Lenzo AI Data Usage Policy

Genio Group, Inc.
Effective Date: January 1, 2024
Last Updated: December 20, 2025

‍

1. PURPOSE AND SCOPE

This AI Data Usage Policy ("Policy") governs the collection, processing, storage, and utilization of data by artificial intelligence and machine learning systems operated by Genio Group, Inc. ("Company," "we," "us," "our") in connection with the Export/Import Compliance Platform ("Service").

Policy Objectives

Define data handling practices for AI-driven export/import compliance screening and monitoring operations.

Establish processing standards for machine learning systems used in sanctions screening, product classification, and regulatory monitoring.

Application

This Policy applies to all users, customers, and entities accessing or utilizing the Lenzo Service. By accessing, registering for, or using the Service in any manner, users unconditionally acknowledge, accept, and agree to be bound by all practices, terms, conditions, limitations, and disclaimers described herein. Use of the Service constitutes irrevocable acceptance of this Policy in its entirety.

AI Systems Deployed

Machine learning models for sanctions list screening and entity matching.

Pattern recognition algorithms for restricted party identification.

Natural language processing for product classification and export control analysis.

Predictive analytics for regulatory change monitoring and compliance risk assessment.

Automated classification engines for export control jurisdiction determination.

2. DATA COLLECTION AND SOURCES

Authorized Data Access

Partner, supplier, customer, and third-party entity data submitted by users for compliance screening.

Product and commodity information provided for export classification analysis.

Transaction and shipment data uploaded for compliance verification.

Integration data from connected ERP, CRM, and trade management systems.

User account information, authentication credentials, and usage metadata.

Collection Scope

Company collects any and all data necessary or useful for Service functionality, improvement, development, research, and any other purpose Company deems appropriate at its sole and absolute discretion. Collection methods, scope, and purposes may be modified at any time without notice. Users acknowledge that comprehensive data collection is essential for AI system performance and agree to such collection without limitation.

3. AI PROCESSING AND USAGE

Sanctions Screening

Machine learning models process entity data against global sanctions, denied party, and restricted entity lists.

Fuzzy matching algorithms identify potential matches across multiple jurisdictions and list sources.

Confidence scoring assigned to screening results; all scores are estimates only and carry no guarantee of accuracy.

Product Classification

AI-assisted classification of products under applicable export control regimes including EAR, ITAR, EU Dual-Use, and other jurisdictional frameworks.

Classification suggestions are informational only and do not constitute legal advice, official determinations, or authoritative classifications.

Machine Learning Enhancement

Models improved through aggregate and individual data pattern analysis without restriction.

Continuous optimization through all available feedback and data integration.

Training data derived from user inputs, corrections, and interactions becomes Company property without compensation or attribution.

Service Discretion

Company maintains sole, absolute, and unreviewable discretion in determining all AI processing methods, algorithms, data sources, screening parameters, classification logic, and any other aspect of Service operation. Processing methodologies may be modified, suspended, or terminated at any time without notice, explanation, or liability. Human review may or may not be implemented at Company's sole discretion based on operational requirements Company alone determines.

4. DATA SECURITY

Security Measures

Industry-standard encryption protocols for data transmission and storage.

Access controls and authentication mechanisms.

Infrastructure security measures aligned with recognized industry frameworks.

Security Standard and Disclaimer

Company implements commercially reasonable security measures as Company alone determines appropriate. NO SECURITY SYSTEM IS IMPENETRABLE. COMPANY MAKES NO WARRANTY, GUARANTEE, REPRESENTATION, OR ASSURANCE OF ANY KIND REGARDING SECURITY, DATA PROTECTION, OR PREVENTION OF UNAUTHORIZED ACCESS, BREACH, OR LOSS. Users assume all risk of data breach, unauthorized access, data loss, corruption, or any other security incident. Company shall have no liability whatsoever for any security incident regardless of cause, including Company negligence.

Third-Party Infrastructure

Services utilize third-party infrastructure providers. Company makes no representation regarding third-party security practices and assumes no responsibility for third-party actions, omissions, breaches, or failures.

5. DATA RETENTION AND DELETION

Retention Period

Customer data retained during active subscription and for unlimited period thereafter as Company determines necessary or useful for any business operations, legal compliance, dispute resolution, service improvement, research, development, training, or any other purpose at Company's sole discretion.

Deletion Requests

Deletion requests processed subject to legal, regulatory, operational, technical, and business requirements as Company alone determines. Company reserves absolute right to retain any data indefinitely for any purpose including fraud prevention, legal compliance, backup integrity, service optimization, AI training, research, and any other purpose. Deletion requests may be denied or only partially fulfilled at Company's sole discretion without explanation.

Retention Exceptions

Data may be retained indefinitely where: required or potentially required by any law or regulation; potentially relevant to any litigation, investigation, or dispute; useful for fraud prevention; needed for exercising or defending any legal rights; incorporated into AI training datasets or derived models; or deemed necessary by Company for any reason.

6. CUSTOMER RIGHTS

Access Requests

Customers may request information about data processing subject to verification of identity and legitimate request parameters as Company determines. Requests processed within timeframes Company deems reasonable considering operational constraints. Company may charge reasonable fees for access requests and may deny requests deemed excessive, repetitive, or burdensome.

Deletion Considerations

Deletion requests evaluated based on technical feasibility, legal obligations, and operational necessity as determined solely by Company. Partial or no deletion may occur where full deletion would impair Service functionality, violate legal requirements, affect Company interests, or for any other reason Company determines.

Service Modification

Customers may adjust certain AI processing features subject to Service functionality requirements and Company approval. Disabling or modifying AI features may limit, impair, or eliminate Service capabilities. Company bears absolutely no responsibility for reduced functionality, compliance failures, regulatory violations, penalties, fines, or any other consequences resulting from customer-initiated limitations or modifications.

7. THIRD-PARTY DATA SHARING

Service Providers

Company utilizes third-party service providers including sanctions list providers, regulatory data aggregators, cloud infrastructure providers, analytics services, and other vendors as Company determines necessary or useful. Third-party integrations may change at any time without notice.

Disclosure Authorization

By using Service, customers irrevocably authorize data sharing with any integrated third-party providers, affiliates, partners, or other entities as Company determines necessary or appropriate for Service operations, business purposes, or any other reason.

Business Transfers

Customer data may be transferred, sold, licensed, or otherwise disposed of in connection with merger, acquisition, bankruptcy, reorganization, financing, sale of Company assets, or any other business transaction without customer consent or notice.

Legal and Discretionary Compliance

Company may disclose data when required by law, legal process, governmental request, or when Company determines disclosure appropriate to protect Company rights, property, safety, or interests, or those of any third party, or for any other reason Company deems appropriate.

8. COMPLIANCE

Regulatory Alignment

Company operates in alignment with applicable data protection regulations including GDPR and CCPA where jurisdictionally relevant as Company interprets such requirements. Company makes no representation that Service complies with any specific law, regulation, or requirement. Users are solely responsible for determining Service suitability for their compliance obligations.

Export Compliance Disclaimer

THE SERVICE PROVIDES INFORMATIONAL TOOLS ONLY AND DOES NOT CONSTITUTE LEGAL ADVICE, OFFICIAL COMPLIANCE DETERMINATIONS, OR AUTHORITATIVE REGULATORY GUIDANCE. Company makes no representation that screening results, classifications, or alerts are accurate, complete, current, or compliant with any export control regime, sanctions program, or regulatory requirement. Users bear sole and exclusive responsibility for all export compliance decisions, filings, and determinations.

Jurisdictional Variation

Compliance obligations vary by jurisdiction. Company implements measures Company deems appropriate without guarantee of compliance with any specific jurisdiction's requirements.

9. TRANSPARENCY AND EXPLAINABILITY

Screening Methodology

AI analyzes entity information, transaction data, and historical patterns to generate screening results. Confidence scores may be assigned to results but are estimates only with no guaranteed correlation to accuracy or compliance status.

Classification Methodology

AI analyzes product descriptions, technical specifications, and regulatory frameworks to suggest export classifications. All classifications are suggestions only and may be incomplete, incorrect, or outdated.

Performance Standards

AI accuracy varies based on data quality, use case complexity, regulatory changes, and numerous other factors. Company makes no guarantee of any accuracy rate, detection rate, false positive rate, or any other performance metric. Published accuracy statistics are estimates only and do not constitute performance guarantees.

User Feedback

Correction tools available within Service interface. Feedback incorporated into model training at Company's discretion without compensation. COMPANY BEARS NO LIABILITY FOR SCREENING ERRORS, CLASSIFICATION ERRORS, MISSED MATCHES, FALSE POSITIVES, FALSE NEGATIVES, ALERT FAILURES, OR USER RELIANCE ON AI-GENERATED RESULTS.

10. LIMITATIONS, DISCLAIMERS, AND ASSUMPTION OF RISK

Service Provision Basis

SERVICE PROVIDED "AS IS," "AS AVAILABLE," AND "WITH ALL FAULTS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, COMPLETENESS, TIMELINESS, OR COMPLIANCE WITH ANY LAW OR REGULATION.

No Compliance Guarantee

COMPANY MAKES NO GUARANTEE THAT SERVICE WILL ENSURE COMPLIANCE WITH ANY EXPORT CONTROL LAW, SANCTIONS PROGRAM, EMBARGO, OR REGULATORY REQUIREMENT. Company makes no guarantee regarding AI accuracy, completeness of sanctions list coverage, timeliness of regulatory updates, detection of restricted parties, accuracy of product classifications, or reliability of any Service output.

User Responsibility and Assumption of Risk

USERS ASSUME ALL RISK ASSOCIATED WITH SERVICE USE. Users remain solely and exclusively responsible for: verifying all AI-generated screening results, classifications, and alerts; ensuring compliance with all applicable export control laws, sanctions programs, and regulatory requirements; making all compliance decisions and determinations; maintaining independent compliance programs; consulting qualified legal counsel regarding compliance obligations. USERS BEAR FULL AND EXCLUSIVE RESPONSIBILITY FOR ALL BUSINESS DECISIONS, COMPLIANCE DETERMINATIONS, REGULATORY FILINGS, AND ANY CONSEQUENCES THEREOF.

Regulatory Penalties

COMPANY SHALL HAVE NO LIABILITY FOR ANY FINES, PENALTIES, SANCTIONS, ENFORCEMENT ACTIONS, LICENSE DENIALS, DEBARMENTS, CRIMINAL PROSECUTIONS, OR OTHER REGULATORY CONSEQUENCES ARISING FROM USER'S EXPORT ACTIVITIES, COMPLIANCE DECISIONS, OR SERVICE USE, REGARDLESS OF WHETHER USER RELIED ON SERVICE OUTPUTS.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY'S TOTAL LIABILITY FOR ANY AND ALL CLAIMS ARISING FROM OR RELATED TO THIS POLICY, SERVICE USE, OR DATA PROCESSING SHALL NOT EXCEED THE LESSER OF: (A) AMOUNTS PAID BY CUSTOMER FOR SERVICE IN THE THREE (3) MONTHS PRECEDING THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS (USD $100.00). COMPANY SHALL NOT BE LIABLE UNDER ANY CIRCUMSTANCES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOST REVENUE, LOST DATA, BUSINESS INTERRUPTION, REGULATORY PENALTIES, FINES, REPUTATIONAL HARM, OR LOSS OF BUSINESS OPPORTUNITY, REGARDLESS OF WHETHER COMPANY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Indemnification

Users agree to defend, indemnify, and hold Company, its affiliates, officers, directors, employees, agents, licensors, and service providers harmless from and against any and all claims, liabilities, damages, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising from or relating to: (a) user's Service use or misuse; (b) data provided by user; (c) violation of this Policy or any applicable law; (d) export compliance decisions or activities; (e) reliance on Service outputs; (f) regulatory investigations, enforcement actions, or penalties; (g) any third-party claims related to user's activities; or (h) any breach of user's representations or warranties.

11. POLICY UPDATES

Modification Rights

Company reserves absolute right to modify, amend, replace, or terminate this Policy at any time without prior notice, reason, or explanation. Updates effective immediately upon posting to lenzo.ai or upon such other date Company specifies. Continued Service use after any modification constitutes irrevocable acceptance of modified Policy. Users are solely responsible for regularly reviewing Policy for changes.

Notification Discretion

Company may provide notice of changes via email, Service interface, or website posting but bears no obligation to provide any notice. Failure to receive or read notice does not excuse compliance with modified Policy.

12. GOVERNING LAW, JURISDICTION, AND DISPUTE RESOLUTION

Governing Law

This Policy governed exclusively by laws of State of California, United States, without regard to conflict of law provisions or principles.

Exclusive Jurisdiction

All disputes, claims, or controversies arising from or relating to this Policy, Service use, data processing, or any related matter shall be resolved exclusively in state or federal courts located in Santa Clara County, California. Users irrevocably consent to personal jurisdiction and venue in such courts and waive any objection to jurisdiction, venue, or forum non conveniens.

Mandatory Arbitration

NOTWITHSTANDING THE FOREGOING, COMPANY MAY ELECT IN ITS SOLE DISCRETION TO REQUIRE BINDING ARBITRATION FOR ANY DISPUTE. Arbitration conducted in Santa Clara County, California under American Arbitration Association Commercial Arbitration Rules. Arbitration shall be confidential. Arbitrator's decision final and binding. Judgment on award may be entered in any court of competent jurisdiction. Each party bears own costs; prevailing party entitled to reasonable attorneys' fees.

Class Action Waiver

USERS WAIVE ANY RIGHT TO PARTICIPATE IN CLASS ACTIONS, CLASS ARBITRATIONS, OR REPRESENTATIVE ACTIONS. All claims must be brought in individual capacity only. This waiver applies to the maximum extent permitted by law.

Limitation Period

Any claim arising from or related to this Policy or Service must be filed within one (1) year of the date the claim arose or be permanently barred.

13. FORCE MAJEURE

Company shall not be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to: acts of God, natural disasters, war, terrorism, riots, embargoes, acts of governmental authorities, regulatory changes, sanctions designations, power failures, telecommunications failures, internet disruptions, third-party service provider failures, cyberattacks, pandemics, or any other cause beyond Company's reasonable control.

14. SEVERABILITY AND WAIVER

Severability

If any provision of this Policy is held invalid, illegal, or unenforceable, such provision shall be modified to minimum extent necessary to make it valid and enforceable, or if modification is not possible, severed from this Policy. Remaining provisions shall continue in full force and effect.

No Waiver

Company's failure to enforce any provision of this Policy shall not constitute waiver of such provision or any other provision. No waiver effective unless in writing and signed by Company.

15. ENTIRE AGREEMENT

This Policy, together with the Terms of Service and Privacy Policy, constitutes the entire agreement between users and Company regarding Service data processing and supersedes all prior agreements, representations, and understandings.

16. CONTACT INFORMATION

Email: support@lenzo.ai

Website: lenzo.ai

Genio Group, Inc.

Operator of Export/Import Compliance Platform

‍