Privacy Policy

Overview

Webpeak Technologies Limited ("Webpeak", "we", "us", or "our") operates the GEIST Platform, which includes LifeGeist, TalentGeist, DermGeist, DocGeist, and other applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Key Privacy Principles

✓User data privacy is paramount
✓Strong encryption for data at rest and in transit
✓We never sell your data
✓Minimal data collection (only what's needed)
✓GDPR, CCPA, and HIPAA compliant (where applicable)

Data We Collect

Account Data

Email address (required for authentication)
Password (hashed with bcrypt, never stored in plain text)
Display name and avatar (optional)
Account creation and last login timestamps

Application Data

Depending on which GEIST applications you use:

LifeGeist: Goals, tasks, calendar events, contacts, notes
TalentGeist: Employee profiles, performance reviews, goals, feedback
DermGeist: Educational content and user preferences (no patient data)
DocGeist: Documents, version history, sharing permissions

Usage Data

Feature usage statistics (anonymized)
Error logs and crash reports (no personally identifiable information)
Performance metrics (anonymized)

How We Use Your Data

We DO

✓ Provide application features
✓ Generate AI-powered insights
✓ Enable semantic search
✓ Send notifications (if enabled)
✓ Improve products (anonymized analytics)

We DON'T

✗ Sell your data to third parties
✗ Share data without consent
✗ Use data for advertising
✗ Train public AI on your data
✗ Share data across apps without permission

AI and Third-Party Services

Google Gemini API / Vertex AI

We use Google's AI services for embeddings and language model inference. Important privacy notes:

Paid Tier: Data is NOT used to train Google's models
Zero human review of your content
Data not stored after processing
All data encrypted in transit (TLS 1.3)

Infrastructure Providers

Hetzner: EU-based hosting with GDPR compliance and DPA in place
Backblaze B2: Encrypted backup storage
Sentry: Error monitoring (no personal data)

Data Storage and Security

Encryption

At Rest: AES-256 encryption for all databases and file storage
In Transit: TLS 1.3 for all API communication
Backups: Encrypted daily backups with 90-day retention

Data Location

Your data is stored in EU data centers (Hetzner Germany) unless otherwise specified. Data processing occurs within the EU except for AI inference via Google Cloud.

Data Retention

Account Data: Retained until account deletion, then deleted within 30 days
Application Data: Retained until user deletes or account is deleted
Backup Retention: 90 days for disaster recovery
Audit Logs: 2 years (standard), 7 years (healthcare compliance)

Your Rights

Under GDPR, CCPA, and other privacy regulations, you have the right to:

Access

View and export all your data in JSON format

Deletion

Delete your account and all associated data

Rectification

Update or correct your personal information

Portability

Receive your data in a machine-readable format

Restrict Processing

Opt out of AI features and analytics

Object

Object to specific data processing activities

To exercise your rights, contact us at [email protected] or use the self-service options in your account settings.

Compliance

GDPR: Full compliance for EU users, including DPO appointment
CCPA: Full compliance for California residents
HIPAA: Compliance for healthcare features (DermGeist) where applicable
COPPA: We do not knowingly collect data from children under 13

Contact Us

Legal Address

5 Clarinda Park North
Dun Laoghaire, Dublin
Ireland, A96 W6N1

Changes to This Policy

We may update this policy to reflect changes in our practices or for legal compliance. When we make changes:

Users will be notified via email
Notice posted in application (banner)
30-day notice period before changes take effect
Version history maintained at the top of this document