Privacy Policy

What this policy covers

At OpenGenius, your privacy is important to us and we do not sell, publish or share any information about our customers with any third party unless given your express permission to do so.

Please read this policy carefully. Further information about privacy and data protection issues including the online Register of Data Controllers can be found on the website of the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at https://ico.org.uk/

OpenGenius is registered on the ICO’s online Register of Data Controllers with registration number Z1521108.

This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with AYOA (for example, at an AYOA event), unless a different privacy policy is displayed.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

If you do not agree with this policy, do not access or use our services or interact with any other aspect of our business.

Who we are

We are OpenGenius Limited, a company registered in England and Wales – No. 05653541.

Our registered office is at:

OpenGenius Ltd., Tec Marina, Terra Nova Way, Penarth, United Kingdom, CF64 1SA.
Contact us via email at support@ayoa.com

AYOA provides project management and collaborative tools including web and mobile products designed to help you stay motivated, productive and organised. We also provide additional support services and own and operate several websites and trademarks. We refer to all such elements of our business as “Services” in this policy.

When we refer to “AYOA”, “we”, “us” “ours” in this policy, we refer to OpenGenius Ltd. As designers, developers and operators of the AYOA Software as a Service, we control the information AYOA collects when you use our services.

Lawful Basis for Processing

The processing of users’ data is necessary to provide the main components of the Services, so contract is our lawful basis for the processing.

Before we process any user data, and before users engage with our services, our terms and conditions must be understood and accepted as a legally binding agreement between us.

The contractual exchange between parties is the Services offered by us, and the subscription payments offered by the subscribers to our Services.

Some users intend to enter into a subscription, and agree to our terms and conditions in order to trial the Services before purchase. In the case of users who wish to trial the Services before purchase, the element of exchange offered by the users is the data we use for analysis to improve the Services we offer.

We process the data provided by our users to comply with our obligations under the contract and to carry out what they ask. The processing is necessary for performing the contract, and is a targeted and proportionate way of carrying out the purposes for processing.

Some purposes for processing are non-essential components of the Services. Consent is the lawful basis for processing users’ data for the non-essential components of the Services. The non-essential components of the Services include communicating with users for notifications, daily summaries, and direct marketing related to the Services.

Consent may be given for each non-essential item individually to allow granular control over the processing of users’ personal data.

Purposes for processing and how we use the information we collect about you

If you register for an AYOA account, we will use your information to provide the Services to you. When you register with us or buy from us, the information you provide will be used for the purposes of:

Providing the Services you require. The Services consist of multiple interconnecting components to process your data in a way that enables the functionality and the security we need to provide to you.

The key components of the Services consist of:

Authenticating access to user accounts.
Systems communications including transfers, storage, retrieval, updates and erasures of data as essential service components
Processing subscription payments.
Communicating notifications, mentions, reminders and summaries and emails related to the features of the Services. The account settings in your user account allow you to configure your preferences and provide consent for receiving notifications, mentions, reminders and daily summaries related to the features of the Services, as well as opt out of marketing material.
Creating data backups according to our data retention policy.
To communicate with you about our Services. This will include sending you relevant information which is categorised under legitimate interest so that you remain informed to changes and updates which will impact your usage of our Services.
For continual product development and improvement. We may also use this information to resolve technical issues with our Services.
To communicate with you for providing customer support related to the Services. We may ask you to provide information related to the way you use the Services to enable us to resolve your customer support enquiries.
We may use the information we hold on you to contact you for feedback on your use of our software and/or services, and/or website.
For analytics and analysis. This will include collecting statistical data on sales patterns and the usage of our Services to allow us to identify patterns and opportunities related to sales, feature usage and the performance of the Services.
To protect our Service, Intellectual Property, Assets and users.

What information we collect about you

We collect information about you when you input it into the Services or otherwise provide it directly to us. This will include information collected when:

You register for our Services. This information includes:

Name
Job title
Department
Industry
Telephone number
Email address
Avatar image

You administer your account. This information includes:

Billing information

Team members associated with your account

You are a team member of an administered account. This information includes:

Team owner of your administered account

You provide content through our products. This content could be collected via any of the AYOA applications which includes:

Web
iPhone
iPad
Android
Windows
Mac

The content is the information you choose to input which includes:

Task Board, Mind Map and Whiteboard names
Task names and Mind Map branch names
Notes
File attachments
Other users associated with collaborated Task Boards, Mind Maps and Whiteboards

You use the Services. We collect and analyse data related to feature usage and performance of the Services to enable us to track and improve the Services.

You provide content through our websites. This includes websites owned or operated by us such as our product websites, support website, social media or social networking websites, and any other websites operated by us in order to provide our Services.

You contact us via email, phone or one of our online support channels. When speaking to one of our representatives you may be asked to provide contact information, account information and details to the nature of the enquiry.

You purchase one of our products. We collect payment and billing information when you register for our paid services which are processed using a secure payment processing service such as billing address, bank account and payment card details. We do not store credit/debit card numbers belonging to our customers. We will also store data of the orders made by you, your interests and preferences.

Other users share / recommend our Services to you. Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned by someone else on a task, or you may be assigned a task by someone collaborating with you, or a team member may upload content about you to a Task Board. We also receive your email address from other Service users when they provide it in order to invite you to the Services.

You connect third-party services to your account. We receive information about you when you or your administrator enable third-party apps or integrate or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

We automatically collect information about you when you use our Services.

Platform, device and technical information

We collect information about your computer, phone, tablet or other devices you use to access the Services. This may include information about your browser, Operating System, IP address, device identifiers and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.

Cookies

A cookie is a small text file which is transferred from a website and stored on your computer’s hard drive. It enables a website to “remember” who you are. Cookies are used for authentication, tracking, and maintaining user-specific information (preferences, shopping cart, etc.) and often contain a unique and anonymous identifier. Browsers only allow websites to interact with their own cookies, not those from other websites. The settings in your browser allow you to accept or decline cookies depending upon your preferences.

Web Beacons

A web beacon is a small transparent gif image that is embedded in an HTML page or email used to track when the page or email has been viewed.

Google Analytics

This website uses Google Analytics; a web analytics service provided by Google, Inc. (“Google”). The Google Analytics service collects information on the page you have visited and helps us to improve our services to you.

No data which is collected through this service is personally identifiable. You can find out more about this service at google.com/analytics.

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the website. The information generated by the cookie about your use of the website (including your IP address which we do not link to any personally identifiable information) will be transmitted to and stored by Google on servers in the United States.

You may refuse the use of cookies by selecting the appropriate settings on your browser. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

How we share the information we collect

OpenGenius will share your information in the following ways:

Integration

When you connect your account with a third-party service via an integration, we will share information about you that is required to provide the integration between the third-party service and our Services. We provide third-party integrations with several services including Google and OpenA.

Third-party service providers:

We may provide access to or share your information with third parties who perform services on our behalf. These third parties provide services for, but not limited to, application hosting, server logging, data storage, file storage, billing, advertising, analytics, emailing, customer service, shipping and fulfillment, marketing and security.

Business ownership

If the ownership of all, or substantially all, our business changes, we may transfer your information to the new owner so that the Services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, OpenGenius will comply with such restrictions.

Processing personal data belonging to sales leads

We declare that we carefully and respectfully process personal data belonging to data subjects who we identify as potential customers. In this case, legitimate interest is the legal basis we rely upon to justify the processing of this personal data. When using legitimate interests as the legal basis for processing personal data, we balance our legitimate interests, and the necessity to process the personal data, against the interests, rights and freedoms of the individuals concerned, always considering the particular circumstances.

Google User Data

We support integrations with several Google services and therefore access, collect, use and store information about you that you provide when you register to use AYOA. The use of this Google user data is limited to the following practices if enabled:

Google Profile:

Your Google Profile name, email address and avatar may be used for setting up an AYOA profile.

Google Contacts:

To view Google Contacts within AYOA with the option to invite them to create an account and join a Task Board.

Google Drive:

To view Google Drive files within the software and create a link from a Google Drive file to an AYOA task

Google Calendar:

To create new calendars that represent AYOA Task Boards, to create new events, and to sync events back and forth.

Generative AI in AYOA

Our Mind Mapping and content creation features are powered by OpenAI. When you use these tools, your inputs (and the AI’s outputs) are sent securely to OpenAI for processing.

OpenAI may retain this data for up to 30 days to monitor misuse and ensure service quality. This data is not used to train OpenAI models unless you explicitly opt in.

For full details, please see OpenAI’s Privacy Policy.

DeepGram Audio Transciption

Our audio transcription features are powered by the DeepGram API. Audio data submitted for transcription, along with the resulting text, is transmitted to DeepGram for processing. Data retention and usage are governed by DeepGram’s privacy policy, which may include temporary storage for quality assurance, service improvement, or compliance purposes. For further details, please review DeepGram’s Privacy Policy.

How AYOA uses artificial intelligence

AYOA incorporates AI technologies to enhance your productivity and creativity. Here’s exactly how we process your data through AI systems:

Types of AI Processing

Mind Map enhancement: AI analyses your input text to suggest related topics and connections
Content etructuring: AI processes your notes and tasks to recommend organisational improvements
Audio transcription: AI converts your voice recordings to text (powered by DeepGram)
Import processing: AI interprets uploaded documents to create mind maps and task structures
Search enhancement: AI improves search results based on your content patterns

AI decision-making

Automated Decisions: AYOA’s AI makes suggestions and recommendations but does not make automated decisions that significantly affect you without human involvement. All AI outputs are clearly labelled as suggestions that you can accept, modify, or reject.

Your rights regarding AI processing:

Right to human review: You can request human oversight of any AI-generated suggestion
Right to explanation: You can ask us to explain how a particular AI recommendation was generated
Right to object: You can opt out of AI features at any time
Right to rectification: You can correct or provide feedback on AI suggestions

AI system limitations and risks

AI suggestions may not always be accurate, complete, or unbiased
AI systems can reflect patterns from training data that may not suit your specific context
Content generated with AI assistance should be reviewed for accuracy and appropriateness
For academic work, you remain responsible for ensuring originality and proper attribution

How we keep your information secure

OpenGenius Ltd is ISO/IEC 27001:2022 and Cyber Essentials certified, reflecting our commitment to industry-leading practices in Information Security Management. This certification ensures our adherence to the highest standards for safeguarding customer data.

We keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

The data for our Services is predominantly hosted on the Amazon Web Services (AWS) platform within the US. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. When you enter sensitive information (such as a credit card number to purchase OpenGenius products and services), we encrypt such information using secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

How we protect your data when transferred internationally

Some AYOA services require transferring your data outside the UK/EEA. Here’s how we ensure your data remains protected:

Adequacy decisions and alternative safeguards

UK-US Data Bridge: For transfers to our US-based AI partners, we rely on the UK Extension to the EU-US Data Privacy Framework where applicable
Standard Contractual Clauses (SCCs): We use European Commission approved SCCs with additional safeguards for all other US transfers
Supplementary measures: We implement technical measures including:
- End-to-end encryption during transit and at rest
- Pseudonymisation of personal identifiers where possible
- Access controls limiting data access to essential personnel only
- Regular security audits and compliance monitoring

Your control over international transfers

Opt-out option: You can avoid using AI features inside of the AYOA Free plan (some functionality will be limited)
Data localisation: Enterprise customers can request UK-only data processing (additional fees may apply)
Transfer notifications: We’ll notify you if transfer mechanisms change

Government access protections

We’ve implemented contractual and technical measures to challenge any disproportionate government access requests to your data, including:

Legal challenge commitments from our processors
Data minimisation to reduce exposure
Encryption that limits data accessibility

How long we keep different types of data

Account and profile data

Active account data are retained while your account remains active
Inactive accounts are deleted within 90 days of account closure
Data may be retained longer if required for legal proceedings

Content data

Mind Maps, Tasks, Projects: Retained while your account is active + 90 days after deletion
File attachments have the same retention period applied as associated content
Collaboration data: Retained until all collaborators remove or 2 years maximum

AI Processing data

Input queries are not stored by AYOA after processing
AI partner retention periods: OpenAI (30 days), DeepGram (per their policy)
Aggregated data (usage analytics) retained for 2 years for service improvement

Communication data

Support ticket information: 3 years for service quality purposes
Marketing communications: Until you unsubscribe + 30 days
System notifications: 1 year for audit purposes

Legal and Compliance data

Audit logs: 7 years for regulatory compliance
Incident reports: 6 years post-resolution
Consent records: 7 years after withdrawal

Your rights

If you have any questions about this privacy policy or our privacy practices, including any requests to exercise your legal rights, please contact us in the following ways:

Contact via email Postal address: OpenGenius Ltd, Tec Marina, Terra Nova Way, Penarth, CF64 1SA, UK

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request the information OpenGenius has stored about you. You will not have to pay a fee to access your information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Delete your account at any time. Follow the steps outlined in our support guide.
Object to processing of your personal data in certain circumstances. These circumstances may occur where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

Where our use of the data is unlawful but you do not want us to erase it.
If you want us to establish the data’s accuracy.
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Our policy towards children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact support@ayoa.com

Educational Institution Accounts

Schools must confirm they have appropriate permissions and safeguards in place for student accounts

Parental Rights

If your child uses AYOA, you have the right to:

Request access to your child’s personal data
Request correction or deletion of your child’s data
Object to certain processing activities
Request data portability
Withdraw consent at any time

Joint Data Controllers

For some users of the Services, AYOA offers a network of carefully selected Partner Affiliates to deliver high quality customer support and communications in an expanding range of languages. Where this service is available, some users may consent to one of our Partner Affiliates being a joint controller of their data. This consent will be given on signing up or subscribing to AYOA.

For those users offered the local services of a Partner Affiliate, the Partner Affiliates’ limited purposes for controlling users’ personal data, and for the processing of that data include:

To communicate with you about our Services. This will include sending you relevant direct marketing information, promotions, product updates, tips, etc to ensure you get the most out of our Services.
To communicate with you for providing customer support related to the Services. We may ask you to provide information related to the way you use the Services to enable us to resolve your customer support enquiries.
To communicate with you for providing essential system notifications.

The account settings in AYOA allow you to configure your preferences and provide consent for receiving direct marketing communications. Our marketing emails also contain a link to unsubscribe, so you may opt-out from receiving our marketing communications at any time.

Changes to our Privacy Policy

OpenGenius reserves the right to amend or modify the policies on this page at any time for any reason without notice. This Privacy Policy may change as new features are added to our website or to any of our products and services. If we decide to change our Privacy Policy, we will post these changes to our Privacy Policy on our website.

If you disagree with any changes to this privacy policy, you will need to stop using the services and deactivate your account(s) immediately.

Your granular privacy controls

You can provide or withdraw consent for:

Essential services (cannot be disabled):

Account authentication and security
Core productivity features
Essential system communications

Optional services (you control):

AI-powered suggestions and enhancements – not compulsory
Non-essential communication and newsletters
Third-party integrations
Marketing and promotional content

Consent withdrawal

Immediate effect: Most consent withdrawal is digitally aided and takes effect immediately
Any ongoing processing may complete first (e.g., AI requests in progress)
Previously processed data may be retained, subject to retention schedules above
We’ll clearly explain how consent withdrawal affects service functionality on a case-by-case basis / as required

For complex requests requiring human review:

Response time: Within 30 days (may extend to 60 days for complex requests)
Identity verification: We may request additional identification for security
Third-party involvement: Some requests may require coordination with our AI partners
Appeal process: If you’re unsatisfied with our response please write to us for the attention of the OpenGenius Chief Information Security Officer.

Emergency Procedures

For urgent privacy concerns (e.g., unauthorised access):

Immediate response: Contact support@ayoa.com with “URGENT PRIVACY” in subject line
24-hour acknowledgment: We’ll acknowledge receipt within 24 hours
Emergency deletion: Critical data can be deleted immediately upon verification

Regulatory complaints

If you’re unsatisfied with our response, you can contact:

UK users: Information Commissioner’s Office (ICO) – ico.org.uk
EU users: Your local Data Protection Authority
Other jurisdictions: Your local privacy regulatory authority

We encourage contacting us first, but you always have the right to complain directly to regulators.

Unlock Your Full Potential with AYOA

Start your journey to smarter planning, creativity, and productivity today — it’s free to begin and simple to use.