAL POLICIES REGARDING COOKIES.
YOU RELEASE AND HOLD HARMLESS GENIO GROUP, INC., LENZO, AND THEIR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUCCESSORS, AND ASSIGNS FROM ANY AND ALL CLAIMS, DEMANDS, LOSSES, DAMAGES, COSTS, AND EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES) ARISING FROM OR RELATED TO COOKIES AND TRACKING TECHNOLOGIES.
THIS ASSUMPTION OF RISK APPLIES REGARDLESS OF WHETHER CLAIMS ARE BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY.

14.3 Indemnification

You agree to indemnify, defend, and hold harmless Genio Group, Inc., Lenzo, and their officers, directors, employees, agents, licensors, suppliers, successors, and assigns from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

Your use of cookies and tracking technologies on the Platform
Your violation of this Cookie Policy
Your violation of any applicable laws or regulations regarding cookies
Any third-party claims related to data collected through cookies during your use of the Platform

14.4 No Warranty

COOKIES AND TRACKING TECHNOLOGIES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT COOKIES WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE.

15. CONTACT INFORMATION

For questions, concerns, or requests related to this Cookie Policy, contact us at:

Email: support [at] lenzo.ai

Data Controller: Genio Group, Inc. Operating as: Lenzo

Cookie-Specific Inquiries:

Cookie consent issues: support [at] lenzo.ai
Data subject requests: support [at] lenzo.ai
Third-party cookie opt-out assistance: support [at] lenzo.ai
Technical cookie issues: support [at] lenzo.ai

Jurisdiction: All disputes arising from or related to this Policy shall be governed by the laws of the State of California, United States of America, and resolved exclusively in the courts of California.

Response Time: We will respond to inquiries within 30 days of receipt (or within timeframes required by applicable law, whichever is shorter).

Supervisory Authorities: For EU/EEA, UK, California, Canada, and Australia users, contact information for relevant supervisory authorities is provided in Section 10.6 above.