Linkedin

Privacy Policy for Genair8 (Mai Life)

Effective Date: June 9, 2026

Version: 2.0

Data Protection Framework:

EU General Data Protection Regulation (GDPR), the Danish Data Protection Act (Databeskyttelsesloven), and in alignment with the EU AI Act frameworks.

At Genair8, information security and data privacy are core organizational values. As a trusted provider of specialized B2B software solutions—including our workflow and mail optimization platform, Mai Life—we ensure the highest standards of confidentiality, integrity, and availability (CIA) for all data processed within our ecosystem.

This Privacy Policy explains how Genair8 handles data across our website, our Mai Life application infrastructure, and our associated browser extensions.

1. Identity and Contact Information

Genair8 operates primarily as a Data Processor for public municipalities and private entities that utilize our software. In these scenarios, data processing is strictly governed by a formal Data Processing Agreement (DPA) and associated service allonges.

  • Company: Genair8 ApS (CVR: 44365162)
  • Registered Address: Skovbovængets Sideallé 3, 4000 Roskilde, Denmark
  • Management: Martin Lundkvist, CEO
  • CDO / DPO: Asger Villemoes Nielsen
  • Contact Email: asger@Genair8.com

2. Core Information Security Principles

In alignment with our internal governance outlined in the “Informationssikkerhedshåndbog” and the international ISO 27001/2 framework, Genair8 enforces a strict security policy:

  • No Local Storage of Sensitive Personal Data: Our technical architecture ensures that no sensitive personal data or critical case management files are ever stored or cached locally on end-user devices or private employee workstations.
  • Strict Access Control & Multi-Factor Authentication: Access to any platform logs or infrastructure is strictly restricted according to the least-privilege principle. Administrative and system administrator accesses require mandatory unique credentials combined with two-factor authentication (2FA). All administrative events are fully logged.

3. Data Governance within the Mai Life Platform

Our platform delivers AI-driven decision support (such as summaries, text improvements, and drafting assistance) to municipal case workers.

  • Data Governance & Prompt Retention: By default, Mai Life is designed with “Privacy by Design” and data minimization principles. Case documents uploaded by a caseworker for analytical queries are temporarily retained within a secure server environment and are automatically deleted from the active user session cache upon termination, timeout, or session closure. To ensure full auditability, accountability, and compliance with public administration standards (such as logging requirements and human oversight frameworks), a history of prompt queries and responses is securely archived within the system. Access to this historic log data is strictly restricted to authorized Genair8 System Administrators via multi-factor authentication and is heavily audited. This data can be retrieved exclusively upon official request by the respective Data Controller (the municipality) to facilitate audit trails or data subject access requests. Prompt data is strictly isolated and is never utilized for LLM model training or shared across distinct client organizations.
  • No Automated Decision-Making or Profiling: Mai Life is explicitly a human-in-the-loop decision-support tool. It does not conduct automated profiling or predictive profiling under GDPR Article 22. The tool processes data provided by authorized caseworkers from existing systems (e.g., DUBU or SBSYS) where case segregation has already occurred.
  •  

3.1. Infrastructure and Authorized Under-processors

To ensure technical resilience, high availability, and compliance with institutional requirements, Genair8 coordinates with the following trusted Danish partners:

  • The Alexandra Institute (Alexandra Instituttet A/S): Our core AI research and development partner. They supply algorithmic expertise, model modeling, and technical optimization for the Mai Life LLM framework. All development, prompt tuning, and adjustments are conducted in a secure environment.
  • Scannet (Team.blue Denmark A/S): Our primary infrastructure and cloud hosting provider. Scannet operates top-tier, highly secure datacenters physically located within Denmark. They supply the managed server environments, firewalls, and network routing for the platform’s daily operations, fully managed under Danish data privacy legislation.
  •  

3.2. Categories of Processed Data

As a decision-support platform for specialized social and educational sectors, Mai Life processes text-based case management data compiled by the Data Controller. This data includes:

  • Standard Personal Data: Client names, addresses, family structures, and educational/school relationships.
  • Special Categories (Sensitive Data): Health-related information, diagnoses, psychological or pedagogical evaluations, and social vulnerabilities, as relevant to the specific municipal case.
  • Administrative Data: Identification and system logs concerning the municipal caseworkers utilizing the platform.
  • Note on National Identifiers: While national identification numbers (CPR-numbers) may be present within processed documents, the Mai Life system is designed to bypass or pseudonymize these identifiers, as they are not required for algorithmic analysis
  •  

4. Specific Section: Browser Extensions & Plugins

Our browser extensions serve as a specialized, secure bridge to facilitate automated workflow data transfer between the verified Mai Life platform and external case management subdomains (such as *.dubu.dk).

  • Operational Framework: The extension operates inline with the ephemeral data rules of the main platform. It does not track, collect, or store any credentials, personal identifiers, or general web browsing habits.
  • Justification of Extension Permissions:
    • activeTab: This permission is requested exclusively to allow the extension context to interact with the current browser view when a user explicitly initiates a document download or transfer action.
    • Host Permissions (https://*.dubu.dk/* and https://*[.genair8.com/](https://.genair8.com/)*): These permissions are strictly required to allow secure, encrypted Cross-Origin Resource Sharing (CORS) network requests to exchange verified data segments between the authorized platforms.
  •  

5. Data Breach Response and Mitigation

Genair8 maintains an active, ledger-documented incident response plan in compliance with GDPR Articles 33 and 34.

  • All suspected security incidents are reported directly to our centralized security dispatch at asger@Genair8.com.
  • In the event of a confirmed data breach impacting personal data processed on behalf of a client, Genair8 will document the scope and technical implications inside our internal Incident Log and notify the affected Data Controller (the municipality) without undue delay, allowing them to meet their regulatory obligations toward the Danish Data Protection Agency (Datatilsynet).
  •  

6. Rights of Data Subjects

Since Genair8 primarily acts as a Data Processor for local government bodies, individuals seeking to exercise their rights under GDPR (such as the right to access, rectification, or erasure) regarding case data handled within Mai Life should contact their respective municipal Data Controller directly. Genair8 will fully assist the Data Controller in fulfilling these requests but will not respond directly to data subjects without explicit authorization.

For data directly controlled by Genair8 regarding platform users, requests can be sent directly to asger@Genair8.com. Data subjects retain the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) via “https://www.datatilsynet.dk/”